Nitro Product Downloads and Documentation

Everything you need to stay productive—from product downloads and security updates to user guides and release notes.

 

Product Updates

Nitro regularly releases updated products with new features, enhancements, and bug fixes. Minor updates (from version 11.1 to 11.2, for example) are available free of charge for users with a valid license.


Nitro Pro 11

Latest Version:  11.0.7.411
Release date:  November 17, 2017
Release Notes »


Nitro Pro 10

Latest Version:  10.5.9.14
Release date:  August 25, 2017
Release Notes »

Security Updates for Nitro Pro

Security Update Published 11/17/2017

Originally published: 11/17/2017

Last updated: 11/17/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.3.173 and prior
10.0.5.8.44 and prior
A vulnerability exists in the Doc.SaveAs function which
could be exploited by a specially crafted PDF file,
potentially leading to a File Write taking place outside
of the intended path.
CVE-2017-7442
11.0.3.173 and prior
10.0.5.8.44 and prior
A vulnerability exists in the Doc.SaveAs function which
ecould be exploited by a specially crafted PDF file,
potentially leading to a URL launch taking place in
conjunction with a Security Alert.
CVE-2017-7442

Solution

Nitro recommends Personal (individual) users update their software to the latest version below. Business customers may contact their Nitro Account Manager for access to any security updates and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.7.411 Please update to the latest version of Nitro Pro 11 available here
10 Nitro is unable to fix this vulnerability in Nitro Pro 10. Please upgrade to the latest version of Nitro Pro 11 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Security Update Published 9/27/2017

Originally published: 9/27/2017

Last updated: 9/27/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.5.271 and prior
10.5.9.14 and prior
A memory write vulnerability that could potentially be
exploited when opening a specially crafted PDF file, with
a specific Count field, leading to memory corruption and
a crash.
CVE Pending
11.0.5.271 and prior A use-after-free vulnerability exists that could potentially
be exploited when opening a specially crafted PDF file
containing a malformed JPEG2000 image, leading to
memory corruption and a crash.
CVE Pending

Solution

Nitro recommends Personal (individual) users update their software to the latest version below. Business customers may contact their Nitro Account Manager for access to any security updates and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.6.326 Please update to the latest version of Nitro Pro 11 available here
10 Nitro is unable to fix this vulnerability in Nitro Pro 10. Please upgrade to the latest version of Nitro Pro 11 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Security Update Published 7/21/2017

Originally published: 7/21/2017

Last updated: 8/25/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.3.173 and prior
10.5.9.14 and prior
An out of bound memory write vulnerability that could
potentially be exploited when opening a specially crafted
PDF file, leading to memory corruption and a crash.
CVE-2017-2796
11.0.3.173 and prior
10.5.9.14 and prior
A heap overflow vulnerability that could potentially be
exploited when opening a specially crafted PCX image
file, resulting in memory corruption and a crash.
CVE-2017-7950

Solution

Nitro recommends Personal (individual) users update their software to the latest version, which includes fixes for these vulnerabilities. Business customers may contact their Nitro Account Manager for access to the latest version and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.6.326+ Please update to the latest version of Nitro Pro 11 available here
10 Nitro is unable to fix this vulnerability in Nitro Pro 10. Please upgrade to the latest version of Nitro Pro 11 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Security Update Published 2/3/2017

Originally published: 2/3/2017

Last updated: 8/25/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.3.134 and prior
10.5.9.9 and prior
A specially crafted PDF file can potentially cause
memory corruption leading to a crash.
CVE-2016-8709
CVE-2016-8713
11.0.3.134 and prior
10.5.9.9 and prior
A potential remote code execution vulnerability in the
PDF parsing functionality of Nitro Pro.
CVE-2016-8711

Solution

Nitro recommends Personal (individual) users update their software to the latest version, which includes fixes for these vulnerabilities. Business customers may contact their Nitro Account Manager for access to the latest version and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.3.173+ Please update to the latest version of Nitro Pro 11 available here
10.5.9.14+ Please update to the latest version of Nitro Pro 10 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Nitro Security Vulnerability Policy & Process

Nitro’s commitment to the security of its products and services is a core value. Through proactive security design and testing, Nitro is proud to have required few historical security updates. Central to this philosophy is how Nitro manages security vulnerabilities, including those reported to Nitro by third parties.

Reporting a Vulerability

All Nitro security vulnerabilities should be reported via email to the Nitro Security Team at security@gonitro.com. Please provide the version/build affected, concise steps to reproduce the vulnerability that are easily understood, and include a proof-of-concept file. While Nitro appreciates reported bugs and vulnerabilities, Nitro does not provide rewards or acknowledgements for bug or security vulnerability submissions.

Nitro Security Vulnerability Process:

(1) Nitro will acknowledge and assess any vulnerability reported according to the instructions above, typically within 7 days.

(2) When a vulnerability is confirmed, Nitro will conduct risk analysis using the Common Vulnerability Scoring System (CVSS v3) and determine the most appropriate response for Nitro customers.

  • Critical security updates: Issues within the software that, if not addressed, pose a high risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers. Nitro will resolve critical security updates by providing a critical update to the current and previous released software version, or a major upgrade to the current and/or previous release.

  • Non-critical Security updates: Issues within the software that, if not addressed, pose a low to moderate risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers. Nitro will resolve non-critical security updates by providing a minor update or major upgrade to the current release.

(3) Nitro will design, implement & test any security updates, and make them available to customers on supported software versions; typically within 90 days.

