We’re excited to introduce Previewer 4.0, which is full of improvements that make the software faster, smoother, and safer for our customers.
First up, we’ve updated the PDF.js library – used to create the inline PDF viewer for the plugin. This closes a security vulnerability in PDF.js that could allow arbitrary Javascript to be executed in the browser if a malicious PDF was ever loaded into the PDF Previewer field. Natively, PDF documents loaded into the viewer are dynamically generated by the Gravity PDF plugin, which reduced the likelihood that an attacker could take advantage of this vulnerability directly from the PDF Previewer field. With this update, that attack vector has been closed entirely.
Continuing on the security-related changes, the minimum requirements for Previewer has been increased to Gravity PDF 6.0+. The end of life for Gravity PDF v5 was in April 2023, while v4 ended in October 2019. We encourage all users to keep their Themes, Plugins, and WordPress itself up to date so that you receive timely security and bug fixes.
Displaying and refreshing the PDF Previewer field is faster and snappier than ever. This is thanks to a number of performance improvements designed to reduce the CPU and memory footprint when rendering PDFs. Many of these enhancements can be attributed directly to the PDF.js library update. However, we’ve tweaked how the viewer gets initialized, and how the PDF auto-refresh feature is managed as users complete the form.
Support for Image Hopper has been greatly improved, with a number of image rendering issues in the PDF Previewer found and fixed. Key improvements include displaying images in the correct order, showing the Post Image meta data, and fixing broken images when no images have actually been uploaded.
For a detailed list of all the changes included in this update, please refer to the full changelog below
How to Update the Previewer Add-on
If you’ve an active license key for Previewer, this update is available via WordPress One-Click Updates. Alternatively, you can also download the plugin from your GravityPDF.com account and install it manually from your WordPress admin area, via File Upload or FTP. If you have any questions or need assistance, please reach out to our friendly support team.
We want to thank all the users for reporting these issues. It’s your direct feedback that makes Gravity PDF grow bigger and better.
Changelog
Housekeping
- Gravity PDF 6.0 or higher is now required for this extension
- Improve PDF viewer performance
- Upgrade PDF.js to v4.3.136
- Add
gfpdf_previewer_auto_refresh_delayJS filter to alter the PDF auto-refresh interval - Use fieldset/legend HTML for Previewer field when form does not have legacy markup enabled
- Lazy-load previewer CSS styles
Bugs Fixed
- Only load localized script data once per request
- Fix PDF Preview display issues when active form fields are included in a template
- Show grabbing pointer icon when using the gab to pan feature
- Display Post Image and Image Hopper Post Image field image/metadata in PDF Preview
- Prevent broken image displaying in PDF Preview when Post Image and Image Hopper Post Image have no file uploaded
- Fix duplicate or deleted Image Hopper display issues in PDF Preview
- Fix PDF Preview display issue when using Gravity Wiz Page Transition perk + soft validation
Security
- Prevent arbitrary Javascript execution vulnerability if a malicious PDF was loaded into PDF.js
