v0.3.45 | legacy-crypto gate, FIPS RSA-PKCS#1 v1.5, CJK font subsetter fix, and render_page_fit precision.
Fixed
- CJK OTF (CFF) font subsetter corrupts glyph order
(#449) —
OTF fonts with CFF outlines (SFNT magicOTTO) were embedded as
FontFile2 / CIDFontType2(the TrueType path), causing PDF readers
to misparse the CFF data and render wrong glyphs. Writer now detects
CFF magic post-subsetting and emits the correct PDF object graph:
FontFile3(with/Subtype /CIDFontType0C) +CIDFontType0(no
CIDToGIDMap). AwsLcProvider::verify_rsa_pkcs1v15now fully implemented
(#475) —
ChangedSignatureVerifier::verify_rsa_pkcs1v15to accept the raw
message bytes (consistent withverify_rsa_pss/verify_ecdsa).
Under the defaultRustCryptoProviderthe hash is now computed
inside the trait implementation. UnderAwsLcProvider(FIPS) the
new call path uses aws-lc-rs'sRSA_PKCS1_2048_8192_SHA{256,384,512}
verifiers — RSA-PKCS#1 v1.5 signature verification now works under
FIPS instead of returningSignerVerify::Unknown.render_page_fitproduces images smaller than the requested box
(#480) —
Integer-DPI conversion viafloor()lost up to 3 pixels from the
constrained dimension (e.g. a 1040 px fit yielded 1037 px on Letter).
The renderer now computes a float scale directly (fit_px / page_pt)
and stores it in the crate-privateRenderOptions::scale_override
field, bypassing the DPI round-trip entirely. The constrained
dimension is now exact for all integer pixel inputs. Reported by
@gevorgter.
Added
legacy-cryptocompile-time feature flag (default-on)
(#230) —
New default-on Cargo feature that gates MD5 key-derivation and RC4
cipher support for PDF Standard Security R≤4 documents. Downstream
crates that must not load legacy cryptography can opt out with
default-features = false; they will receive a clear
Error::InvalidPdfinstead of silently accepting RC4/MD5-encrypted
PDFs. Themd-5crate is now an optional dependency gated behind
this feature. RC4 (pure Rust, no crate) is also disabled: both
RustCryptoProvider::rc4()andrc4_crypt_implare compiled out,
and the provider returnsAlgorithmNotPermittedat runtime when the
feature is absent. Phase A of Issue #230.
Changed
- Stub parity gate for Python wheels
(#464) —
rylai.tomlnow uses--features pythononly (matching the released
wheel) so generated.pyistubs no longer include symbols from
officeor other optional features. A new CI step
(Verify stub symbol parity) checks that every stub symbol exists in
the installed wheel. - TypeScript 6 + @types/node 25 upgrade for JS bindings
(#438,
#440) —
JS dev dependencies bumped to TypeScript^6.0.3and@types/node
^25.6.0.tsconfig.jsongains"types": ["node"](required by
@types/node 25's ambient-global model) and"ignoreDeprecations": "6.0"
(to acknowledge the TS6-deprecatedmoduleResolution: node— full
migration tonode16deferred until the import-path audit is done).
Installation
Rust (crates.io)
cargo add pdf_oxidePython (PyPI)
pip install pdf_oxideJavaScript/WASM (npm)
npm install pdf-oxide-wasmCLI (Homebrew)
brew install yfedoseev/tap/pdf-oxideCLI (Scoop — Windows)
scoop bucket add pdf-oxide https://github.com/yfedoseev/scoop-pdf-oxide
scoop install pdf-oxideCLI (Shell installer)
curl -fsSL https://raw.githubusercontent.com/yfedoseev/pdf_oxide/main/install.sh | shCLI (cargo-binstall)
cargo binstall pdf_oxide_cliMCP Server (for AI assistants)
cargo install pdf_oxide_mcpPre-built Binaries
Download archives for Linux, macOS, and Windows from the assets below. Each archive includes both pdf-oxide (CLI) and pdf-oxide-mcp (MCP server).
Platform Support
| Platform | Architecture | Archive |
|---|---|---|
| Linux | x86_64 (glibc) | pdf_oxide-linux-x86_64-*.tar.gz |
| Linux | x86_64 (musl) | pdf_oxide-linux-x86_64-musl-*.tar.gz |
| Linux | ARM64 | pdf_oxide-linux-aarch64-*.tar.gz |
| macOS | x86_64 (Intel) | pdf_oxide-macos-x86_64-*.tar.gz |
| macOS | ARM64 (Apple Silicon) | pdf_oxide-macos-aarch64-*.tar.gz |
| Windows | x86_64 | pdf_oxide-windows-x86_64-*.zip |
Changelog
See CHANGELOG.md for full details.
Contributors
gevorgter