mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2026-02-01 20:10:35 +01:00

locally hosted web application that allows you to perform various operations on PDF files

docker java pdf pdf-converter pdf-manipulation pdf-merger pdf-ocr pdf-tools pdf-web-apps pdfmerger

Go to file

Ludy 3c8fb8ac96 build(ci): pin base container images, switch npm install to npm ci, and harden EML error handling (#5353 ) # Description of Changes This pull request introduces several improvements focused on security and reliability in both the Docker build process and the backend API. The most significant changes are the use of digest-pinned Docker base images to ensure reproducible builds, safer handling of user-provided filenames in error messages, and a switch to more reliable dependency installation in CI workflows. Docker image security and reproducibility: * All Dockerfiles now use digest-pinned base images (e.g., `node:20-alpine@sha256:...`, `gradle:8.14-jdk21@sha256:...`, `alpine:3.22.1@sha256:...`, `nginx:alpine@sha256:...`) to guarantee build consistency and protect against upstream image changes. [[1]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L5-R5) [[2]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L18-R18) [[3]](diffhunk://#diff-f8faae0938488156cf26e9322ffdf755deaa8770a7ac8c524dd6126c19548888L38-R38) [[4]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L5-R5) [[5]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L18-R18) [[6]](diffhunk://#diff-2f5cd3ad965c86a7a5b4af6e0513ad294e0426644d9f5b5358dfb16a2ef995a7L37-R37) [[7]](diffhunk://#diff-e9edf3a05475d0721a0e65be1ba0eeb162ae972891b0f6d7e1285687efab1de0L9-R9) [[8]](diffhunk://#diff-fa0700cfd7d90d832649eb1d0503904564bb3b28c48972be7d9f17e4ce32a3dcL9-R9) [[9]](diffhunk://#diff-2e766aaf0c87e7b8a62d2a2986f6999c38cc35f677479e31b77d1b427c7aeef7L5-R5) [[10]](diffhunk://#diff-1726db0cbef194c9be3cba9825c0794802b154e15e4c892c1544d0aace03e037L5-R5) [[11]](diffhunk://#diff-c1b6dd504a16fc68cd064baf9cf07d9dd31da56eb55de69601844ab03a5ae319L5-R5) [[12]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L5-R5) [[13]](diffhunk://#diff-2fc7fcfcfdbb617dd8fbb6b1a2ea5709f9018d618d13942cb33d3e0ed127df16L39-R39) [[14]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL2-R2) [[15]](diffhunk://#diff-759e94102d21fe6f9bde8ddb0b4f95b5d5cd214b0355ea0419d3ea6c09e8ffbfL19-R19) Backend API security: * In `ConvertEmlToPDF.java`, error messages now escape user-provided filenames using `HtmlUtils.htmlEscape`, preventing potential XSS vulnerabilities when displaying error messages that include filenames. [[1]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR13) [[2]](diffhunk://#diff-45d22a96bae3e8a746b7fb2c39e25c80aee0bf733b528a3517db8fdd2a3d25cdR156-R170) CI/CD reliability: * All GitHub Actions workflows (`multiOSReleases.yml`, `releaseArtifacts.yml`, `tauri-build.yml`) now use `npm ci` instead of `npm install` for frontend dependency installation, ensuring clean, reproducible installs that match the lockfile. [[1]](diffhunk://#diff-895b214ee023c8c26048a2a3b946cfb1ebc4f26fbc8a9c2fa54b77c12e763b6bL271-R271) [[2]](diffhunk://#diff-699ff98fe113446c403eb07daf16dd1966c2a047ab0b9f7e38fd695d079f7dddL177-R177) [[3]](diffhunk://#diff-b34ab107dd4bc92075b2e89b6f16e4a2813e267ca7c2afebdb1931a0a3900d5aL177-R177) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details.		2026-01-13 13:59:59 +00:00
.devcontainer
.github	build(ci): pin base container images, switch npm install to npm ci, and harden EML error handling (#5353 )	2026-01-13 13:59:59 +00:00
.vscode
app	build(ci): pin base container images, switch npm install to npm ci, and harden EML error handling (#5353 )	2026-01-13 13:59:59 +00:00
devGuide	V1 merge (#5193 )	2025-12-21 10:40:32 +00:00
devTools	build(deps-dev): bump stylelint from 16.26.0 to 16.26.1 in /devTools (#5314 )	2025-12-29 15:53:41 +00:00
docker	build(ci): pin base container images, switch npm install to npm ci, and harden EML error handling (#5353 )	2026-01-13 13:59:59 +00:00
docs	V1 merge (#5193 )	2025-12-21 10:40:32 +00:00
frontend	hide login if login type disabled (#5438 )	2026-01-12 19:38:02 +00:00
gradle/wrapper
images	Revert "[ImgBot] Optimize images" (#5293 )	2025-12-22 22:10:23 +00:00
scripts	OCR fix and Mobile QR changes (#5433 )	2026-01-12 11:18:37 +00:00
testing	minor changes (#5419 )	2026-01-09 12:28:15 +00:00
.dockerignore	java frontend (#5097 )	2025-12-02 17:15:29 +00:00
.editorconfig
.git-blame-ignore-revs
.gitattributes
.gitignore	photo scan V2 (#5255 )	2025-12-30 18:55:56 +00:00
.pre-commit-config.yaml	deps(ci): update Dependabot, pre-commit tooling, and testing dependencies (#5170 )	2025-12-27 23:56:57 +00:00
ADDING_TOOLS.md	Toml (#5115 )	2025-12-03 09:57:00 +00:00
build.gradle	feat(build): enhance JaCoCo reporting with coverage summary and enforce thresholds (#5352 )	2026-01-12 22:17:01 +00:00
CLAUDE.md	Feature/viewer annotation toggle (#4557 )	2025-10-02 10:40:18 +01:00
CONTRIBUTING.md
DATABASE.md
DeveloperGuide.md	V2 Tauri integration (#3854 )	2025-11-05 11:44:59 +00:00
gradle.properties
gradlew
gradlew.bat
HowToUseOCR.md
launch4jConfig.xml
LICENSE	Update LICENSE with proprietary directory details	2025-11-27 11:11:53 +00:00
README.md	Update wording for third-party services reference	2025-12-02 19:14:03 +00:00
SECURITY.md
settings.gradle
test_globalsign.pdf	V2 Validate PDF Signature tool (#4679 )	2025-10-16 13:45:59 +01:00
test_irs_signed.pdf	V2 Validate PDF Signature tool (#4679 )	2025-10-16 13:45:59 +01:00
WINDOWS_SIGNING.md	Add initial Windows signing infrastructure (#4945 )	2025-11-20 12:21:42 +00:00

