Skip to content

v1.0.0

Choose a tag to compare

@jonaslejon jonaslejon released this 20 Apr 08:17

First tagged release. Captures the state of the project at the time the
CHANGELOG
was introduced.

Highlights

  • 67+ PDF generators covering phone-home callbacks, SSRF, XSS, XXE, NTLM
    credential theft, and data exfiltration techniques.
  • --obfuscate flag with levels 0–4, including base64 JS payload staging
    (level 4) inspired by the April 2026 Adobe Reader 0-day analysis.
  • Test cases from 2025–2026 CVEs targeting server-side processors
    (Apache Tika, LibreOffice, Foxit, Apryse).
  • CodeQL and Semgrep static-analysis workflows + Dependabot.
  • SECURITY.md with PGP-encrypted private vulnerability reporting.

See CHANGELOG.md
for the full list.