Releases: py-pdf/pypdf
Releases · py-pdf/pypdf
Version 6.12.1, 2026-05-22
6.12.1
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Limit input size and element count for XMP metadata (#3796) by @stefan6419846
Robustness (ROB)
- Prevent cyclic parent hierarchies for inherited dictionaries (#3795) by @stefan6419846
- Deal with invalid first code in LZW decoder (#3794) by @stefan6419846
Contributors
stefan6419846
Assets 2
Version 6.12.0, 2026-05-21
6.12.0
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Disallow cross-reference streams with zero-only width values (#3791) by @stefan6419846
- Avoid excessive whitespace in layout mode text extraction (#3790) by @stefan6419846
New Features (ENH)
- Implement SASLprep (RFC 4013) for AES-256 password normalization (#3780) by @adityamoolya
- CID font resource from font file to encode more characters (#3652) by @PJBrs
Performance Improvements (PI)
Bug Fixes (BUG)
Robustness (ROB)
Documentation (DOC)
- Block encrypting writer in incremental mode (#3789) by @stefan6419846
Contributors
larsga, PJBrs, and 3 other contributors
Assets 2
Version 6.11.0, 2026-05-09
6.11.0
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
New Features (ENH)
Robustness (ROB)
- Allow to fix AES padding length in non-strict mode (#3742) by @stefan6419846
Developer Experience (DEV)
- Enable PyPy testing again (#3752) by @stefan6419846
- Align mypy Makefile target with strict mode (#3690) by @costajohnt
Contributors
PJBrs, costajohnt, and stefan6419846
Assets 2
Version 6.10.2, 2026-04-15
6.10.2
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Do not rely on possibly invalid /Size for incremental cloning (#3735) by @stefan6419846
- Introduce limits for FlateDecode parameters and image decoding (#3734) by @stefan6419846
Contributors
stefan6419846
Assets 2
Version 6.10.1, 2026-04-14
6.10.1
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Limit the allowed size of xref and object streams (#3733) by @stefan6419846
Robustness (ROB)
- Consider strict mode setting for decryption errors (#3731) by @stefan6419846
Documentation (DOC)
- Use new parameter names for compress_identical_objects by @stefan6419846
Contributors
stefan6419846
Assets 2
Version 6.10.0, 2026-04-10
6.10.0
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Disallow custom XML entity declarations for XMP metadata (#3724) by @stefan6419846
New Features (ENH)
Bug Fixes (BUG)
- Use remove_orphans in compress_identical_objects (#3310) by @j-t-1
- Fix PdfReadError when xref table contains comments before trailer (#3710) by @rassie
- Correctly verify AES padding during decryption (#3699) by @stefan6419846
- Fix stale object cache from non-authoritative object streams (#3698) by @astahlman
- Fix extract_links pairing when annotations include non-links (#3687) by @ReinerBRO
Documentation (DOC)
- Add AI policy (#3717) by @stefan6419846
Contributors
rassie, astahlman, and 4 other contributors
Assets 2
Version 6.9.2, 2026-03-23
6.9.2
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Avoid infinite loop in read_from_stream for broken files (#3693) by @stefan6419846
Robustness (ROB)
Contributors
stefan6419846 and Yuki9814
Assets 2
Version 6.9.1, 2026-03-17
6.9.1
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Improve performance and limit length of array-based content streams (#3686) by @stefan6419846
Contributors
stefan6419846
Assets 2
Version 6.9.0, 2026-03-15
6.9.0
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
New Features (ENH)
- Expose /Perms verification result on Encryption object (#3672) by @costajohnt
Performance Improvements (PI)
- Fix O(n²) performance in NameObject read/write (#3679) by @dmitry-kostin
- Batch-parse all objects in ObjStm on first access (#3677) by @dmitry-kostin
Bug Fixes (BUG)
- Avoid sharing array-based content streams between pages (#3681) by @stefan6419846
- Avoid accessing invalid page when inserting blank page under some conditions (#3529) by @j-t-1
Contributors
dmitry-kostin, costajohnt, and 2 other contributors
Assets 2
Version 6.8.0, 2026-03-09
6.8.0
This tag was signed with the committer’s verified signature.
stefan6419846
Stefan
What's new
Security (SEC)
- Limit allowed
/Lengthvalue of stream (#3675) by @stefan6419846
New Features (ENH)
- Add /IRT (in-reply-to) support for markup annotations (#3631) by @costajohnt
Documentation (DOC)
- Avoid using
PageObject.replace_contentson PdfReader (#3669) by @stefan6419846 - Document how to disable jbig2dec calls by @stefan6419846
Contributors
costajohnt and stefan6419846