README.md

Stirling PDF logo

Stirling PDF - The Open-Source PDF Platform

Stirling PDF is a powerful, open-source PDF editing platform. Run it as a personal desktop app, in the browser, or deploy it on your own servers with a private API. Edit, sign, redact, convert, and automate PDFs without sending documents to external services.

Key Capabilities

Everywhere you work - Desktop client, browser UI, and self-hosted server with a private API.
50+ PDF tools - Edit, merge, split, sign, redact, convert, OCR, compress, and more.
Automation & workflows - No-code pipelines direct in UI with APIs to process millions of PDFs.
Enterprise‑grade - SSO, auditing, and flexible on‑prem deployments.
Developer platform - REST APIs available for nearly all tools to integrate into your existing systems.
Global UI - Interface available in 40+ languages.

For a full feature list, see the docs: https://docs.stirlingpdf.com

Quick Start

docker run -p 8080:8080 docker.stirlingpdf.com/stirlingtools/stirling-pdf

Then open: http://localhost:8080

For full installation options (including desktop and Kubernetes), see our Documentation Guide.

Resources

Support

Community Discord
Bug Reports: Github issues

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

For development setup, see the Developer Guide.

For adding translations, see the Translation Guide.

License

Stirling PDF is open-core. See LICENSE for details.

README.md Unescape Escape