changelog; pdftk optional feature

_docs/changelog.md

@@ -3,6 +3,36 @@ layout: docs
 title: Change Log
 short_title: Change Log
 ---
+## [1.4.97](https://github.com/jhpyle/docassemble/releases/tag/v1.4.97) - 2024-02-29
+
+
+### Added
+- The `pdftk` option under `attachment` and `features` for filling in
+  `pdf template file` attachments using pdftk instead of pikepdf.
+
+### Changed
+- During the Docker image build process, `pandoc` will run once, so
+  that the first user to assemble a document with `pandoc` will not
+  experience slowness due to LaTeX needing to generate files.
+- Appearance streams will be generated when using `pdf template file`.
+- Error messages related to problems in the source code will no longer
+  be displayed to the user unless the user is an administrator or
+  developer. If you want these error messages to appear to all users,
+  set `debug: True` and `development site is protected: True` in the
+  Configuration. The error messages will be available in
+  `docassemble.log`.
+
+### Fixed
+- Fixed security issue identified by Riyush Ghimire, affecting
+  versions 1.4.53 to 1.4.96, that could cause contents of files in the
+  filesystem to be revealed. This is a high severity issue and
+  upgrading as soon as possible is recommended.
+- Fixed security issue identified by Riyush Ghimire, affecting
+  versions up to 1.4.96, that allowed an open redirect URL to be formed.
+- Fixed security issue identified by Riyush Ghimire, affecting
+  versions up to 1.4.96, that would allow HTML or JavaScript
+  injection.
+
 ## [1.4.96](https://github.com/jhpyle/docassemble/releases/tag/v1.4.96) - 2024-02-14
 
 

_docs/documents.md

@@ -1281,6 +1281,42 @@ If you want to prevent users from editing the forms created through
 
 {% include side-by-side.html demo="pdf-fill-not-editable" %}
 
+## <a name="pdftk"></a>Using pdftk to fill the fields
+
+By default, **docassemble** uses [pikepdf] to fill in fields. If you
+want **docassemble** to use [pdftk] to fill in the fields, use `pdftk:
+True`.
+
+{% highlight yaml %}
+question: |
+  Here is your PDF form
+attachment:
+  name: A filled-in form
+  filename: filled-form
+  pdf template file: sample-form.pdf
+  pdftk: True
+  fields:
+    Your Name: |
+      ${ user }
+    Your Organization: |
+      ${ user.organization }
+    Apple Checkbox: |
+      ${ likes_apples }
+    Orange Checkbox: |
+      ${ likes_oranges }
+    Pear Checkbox: |
+      ${ likes_pears }
+    Toast Checkbox: |
+      ${ likes_toast }
+{% endhighlight %}
+
+If `pdftk` is not specified, the default behavior is determined by the
+interview's [`pdftk` features setting]. If there is no such `feature`,
+the default is not to use [pdftk].
+
+Although [pdftk] is slower than [pikepdf], it can render more accurate
+appearance streams.
+
 ## <a name="rendering font"></a>Changing the font used when rendering fields as text
 
 If you use `editable: false` or `pdf/a: True`, form fields will be
@@ -2169,6 +2205,7 @@ interview, see the [`cache documents` feature].
 [dictionary]: {{ site.baseurl }}/docs/groups.html#gather dictionary
 [`pdf/a` features setting]: {{ site.baseurl }}/docs/initial.html#pdfa
 [`tagged pdf` features setting]: {{ site.baseurl }}/docs/initial.html#tagged pdf
+[`pdftk` features setting]: {{ site.baseurl }}/docs/initial.html#pdftk
 [PDF]: https://en.wikipedia.org/wiki/Portable_Document_Format
 [PDF/A]: https://en.wikipedia.org/wiki/PDF/A
 ["Templates" folder]: {{ site.baseurl }}/docs/playground.html#templates
@@ -2217,3 +2254,5 @@ interview, see the [`cache documents` feature].
 [`Legal-Template.docx`]: https://github.com/jhpyle/docassemble/blob/master/docassemble_base/docassemble/base/data/templates/Legal-Template.docx
 [Python expression]: https://stackoverflow.com/questions/4782590/what-is-an-expression-in-python
 [font list tool]: https://demo.docassemble.org/start/demo/fontlist/
+[pikepdf]: https://pikepdf.readthedocs.io/en/latest/
+

_docs/initial.md

@@ -2346,6 +2346,20 @@ features:
   cache documents: False
 {% endhighlight %}
 
+## <a name="pdftk"></a>Using pdftk to fill in PDF form fields
+
+If you want the [PDF] files filled in by `pdf template file` in your
+interview to be produced by [pdftk] instead of [pikepdf], set `pdftk`
+to `True`.
+
+{% highlight yaml %}
+features:
+  pdftk: True
+{% endhighlight %}
+
+The setting can also be made on a per-attachment basis by setting the
+[`pdftk` attachment setting].
+
 ## <a name="pdfa"></a>Producing PDF/A files
 
 If you want the [PDF] files produced by your interview to be in
@@ -2571,6 +2585,7 @@ This will cause the web application to run the JavaScript for the
 [`referring_url()`]: {{ site.baseurl }}/docs/functions.html#referring_url
 [iframe]: https://www.w3schools.com/TAgs/tag_iframe.asp
 [`pdf/a` attachment setting]: {{ site.baseurl }}/docs/documents.html#pdfa
+[`pdftk` attachment setting]: {{ site.baseurl }}/docs/documents.html#pdftk
 [`tagged pdf` attachment setting]: {{ site.baseurl }}/docs/documents.html#tagged pdf
 [`pdf/a` configuration directive]: {{ site.baseurl }}/docs/config.html#pdfa
 [`tagged pdf` configuration directive]: {{ site.baseurl }}/docs/config.html#tagged pdf
@@ -2804,3 +2819,5 @@ This will cause the web application to run the JavaScript for the
 [`mail`]: {{ site.baseurl }}/docs/config.html#mail multiple
 [GitHub repository]: {{ site.github.repository_url }}
 [combining multiple interviews into one]: {{ site.baseurl }}/docs/logic.html#multiple interviews
+[pikepdf]: https://pikepdf.readthedocs.io/en/latest/
+[pdftk]: https://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/