Java 10 Support & Nested Reports Provision by LINQ Reporting Engine inside Java Apps

What's New in this Release?

Aspose development team is happy to announce the monthly release of Aspose.Words for Java 18.8. There are 86 improvements and fixes has included in this regular monthly release, such as Java 10 tested and supported now, New and updated Samples and Examples, Change SHA-1 to SHA-256 and public asymmetric key from 1024 to 2048 for the license mechanism, Implemented support for “underline trailing spaces” compatibility option, Implemented support for paragraph alignment in Omath when inserted using EQ fields, Enhanced computation of interscript spacing values based on TTF properties, Improved wrapping of text around floating objects, Improved calculation of position of floating tables and shapes, Improved floater overlapping logic, Improved computing of pages numbers in continuous sections which have restart attribute and conflicting oddity, Fixed line justification issue when RTL span is at the end of the line, Fixed issue with null dml properties, Fixed issue with rendering of floating shapes in truncated headers/footers, Fixed issue with rendering of lines inside of a field result when updated in truncated part of a cell, Improved rendering of math operators in MathML objects, Improved rendering of MathML objects with n-ary math element when n-ary character and limit location are not specified, Fixed a bug with rendering of a math n-ary element if it is part of a fraction, Fixed a bug when polyline with an arrow and a very small line segment at the end, Fixed a bug when an arrow pointer is incorrectly directed while rendering Bezier curves with arrows, Fixed a bug where the end of the line was outside the “stealth arrow” when rendering, LINQ Reporting Engine supports nested reports.  Aspose team has tested Aspose.Words for Java with Java 10 and is pleased to announce that Java 10 is now supported by the latest versions of Aspose.Words for Java. Developers can insert contents of outer documents to their reports dynamically using LINQ Reporting. Starting from Aspose.Words for Java 18.8, developers can enable doc tag to check the template syntax and populate with data using LINQ Reporting. By default, a document being inserted is not checked against template syntax and is not populated with data. It has added support to create snip corner rectangles in this version. This release has added HtmlSaveOptions.ExportCidUrlsForMhtmlResources property. Users  can use this property to save the resources of MHTML document using the “Content-Id” URL Scheme. It has also added new property ShowComments in LayoutOptions class. This property is used to show or hide comments in fixed file formats e.g. PDF, XPS. By default, the comments are visible.  A new property ShowInBalloons has been added to RevisionOptions class. This property is used to show revisions in the balloons. By default, the revisions in balloons are not shown.  Previously, Aspose.Words used to save “@font-face” rules of HtmlFixed documents into a separate file “fontFaces.css” while other CSS declarations were written to “styles.css”. We have changed this behavior and now Aspose.Words saves all CSS rules and declarations into the same file “styles.css”. In case the old behavior is required for compatibility with legacy code, it can be restored by using the new public property HtmlFixedSaveOptions.SaveFontFaceCssSeparately. It has added new property RecognizeUtf8Text in RtfLoadOptions class. This property allows to detect UTF-8 encoded characters and preserve them during import. Obsolete value NumInDash was removed from NumberStyle enum. Please, use NumberStyle.NumberInDash value instead. Obsolete method ToTxt() was removed from Node class. Please, use ToString(SaveFormat.Text) instead. The obsolete property Location has been removed from the FootnoteOptions and EndnoteOptions classes. Please use the Position property. Also, the FootnoteLocation emum type has been removed. The list of most notable new and improved features added in this release are given below

Allow setting "Layout in Table Cell" option of shapes

Add feature to create Snip Corner Rectangle

Track changes rendering issue in resultant PDF

Add a feature to escape ampersand symbol during replacement

Change SHA-1 to SHA-256 and public asymmetric key from 1024 to 2048 for the license mechanism

Add feature to populate template document loaded by "doc" tag

Include Formatting Comments in Save To Tiff

Add feature to detect encoding characters and change them to UFT-8 in output RTF

SaveDate field's result become visible after re-saving the document

Reference resources in MHTML documents using the "Content-Id" URL scheme

Spaces and special characters trimmed when rendering

Remove UTF-8 BOM from CSS parts in MTHML documents

Rework span shallow size tests

Combine styles when saving Words to HTML with HtmlFixedSaveOptions

Incorrect font fallback for Asian characters

Implement the second way of rendering the shape outline

Line Caps Rendering - PolyLine caps direction is not correct

Update minimum possible font size

Remove Aspose logo from Venture license in trial mode

Remove obsolete public properties EndnoteOptions.Location/FootnoteOptions.Location

Set RunPr.ComplexScript to True for Thai letter list labels

SetLicense throws IllegalStateException.

