Since the release of iText 5.5.13 the iText 5 product line has transitioned to be in maintenance mode, meaning it only receives security related releases. While iText 5 is now EOL, we want to make sure that our users who have developed their solutions using iText 5 can safely continue using it.
For this particular release, the Bouncy Castle cryptography libraries have been updated to their latest versions (Java to 1.83, .NET to 2.6.2) to address security vulnerabilities:
- Java (BC Java 1.83): This version includes important security patches, such as the fix for CVE-2025-8916 (Allocation of Resources Without Limits or Throttling vulnerability)
- .NET (BC C# 2.6.2): This version incorporates security fixes from previous releases. To review the detailed security history and related CVE information for the .NET library, you can check its NuGet page: BouncyCastle.Cryptography