We are pleased to announce the release of WebViewer Server 1.5.0. This release includes some new features, bug fixes and general improvements. You can learn more about these changes in the full changelog.
Upgrade to PDFTron 7.1
With our latest release of PDFTron, WebViewer Server has had its PPDFTron Core library updated. For the server, this means better document support and rendering. Read more about it in our latest changelog
WebViewer Server now supports
vsd, vsdx, eml, msg, xhtml and dwf on all platforms. Support for
rvt has been added but is currently available only in the Windows installer build.
We were recently audited for security in WebViewer Server and found that several vulneribilities existed in the older version of Tomcat used within the container and installer. As a result, Tomcat was upgraded to the latest stable version, 9.0.30. Previously, WebViewer Server was run on version 9.0.6.
New Server Options
With this version we have introduced several new options for WebViewer Server.
Two of the new options are security focused, TRN_ALLOW_ORIGINS and TRN_FORCE_URL_RECHECK. With these options you'll be able to more closely control who is contacting your server and what they're allowed to request.
In our GetPDF API we have added a new 'linearize' option. Setting this to true will linearize the document returned by GetPDF for easier viewing in your application.
Support for query parameter stickiness
With version 1.5.0 and WebViewer 6.2+ you will be able to maintain user stickiness across multiple servers without the need for cookies. This has been done by adding a query param to all outgoing requests that signify where requests are destined (when used in conjuction with our wv-loadbalancer image).
This fix was created to address Chrome's new changes to same-site cookies that would break the previous stickiness scheme on non https connections. It also allows for more flexibility when tackling client stickiness in your infrastructure.
Improvements to authentication and annotation handling
In our commitment to maintaining robust operation, even when handling malformed documents or unusual operations, we've added added fixes and improvements to annotation merging on WebViewer Server. These changes will ensure that documents and annotations maintain consistency in all cases.
We've also improved our authentication logic to make it more consistent in the presence of multiple WebViewer instances across multiple tabs or browsers. Previously, our authentication could deny access to a document more often than it should have under these conditions. This has now been corrected, and strict authentication via
TRN_ENABLE_SESSION_AUTH should now behave correctly in all cases.