Update Metered license code.

Save HTML to PDF-A_1B does not generate indexed images anymore

Borders look incorrect after converting document to PDF using MS Word or Bullzip PDF Printer

Table with different preferred widths extends outside the page when rendered

Table preferred width no longer automatically resizes when cell preferred width is set

Table column widths are calculated incorrectly during rendering

Cell's contents move to next line after conversion from Doc to Pdf

Elbow Arrow Connectors are not rendering correctly in PDF

Visio objects are overlapped in output PDF

Floating table is positioned improperly

Hijri Date is displayed in English Numbers in output DOCX/PDF

Text is missing after conversion form DOCX to PNG

DOCX to PDF conversion results are inconsistent in Multithreading

DOCX to HTML Issue with HtmlOfficeMathOutputMode as MathML

OfficeMath nodes are exported incorrectly as MathML in output HTML

Image generated from Dokkered web app is completely black.

Thai characters are converted to numbers in PDF

text-anchor' property is not imported correctly

Insert SVG into Aspose.Word.Document results in black image

The rendered PDF output is corrupted

Document.UpdateFields displaces text of frame when using 'IncludeText'

Arrow shape is rendered incorrectly

Numbers List Change while Converting Doc to PDF

Paragraph's text is missing in output PDF

Incorrect rendering of the OMath if FirstLineIndent is specified, after converting to PDF

Problem of incorrect Revisions Count after Comparing documents

CSS border style is not applied to image in output PDF/DOCX

Content is rendered on multiple pages in HtmlFixed/PNG

Distance between symbols not preserved in PDF

Borders of some SmartArt elements not preserved in PDF

LayoutCollector.GetStartPageIndex returns wrong page number

Equations render partially in generated PDF

Document.UpdateFields generates wrong alphabetical sort order for INDEX field

PDF output doesn't match the original DOCX document

Word breaking in Thai language is wrong

Signature images are not visible in generated PDF/Imag

Unknown yellow color rectangle is rendered after conversion from DOCX TO PDF

DOCX to PDF conversion issue with textbox shape glow

StartTrackRevisions hangs and process does not complete

Incorrect rendering of the text outline with zero width after converting to PDF

Extra pages are created when DOCX is converted to PDF

Improve conditions for hanging punctuation

Vertical spacing between Paragraphs increased when rendering to PDF

Remove whitespaces from MathML content while importing html to model.

Line Caps Rendering - Stealth arrow is rendered incorrectly.

Line Caps Rendering - Curved arrow has incorrect direction.

Other most recent bug fixes are also included in this release

Newly added documentation pages and articles

Some new tips and articles have now been added into Aspose.Words for .NET documentation that may guide users briefly how to use Aspose.Words for performing different tasks like the followings.

Inserting Documents Dynamically

Create Snip Corner Rectangle

Overview: Aspose.Words

Aspose.Words is a word processing component that enables .NET, Java & Android applications to read, write and modify Word documents without using Microsoft Word. Other useful features include document creation, content and formatting manipulation, mail merge abilities, reporting features, TOC updated/rebuilt, Embedded OOXML, Footnotes rendering and support of DOCX, DOC, WordprocessingML, HTML, XHTML, TXT and PDF formats (requires Aspose.Pdf). It supports both 32-bit and 64-bit operating systems. You can even use Aspose.Words for .NET to build applications with Mono.

More about Aspose.Words

Homepage Java Word Library

Download Aspose.Words for Java

Online documentation of Aspose.Words

Post your technical questions/queries to Aspose.Words Forum

Receive notifications about latest news and supported features by subscribing to Aspose.Words Blog

Original Post from Trend Micro Author: Trend Micro

By: Ranga Duraisamy and Kassiane Westell (Vulnerability Researchers)

A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability to steal confidential information or exfiltrate local files from the victim’s machine. Page tested the vulnerability in the latest version of IE (11) with current patches on Windows 7 and 10, and Windows Server 2012 R2 operating systems. We looked at its attack chain to better understand how the security flaw works and how it can be mitigated.

XXE injection works by exploiting an XML parser with an improperly restricted XML external entity reference (CWE-611), which is used to access unauthorized content. XXE injection also exploits misconfigured document type definition (CWE-827) used to define document types for markup languages like XML. For example, an attacker can use a malicious XML file with external entity reference that abuses the ‘file://’ protocol to access local files, or ‘http://’ to access files on web servers.

