Release 16.11.0
Date of Release: 15 April 2026
New features
- New DOCX content management policy:
headers_footers.- Handles headers and footers content within DOCX files. A policy setting of
sanitiseis applied by default.
- Handles headers and footers content within DOCX files. A policy setting of
- New DOCX content management policy:
web_video_extension.- Handles web video GUID elements within DrawingML content that can contain exploitable references. A policy setting of
sanitiseis applied by default.
- Handles web video GUID elements within DrawingML content that can contain exploitable references. A policy setting of
Fixes and improvements
- Extended content remediation in PNG to address surplus trailing data within IDAT image data blocks.
- Remediated data is reported as a remedy item in analysis reports.
- The
<jpegConfig>policy switch<jfif>now applies to all engine run modes. - PPTX:
commentAuthors.xmlcontent is now managed under thereview_commentscontent management policy. - Fixed issue in PPTX where embedded binary images led to a repair message in processed files.
- Fixed issue in PDF where files with embedded images failed when
export_embedded_imageswas set tofalse. - Fixed issue in PPT where content import failed with a "-10 Archive contents could not be accessed" error.
- Fixed issue in JPEG where JFIF APP segments were not removed when the segment size differed from the expected value.
- Fixed issue in OOXML where unreferenced
externalLinkstreams were left in files after hyperlink sanitization. - Fixed issue in XLSX where some files failed with "Validation of CT_PivotSource.fmtId failed".
- Fixed issue in OOXML where unreferenced streams were reported as remedy items after consecutive processing runs.
- Fixed issue in DOCX where the
visibility:hiddenattribute was not sanitized on hidden shapes. - Fixed issue in OOXML where supported embedded CFB files were being incorrectly removed.
- Fixed issue in XLSX where some files failed with "End of stream not reached".
- Fixed issue in PPT where files with embedded WMF images failed with a WMF image compression error.
- Fixed issue in SVG where
<?xml-stylesheet?>processing instructions caused issues with the output. - Fixed issue in SVG where nested SVG elements were being incorrectly removed.
- Fixed issue in SVG where
onclickattributes were not sanitized, allowing scripts to persist in processed files. - Fixed issue in PDF where certain files failed to process intermittently.
- Fixed issue in PDF where files using LZWDecode failed unless first processed with Conform.
- Fixed issue where unsupported files returned "Failed to write output file" instead of an appropriate error message.
- General bug fixes and stability improvements across multiple supported file formats.
- Updates to the example policy file and policy file schema.
Defects and limitations
- The JavaScript wrapper is currently excluded from the release package.
- The Word Search Java wrapper compatibility is currently limited to JRE8.
- PDFs generated via the MS Outlook Adobe plug-in are not supported.
- Word Search analysis XML no longer reports structural content or changes.
- Processing times may be impacted by changes made to licensing features.
- Processing files using multiple threads is not supported. Spawning multiple processes is advised to facilitate parallel processing.
- Word Search is provided as a beta feature:
- 'text' or 'regex' cannot be the same for 'require' or 'allow'/'disallow' as this will regenerate the file and ignore the 'disallow' or 'require' setting.
- The pipe symbol (
|) at the start or end of 'require' can potentially cause the Engine to hang when using regex search policies.