Security
Dec 18, 2024
TLDR: We fixed an issue relating to document signature formatting. No data or signatures were compromised in any way. We corrected all affected documents. You may receive completed documents again. All downloads going forward will display as expected.
What Happened?
We discovered and fixed an issue relating to document formatting and signatures. Documents created between December 15th and 18th may have been affected by a formatting issue, leading to the signature not displaying correctly in Adobe PDF and other viewers. This issue was caused while addressing an unrelated potential security vulnerability.
Issue 1512 was a potential attack vector we were recently made aware of. The vulnerability could allow alterations to the content of a signed document without invalidating the signature, using multiple layers of content. While purely theoretical so far, we decided to address this to ensure maximum protection for our users.
To remove multiple layers of content from the PDF and eliminate the possibility of fake content, we moved part of the document processing to the browser to flatten the PDF before sending it to the server for generation. While seemingly unrelated to signatures, a difference in the behavior of PDF-lib.js in the browser vs. on the server caused a shift in the internal document format. While this was not visible in most cases, a known side effect was signatures not displaying correctly in Adobe PDF, though they were correctly inserted into the PDF.
No errors during signing in our test pipelines and the “successful” insertion of the signatures caused this issue to go unnoticed through testing and deployment.
Our Solution
We addressed this as soon as we became aware by deploying a hotfix to correct the unexpected behavior. The flattening logic has been moved back to the server side. Additionally, we ran a correction script to regenerate all affected documents.
It is important to note that no data was corrupted, and no signing process is in doubt. This allowed us to simply regenerate affected documents, as all relevant base data was correct and unaffected. All document downloads going forward will display correctly in any PDF viewer.
You may re-receive completed documents to ensure you have a corrected version of the documents you signed. Depending on your process, you might want to re-download affected documents. If you need assistance downloading multiple documents, you can contact support@documenso.com. No further action is required on your part.
Key Takeaways for Customers
All affected documents have been corrected and no further action is required.
The issue did not affect the content or integrity of any document.
Cryptographic signatures remain valid and secure.
All affected documents have been fixed and are now fully functional.
As mentioned above, no documents or data were compromised during this incident. Audit logs, document status, signature validity, and all other data remain unchanged.
Preventing Future Issues
To avoid similar challenges in the future, we’ve enhanced our testing and processing pipelines to ensure robust handling of layered PDFs. We are currently looking into further automated tests to verify not only signature integrity but also correct formatting as expected by viewers.
This is tricky since we can’t run the most common viewer, Adobe PDF, server-side. However, we will find a way to work around this going forward.
If you have any concerns or questions, don’t hesitate to contact our support team at support@documenso.com.
Best from Hamburg,
Timur