@rdeltour rdeltour released this Nov 29, 2016 · 81 commits to master since this release

Assets 3

Total Downloads of EpubCheck 4.0.2

EpubCheck 4.0.2 is a maintenance release of the EPUB conformance checker.

Important security fix

This version includes a fix for a critical security vulnerability (CVE-2016-9487) which may, under some circumstances, enable a remote attacker to access arbitrary files on the system where EpubCheck is running.

All users should update to EpubCheck 4.0.2 as soon as possible.

Special thanks to Craig Arendt for having identified the vulnerability and disclosed it privately to EpubCheck's team πŸ‘ .


  • #673 – Enhanced XML report output:
    • #486 – @subMessage and @severity attributes on <message> element
    • #517 – Include list of all resources + media types
    • #670 – Fix illegal characters in XML output
  • #657 – New method Archive.createArchive(File) to specify file paths when using this in 3rd party tools

Bug fixes

  • Fix for critical vulnerability CVE-2016-9487
  • #689 – Fix for unclosed ImageInputStreams on image file validation
  • #678 – Clarify ACC-009 message: 'alt' -> 'alttext' attribute
  • #686 – Make BitmapChecker.ImageHeuristics a public object
  • #711 – Bugfix for false positive error messages due to locale settings

See the details in the list of issues closed since the last public release.