In the case of the vulnerability reported by Page, the security flaw is triggered when a specially crafted MIME HTML web archive (.mht) file is opened and the user interacts with the browser, with actions such as opening a new tab in IE (Ctrl+K) or printing a file (Ctrl+P). However, the user interaction can be simulated by JavaScript functions like window.print(). Once the user opens the malicious .mht file, the attacker would be able to exfiltrate files from the user’s system. Note that successfully exploiting this flaw relies heavily on social engineering. For instance, attackers have to lure the user into downloading a malicious .mht file and manually triggering local settings.

Page disclosed the vulnerability, and we shared our analysis to Microsoft, which released this official statement: “Internet Explorer alone does not permit this type of malicious behavior. An attacker must trick or convince a user into downloading a malicious document through a socially engineered scheme, for example a spam email attachment or phishing campaign that triggers a download. The file must then be opened with the browser. To guard against this scheme, practice safe computing habits online, such as avoid downloading and opening untrusted files from the Internet.”

Vulnerability impact An attacker who successfully exploits this vulnerability could gain access to sensitive files on the user’s system. Successful exploitation could also provide reconnaissance information that can be used to execute more attacks or launch more payloads. For instance, it can divulge the client’s installed applications, network configuration, privileges, and details of antivirus protection to an attacker. The attacker could then use the obtained information to gain a foothold into the affected system’s network.

While XXE injections/attacks aren’t new, they could pose significant security risks. In fact, XXE attacks are listed among Open Web Application Security Project’s (OWASP) top security risks to applications and features in popular software or tools. The abuse of .mht files as an attack vector is also notable, as it’s also known to be abused by exploit kits and threats like information stealers.

Attack chain analysis In order for the security flaw to be exploited, a malicious XML file has to be placed in the attacker’s hypertext transfer protocol (HTTP) server. This XML file should mention the specific files that need to be exfiltrated from the user’s system in the ENTITY tag, which represents a request or response in HTTP messages. In turn, the corresponding file needs to be referred as an external entity in the malicious MHTML file, which the users could manually execute on their machines.

Figure 1. A malicious XML file that specifies the files to extract from the user’s system

The attacker must convince the user to download the malicious MHTML file through external attack vectors, such as socially engineered spam email attachment or phishing. The email client must then open the malicious file with IE. Note that IE is the default application used to open MHTML files on all versions of Windows and so the user does not need to specify the application. As shown in Figure 3, the vulnerable IE client will send a GET request to the attacker’s server to retrieve the malicious XML file once the malicious MHTML file is opened.

Figure 2. Sample MHTML file that uses the XXE vulnerability in IE to download a malicious XML file from the attacker’s machine

Figure 3. Packet capture of first request sent from the client to the attacker’s server to get the malicious XML file

As can be seen from Figure 1, the malicious XML file contains details of files specified for exfiltration, along with the uniform resource identifier (URI) of the attacker-controlled server. The contents of the files that the attacker referenced in the malicious XML are sent back to the attacker’s server as per the URI path mentioned in the same XML file. This will then be displayed on the attacker’s end.

Figure 4: Packet capture of the second request sent from the client to the attacker’s server that sends the contents of the attacker’s target file

Trend Micro solutions As of this writing, Microsoft has not released a fix for this vulnerability. Users should exercise caution when opening any file from an unknown sources. Successfully exploiting the vulnerability entails enticing users to open malicious files. Avoid clicking links or downloading and opening files from unsolicited sources. Ensure that the operating system and applications have the latest security updates (or use virtual patching for legacy systems). System administrators, developers, and programmers should also adopt best practices. OWASP, for instance, has a list of recommendations for preventing XXE issues.

The Trend Micro Deep Security  and Vulnerability Protection solutions protect user systems from threats that may exploit this vulnerability via the following DPI rule:

1005676 – Identified Download Of XML File With External Entity Reference

Trend Micro TippingPoint customers are protected from this vulnerability via this MainlineDV filter:

13855 – TCP: XML External Entity (XXE) Usage

The post Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info appeared first on .

#gallery-0-5 { margin: auto; } #gallery-0-5 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-5 img { border: 2px solid #cfcfcf; } #gallery-0-5 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Trend Micro Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info Original Post from Trend Micro Author: Trend Micro By: Ranga Duraisamy and Kassiane Westell (Vulnerability Researchers)

Add Bookmarks with Named Destination & Copying VBA Project from One Excel File to Other using .NET

What’s new in this release?

