Releases · py-pdf/pypdf · GitHub

23 Mar 14:53

Version 6.9.2, 2026-03-23 Latest

Latest

What's new

Security (SEC)

Avoid infinite loop in read_from_stream for broken files (#3693) by @stefan6419846

Robustness (ROB)

Resolve UnboundLocalError for xobjs in _get_image (#3684) by @Yuki9814

Contributors

stefan6419846 and Yuki9814

Assets 2

17 Mar 10:45

Version 6.9.1, 2026-03-17

What's new

Security (SEC)

Improve performance and limit length of array-based content streams (#3686) by @stefan6419846

Contributors

stefan6419846

Assets 2

15 Mar 15:28

Version 6.9.0, 2026-03-15

What's new

New Features (ENH)

Expose /Perms verification result on Encryption object (#3672) by @costajohnt

Performance Improvements (PI)

Fix O(n²) performance in NameObject read/write (#3679) by @dmitry-kostin
Batch-parse all objects in ObjStm on first access (#3677) by @dmitry-kostin

Bug Fixes (BUG)

Avoid sharing array-based content streams between pages (#3681) by @stefan6419846
Avoid accessing invalid page when inserting blank page under some conditions (#3529) by @j-t-1

Contributors

dmitry-kostin, costajohnt, and 2 other contributors

Assets 2

09 Mar 13:37

Version 6.8.0, 2026-03-09

What's new

Security (SEC)

Limit allowed /Length value of stream (#3675) by @stefan6419846

New Features (ENH)

Add /IRT (in-reply-to) support for markup annotations (#3631) by @costajohnt

Documentation (DOC)

Avoid using PageObject.replace_contents on PdfReader (#3669) by @stefan6419846
Document how to disable jbig2dec calls by @stefan6419846

Contributors

costajohnt and stefan6419846

Assets 2

02 Mar 09:04

Version 6.7.5, 2026-03-02

What's new

Security (SEC)

Improve the performance of the ASCIIHexDecode filter (#3666) by @stefan6419846

Contributors

stefan6419846

Assets 2

27 Feb 10:44

Version 6.7.4, 2026-02-27

What's new

Security (SEC)

Allow limiting output length for RunLengthDecode filter (#3664) by @stefan6419846

Robustness (ROB)

Deal with invalid annotations in extract_links (#3659) by @stefan6419846

Contributors

stefan6419846

Assets 2

24 Feb 17:21

Version 6.7.3, 2026-02-24

What's new

Security (SEC)

Use zlib decompression limit when retrieving XFA data (#3658) by @stefan6419846

Contributors

stefan6419846

Assets 2

22 Feb 11:33

Version 6.7.2, 2026-02-22

What's new

Security (SEC)

Prevent infinite loop from circular xref /Prev references (#3655) by @rampageservices

Bug Fixes (BUG)

Fix wrong LUT size error (#3651) by @stefan6419846
Fix handling of page boxes defined on /Pages (#3650) by @stefan6419846

Contributors

rampageservices and stefan6419846

Assets 2

17 Feb 17:00

Version 6.7.1, 2026-02-17

What's new

Security (SEC)

Detect cyclic references when accessing TreeObject.children (#3645) by @stefan6419846
Limit size of /ToUnicode entries (#3646) by @stefan6419846
Limit FlateDecode recovery attempts (#3644) by @stefan6419846

Bug Fixes (BUG)

Avoid own object replacement logic in PageObject.replace_contents (#3638) by @stefan6419846
Fix UnboundLocalError when update_page_form_field_values with /Sig (#3634) by @John-Sharp

Robustness (ROB)

Avoid divison by zero when decoding FlateDecode PNG prediction (#3641) by @stefan6419846

Contributors

John-Sharp and stefan6419846

Assets 2

08 Feb 14:46

Version 6.7.0, 2026-02-08

What's new

Deprecations (DEP)

Deprecate support for abbreviations in decode_stream_data (#3617) by @stefan6419846

New Features (ENH)

Add ability to add font resources for 14 Adobe Core fonts in text widget annotations (#3624) by @PJBrs

Bug Fixes (BUG)

Avoid invalid load for ICCBased FlateDecode images in mode 1 (#3619) by @stefan6419846

Robustness (ROB)

Fix AESV2 decryption when /Length missing in encrypt dict (#3629) by @dmitry-kostin
Fix merging when annotations point to NullObject (#3613) by @stefan6419846
Check for self._info being None in compress_identical_objects (#3612) by @stefan6419846

Contributors

dmitry-kostin, PJBrs, and stefan6419846

Assets 2