The Open Preservation Foundation is releasing an update to veraPDF 1.24. This is a patched release to address a potential vulnerability when running custom schematron profiles.  veraPDF is an open-source, industry-supported PDF/A and PDF/UA validator and part of the OPF reference toolset.

This release comprises a single fix:

• Set secure parameter for XSLT transformation

To learn more about the new fixes and features, read the release notes. To read more about the vulnerability read the advisory CVE-2024-28109.

Download

veraPDF 1.24.2

Please report any bugs on the veraPDF issue tracker on GitHub or contact us with any feedback or questions.

Thanks

Our thanks go to all contributors, particularly the Dual Lab development team, for their work on this release.

About veraPDF

veraPDF is an open-source PDF validator covering all parts of the PDF/A and PDF/UA (Matterhorn Protocol Machine failure conditions) standards. Originally funded by the PREFORMA project, veraPDF has been sustained and maintained by the Open Preservation Foundation since 2017. Dual Lab provides active user support and carries out maintenance and bug fixes. The PDF Association’s PDF/A Technical Working Group continues in its role, resolving ambiguities arising from veraPDF’s usage in the field.

Support veraPDF

veraPDF is free to download, use and modify to meet your needs. However, there are ongoing costs to host and maintain it. If you use veraPDF, please consider supporting its development by becoming an OPF member or making a donation.

Subscribe to the veraPDF user mailing list.