Aspose development team is pleased to announce the new release of Aspose.Cells for .NET 17.9.0. This release includes some valuable features and other enhancements along with critical bug fixes that further improve the overall stability of the APIs. Aspose.Cells supports to specify Named Destinations in the output PDF file that do not depend on PDF pages. It means, if pages are added or deleted from PDF, bookmarks may become invalid but named destinations will remain intact. Please see the document/article (with attachments) that explains on how to add PDF Bookmarks with Named Destinations for users complete reference. If an Excel file contains external resources (linked images or objects), so, when users convert an Excel file to Pdf, Aspose.Cells retrieves these external resources and renders them to Pdf file format. Now, if users do not want to load these external resources rather you want to manipulate them, users can do this using PdfSaveOptions.StreamProvider API which implements the IStreamProvider interface. Aspose.Cells allows developers to copy VBA project from one Excel file into other. VBA project consists of various types of modules i.e. Document, Procedural, Designer etc. All modules can be copied with simple code but for Designer module, there is some extra data called Designer Storage needs to be accessed or copied. Aspose.Cells provides Shape.ToFrontOrBack()method which changes the z-order position of the shape. If users want to send shape to back you will use negative number like -1, -2, -3 etc. and if users want to send shape to front, will use positive number like 1, 2, 3 etc. Developers can sort data in the column using custom list. GridWeb displays comments as Tooltips like MS-Excel does when users hover mouse over the respective cell. The web based grid control provided by Aspose.Cells for .NET allows creating, removing and getting cell comments inside the worksheet. There are some other enhancements included in this release, such as Determining which stack size is needed for a certain Workbook, Exception: “Too many entries. Consider setting ZipOutputStream.Enable Zip64” on merging the file(s), When RecommendReadOnly is true, IsWriteProtected is also true, Handled NullReferenceException when reading XLSX using LoadFilter containing Pivot Table, Handled “Input string was not in a correct format” exception on opening MS Excel file. In this release, Aspose team has fixed several other issues. For example, issues around reading/writing MS Excel file formats, Smart Markers, manipulating ranges, inserting rows and columns, rendering shapes and drawing objects, manipulating OLE Objects, rendering and manipulating charts, manipulating PivotTables, rendering images from Excel worksheets, rendering images files from charts and exporting Excel workbooks to PDF format have been resolved. This release includes several enhanced features and bug fixes as listed below

Determine which Stack Size is needed for a certain Workbook

Format the custom Label's font and its cell with Smart Markers

Control loading of external resources in MS Excel workbook

Lose Track Changes after conversion (XLS --> XLSM)

Show Cell comment as Excel Tooltip - Aspose.Cells.GridWeb

Share Price Series Label is not positioning properly

Exception: "Too many entries. Consider setting ZipOutputStream.Enable Zip64" on merging the file(s)

Why FitToPagesWide 1 needs to set FitToPagesTall 0 for  Fit All Columns on One Page

When RecommendReadOnly is true, IsWriteProtected is also true

GridDesktop should not scroll past last column

GridDesktop should not scroll past last row

GetRanges performance issue when using customfunction with lots of functions to be calculated

Some drawing elements' position is wrong in Excel to PDF rendering

Grey background on the box is missing in the output PDF

Shape text dispersed/scattered in Excel to PDF rendering

Sheet to Image rendering ignores Asian fonts in TextBox with cell reference

Some text (labels) missing of the shape in Sheet to Image rendering

Providing one option to control whether keeping number precision format

HTML output of "222.xlsx" is not right

Two image resources created instead of one when saving as HTML file format

"Number stored as Text" for the numeric columns

When MHtml file is saved with XLS extension, MS Excel shows errors when opening the XLS file

Formatting lost after saving the file as XLS

Images lost after saving the file as XLS

Images lost and formattings are removed when saving an MHtml file to XLS or MHT

Infinite loop when use PageSetup.GetCommands()

Three hyphens "---" are rendered as empty space in the output PDF

Issue with floating lines (single, double underlines) in Excel to PDF conversion

When ImageOrPrintOptions.OnlyArea = true, the data gets corrupted

Partially missing characters when converting to image

Default grey cell borders converted into dotted lines

The word is renamed when converting to image

Issue with Chart.Calculate() method

Issue with trend equations in the chart

Scale is increased in the output PDF for the Radar chart

Chart image is not having three-digit numbers

Unable to render image from chart via Aspose.Cells

Incorrect Chart PDF when line plotting is compared to source Excel

Image generated from Sample.xlsm worksheet SampleCharts is not correct

Chart legend is rendered in wrong position when converted to image

OLE object changes size after opening and editing OLE object file

SpreadsheetML - Hidden attribute on column does not work

Inserting column in worksheet causes the corrupt output Excel file

SpreadsheetML - Hidden attribute on row is not working properly

Saving a custom date property results in wrong time written

Column width is changed after loading and saving an XLS file

Circle graph and Column graph are changed dramatically after re-load and re-save

Smart Markers: Multiple groups with skip overlaps grand total row

Excel has to repair the macro file - Removed Part: /xl/vbaProject.bin part

Other most recent bug fixes are also included in this release

Newly added documentation pages and articles

Some new tips and articles have now been added into Aspose.Cells for .NET documentation that may guide users briefly how to use Aspose.Cells for performing different tasks like the followings.

