Overview
This plugins allows to generate DOCX files from a DOCX template and an XML data model from Appian. It also allows to convert a DOCX into PDF through an opensource (with limited capabilities) library.
Key Features & Functionality
Hi, we are seeing an error while configuring the 'DOCX From Dynamic Template' node to work as a MNI.
For the first instance, it produces an error: "Premature end of file." but works for the second instance and creates a file.
Any advice on this error or how to configure it as an MNI please?
Hi, anyone else seeing a recent issue where the 'convert DOCX to PDF' node is compressing the contents in the document so the alignment & structure is unreadable? Process seemed to be working complete fine before we updated to the latest version of the plug-in just today. Is this a bug?
We have a problem due to the property "Title" that is kept during the generation of the DOCX from the template but is lost in the conversion from DOCX to PDF.
Is it a bug that can be solved?
Is there any other way to provide the "Title" to apply on the PDF to generate (maybe via "PDF Options" parameter) ?
Thanks
DOCX Generated
PDF Generated
I am facing issue to generate docx file usng this plugin . The above highlighted is the XML body which I am passing . I observed that the data in the last tag (highlighted part) contains a () character in the string is creating a issue . When I removed this bracket it is working fine . Can any one please suggest me the solution for that.
Note : I have used tohtml() function also to handle special character but these brackets are not getting changed and creating a issue .
Hi Team,
Kindly let me know whether the vulnerabilities are addressed in the new version V1.0.8.
Thanks!
Hi,
Please find the vulnerability issues while scanning this plugin.
Apache Commons Compress:The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
Apache POI:In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
Apache Xerces2 J:There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
iText, a JAVA-PDF library:The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.iText is vulnerable to a stack-based buffer overflow. An attacker could exploit this flaw by tricking a victim in to running a maliciously crafted file on the application leading to a denial-of-service (DoS) condition.
Kindly help to check. Thanks in advance!
Hello, I am using the Advanced Document Template plugin, to generate a docx but I can not include an image. Any example of how I have to code the docx to show me the image? Thanks a lot
Hi Daniel, thanks for your response. Part of the confusion in our case was that we also use the Dynamic Document Generator plug-in which also lists a PDF from docx as smart service. We get headers and footers using 'PDF from DOCX' but not when we use it on a merged word file after using 'DOCX merge' from Dynamic Document Generator'.