Upgrade note: See v2023.16.0 for detailed instructions.
Overview
ARender 2023.16.0 is a minor release that includes important security patches, stability improvements, and Spring Boot upgrades. It also introduces improvements in image handling for email-to-PDF rendering.
⚠️ We strongly recommend upgrading to this version, as it resolves several critical issues that have impacted production environments — including blocked connections, broken PDF/A saves, and a cross-site scripting (XSS) vulnerability.
Prerequisites
| Component | Supported versions |
|---|---|
| OpenJDK | 8 or 11 |
Security
Secure Endpoint
A vulnerability was found in an endpoint. This has now been fully fixed.
Related request: TMAPR-6536
Spring Boot Upgrade
An upgrade was made to version 2.7.32 of Spring Boot libraries to maintain long-term security and stability.
User Perspective
Better Email-to-PDF Rendering with Heavy Images
Large embedded images (e.g., pasted photos) in emails are now optionnaly resized and compressed to prevent rendering
errors and memory crashes.
Related request: TMAPR-6507
Support for DirectOffice Patch to Prevent Collapsed PDFs
A Windows/Linux patch has been integrated to avoid errors when rendering some DOCX files via DirectOffice.
Related request: TMAPR-6525
Improved PDF/A Save After Merge/Cut
Fixes a bug when saving a PDF/A document after using merge or cut actions.
Related requests:
TMAPR-6570
TMAPR-6454
Improved Web-UI Documentation
The default Hazelcast configuration file path is now clearly documented.
More information in the following link:
Configuration
Developer / Integrator Perspective
Security Code Modularization
Security logic has been refactored into a separate module to simplify reuse in other integrations.
Related request: TMAPR-6498
Use of Non-Deprecated WebClient Methods
Internal HTTP clients have been updated to avoid deprecated methods that could cause connection issues in some
environments.
Related requests:
TMAPR-6612
TMAPR-6587
Resilience in Cancelled Requests
Improved handling to avoid blocked connections when a user cancels a document stream mid-way.
Related request: TMAPR-6612
Exploitation Perspective
No operational-specific changes in this version.
Changelog
| Summary | Type | Internal ticket | Linked Issues |
|---|---|---|---|
| Secure PrintServlet endpoint | Issue | AR-17846 | TMAPR-6536 |
| Modularize security code into new module | Issue | AR-17933 | TMAPR-6498 |
| Compress large inline images in email PDF rendering | Issue | AR-17879 | TMAPR-6507 |
| Fix PDF/A save error after merge/cut | Regression | AR-17882 | TMAPR-6570, TMAPR-6454 |
| Avoid deprecated WebClient exchange() method | Issue | AR-17931 | TMAPR-6612, TMAPR-6587 |
| Document Hazelcast config location in UI docs | Issue | AR-17347 | TMAPR-6064 |
| Integrate DirectOffice patch to fix collapsed PDFs | Issue | AR-17932 | TMAPR-6525 |
| Improve connection cleanup for streaming methods | Issue | AR-17948 | TMAPR-6612 |
| Upgrade Spring to 2.7.32 | Evolution | AR-17961 | — |
Download
| Description | Binary | SHA-256 |
|---|---|---|
| ARender Rendition Server installer | Download | SHA-256 |
| ARender WEB-UI - Spring Boot Application - Standalone | Download | SHA-256 |
| ARender HMI - J2EE EAR Application - FileNet 5.x | Download | SHA-256 |
| ARender HMI - J2EE WAR Application - Content Manager 8.1 | Download | SHA-256 |
| ARender plugins : IBM Content Navigator plugin | Download | SHA-256 |
| ARender plugins : Alfresco Share plugin | Download | SHA-256 |
| ARender plugins : Alfresco ADF plugin base for integration in ADF | Download | SHA-256 |
| ARender API : Client API | Download | SHA-256 |
| ARender API : Rendition API | Download | SHA-256 |