Add PDF Bookmarks with Named Destinations

Copy VBA Macro UserForm DesignerStorage from Template to Target Workbook

Overview: Aspose.Cells for .NET

Aspose.Cells is a .NET component for spreadsheet reporting without using Microsoft Excel. It supports robust formula calculation engine, pivot tables, VBA, workbook encryption, named ranges, spreadsheet formatting, drawing objects like images, OLE objects and importing or creating charts. You can also create Excel file using designer spreadsheet, smart marker or API and apply formulae and functions. It supports CSV, SpreadsheetML, PDF and all file formats from Excel 97 to Excel 2007.

More about Aspose.Cells for .NET

Homepage of Aspose.Cells for .NET C#

Download Aspose.Cells for .NET

Online documentation of Aspose.Cells for .NET

Export Emails to MHTML without Inline Images & Filter Messages with Custom Flag using .NET

What's New in this Release?

Aspose team is pleased to announce the release of Aspose.Email for .NET 17.6.0. It includes new features and enhancements related to various functional areas of the API. Specifically, the enhancements are related to the API’s IMAP, EWS client and rendering of messages to MHTML. The API also fixes several bugs that further improve the performance and functionality of the API. This month’s release introduces a new feature of adding custom flags to a message on the server using the API’s ImapClient. Custom flags can be added to a message using the AddMessageFlags method using the ImageMessageFlags. Not only users can add custom flags to messages on server using the API’s ImapClient, users can also filter messages by specifying custom flags. The ImapQueryBuilder’s HasFlags and HasNoFlags can be used for this purpose. Email messages with multiple or large size images embedded in them can take considerable time and system resources during conversion to MHTML format. This month’s release provides the capability to skip inline images from including in output MHTML using the MhtSaveOptions class’s SkipInlineImages property. Setting this flag avoids writing inline images from message body to output MHTML. The main bug fixes & improved features added in this release are listed below

Set custom flag using Imap

Option to render MSG to Mhtml without images for the sake of performance

Provision of flag for hidden/cache folders retrieved from Exchange server

Removing credentials from the activity log file        

Protocols API. Prevent the debugger from calling the getter property

Image repeated in background while converting MSG to Mhtml

From address not decoded properly from Base64

Aspose.Email adds random values for ConversationIndex property

PST: To, CC and BCC not displayed in Outlook

Aspose.Email is showing attachment name as UNKNOWN_PARAMETER_VALUE

Subject corrupted while saving the EML

Attachment filename changed when EML file is loaded and saved again

Saving attachment of EML file using Aspose.Email is getting corrupt/damaged

IMAP: BAD FETCH Invalid Fetch argument

To, CC and Bcc not shown in PST after conversion from Mbox

Aspose.Email is unable to read the attachments with EML file

Calendar item cannot be loaded to MailMessage

Setting the priority of an appointment is not working

EMLs to MHT: Blank output

Pop3: Getting Out Of Memory Exception

Null reference exception when getting contacts

ArgumentException: "The property data could not be null. Parameter name: property"

Exception raised while loading attached ICS file

Loading MSG file using MailMessage is throwing exception: IndexOutOfRangeException

MapiMessage.FromMailMessage raises exception for ICS files

Not Setting license raises Argument Out Of Range exception for MapiMessage.FromMailMessage for ICS files

IEWClient raises exception while fetching contacts from office365

Other most recent bug fixes are also included in this release.

Newly added documentation pages and articles

Some new tips and articles have now been added into Aspose.Email for .NET documentation that may guide users briefly how to use Aspose.Email for performing different tasks like the followings.

Exporting Email to MHT without Inline Images

Filter Messages with Custom Flag

Overview:Aspose.Email for .NET

Aspose.Email for .NET is a set of .net email components allowing developers to easily implement email functionality within their ASP.NET web applications, web services & Windows applications. It Supports Outlook PST, EML, MSG & MHT formats. It allows developers to work with SMTP, POP3, FTP & MS Exchange servers. It supports mail merge, iCalendar, customized header & body, header information, embedded files, Twitter & many more. It makes it easy to work with HTML or plain text emails & their attachments.

More about Aspose.Email for .NET

Homepage of Aspose.Email for .NET C#

Download Aspose.Email for .NET

Online documentation of Aspose.Email for .NET