(4) Nitro will publicly disclose all critical security vulnerabilities, affected versions, and relevant details of any updated releases that address the issues, on this Security Updates page.

For more information, please contact the Nitro Security Team at security@gonitro.com

Deployment options

Nitro Pro supports most common deployment methods, making it faster and easier for IT administrators to roll out, maintain and update Nitro Pro across large workgroups or entire sites. This includes tools for deploying Nitro Pro across all desktops and on servers running Citrix, RDS, and Terminal Services.


Deployment

Client-side deployment (push installations)

Industry standard deployment tools. Install and manage our software using Microsoft Active Directory, System Center Configuration Manager (SCCM), or other deployment managers that support Microsoft Installer (MSI) files.

  • Industry standard deployment tools. Install and manage our software using Microsoft Active Directory, System Center Configuration Manager (SCCM), or other deployment managers that support Microsoft Installer (MSI) files.
  • Command line. Install via command-line switches to install silently and automate the activation of serial numbers.

Nitro Pro also works with roaming profiles so users can access their own preferences from whatever computers they access on networks running Active Directory.

The deployment tools above can be used to push out installations on the following operating systems:

  • Microsoft Windows 10
  • Microsoft Windows 8
  • Microsoft Windows 7

Server-Side Deployment

PDF for Citrix and Terminal Server Software

Nitro products support server-based hosting, allowing you to run and manage our software from one central location.

Nitro Pro can be installed on the following supported server environments:

Windows Server 2008, 2008 R2, and 2012 running any of the following:

  • Remote Desktop Services
  • Terminal Services
  • Citrix XenApp (Published Desktop/Application)

Getting Started

Trying Nitro Pro. To try Nitro Pro, download and install the free trial on your desktops.

Buying Nitro Pro. To purchase 11 or more licenses, please contact our sales team about our Volume Licensing Program (VLP). To purchase less than 11 licenses, visit our online store.


Support + Help

If you're a VLP customer and you would like a custom installer (custom transforms), please contact our sales team and we can get you set up.

Note that server use is only supported under our Volume Licensing Program when you purchase 11 or more licenses.

Software Sunset Policy

Scope of Policy

The Software Sunset Policy ('the Policy') applies to the following products: Nitro Pro.

The following products are discontinued and do not fall under the scope of the Policy: Nitro Reader, Nitro PDF Express, PrimoPDF.

Definitions

Critical updates are a subset of minor updates and are aimed at resolving the following product issues:

  • Critical security updates: Issues within the software that, if not addressed, pose a high risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers.
  • Critical software issues: Issue renders the software completely inoperable and affects all users.
  • Major software issues: Issue materially impairs a major software feature, with no reasonable work-around available.

Current release means the latest major upgrade in the market.

Previous release means the major upgrade immediately preceding the current release.

Discontinued release means the major upgrades older than the previous release, or products/versions that have been otherwise sunset and are no longer supported.

Major upgrade means products released to market where the first number of a version increases (eg Nitro Pro v10 to Nitro Pro v11).

Minor update means products released to market where any secondary number of a version increases (eg Nitro Pro v11.0.4 to Nitro Pro v11.0.5).

Premium support means prioritized ticketed support with 2 hour first response time.

Products With respect to the Policy, products include Nitro Pro, Nitro Reader, Nitro PDF Express and PrimoPDF.

Software Assurance means Software Assurance or SA (previously known as the Nitro SAP - Software Assurance Program). This gives the user all major upgrades and minor updates, unlimited access to Premium Support for a period of 12 months from the purchase date.

Software Sunset Policy ('The Policy')

Important The following should be viewed as guidelines, rather than strict rules.

Unless specified to the contrary, Nitro will provide critical and minor updates for the current release, until such time as a new major upgrade is released.

Unless specified to the contrary, Nitro will only provide critical updates for the previous release, until such time as a new major upgrade is released. Nitro, at its discretion, may also provide a major upgrade to the current release, instead of a critical update to a previous release, to provide a critical update.

Unless specified to the contrary, Nitro will not provide any updates, upgrades or releases (major or minor, critical or otherwise) for discontinued products.

Minor updates and critical updates will be supplied, regardless of a customer's software assurance status.

Transitioning between release phases

When a new major upgrade is released to market:

  • It becomes the current release;
  • The existing current release becomes the previous release; and
  • The previous release becomes a discontinued release.

Nitro's rights under the policy

Nitro reserves the right to alter, append or repeal part or all of the Policy at any time. Nitro reserves the right to make exceptions to the Policy on a case-by-case basis.

Current Product Status

Nitro Pro

Version Release Date Status
Nitro Pro 11 23-November-2016 Current
Nitro Pro 10 09-June-2015 Previous
Nitro Pro 9 30-Sep-2013 Discontinued
Nitro Pro 8 12-Sep-2012 Discontinued
Nitro Pro 7 02-Nov-2011 Discontinued
Nitro Pro 6 15-Jun-2009 Discontinued
Nitro Pro 5 01-Mar-2007 Discontinued
Nitro PDF Professional 06-May-2005 Discontinued

Nitro Reader

Version Release Date Status
Nitro Reader 5 9-Mar-2016 Discontinued
Nitro Reader 3 10-Oct-2012 Discontinued
Nitro Reader 2 21-Jun-2011 Discontinued
Nitro Reader 1 25-May-2010 Discontinued

Nitro PDF Express

Version Release Date Status
Nitro Express 2 21-Dec-2009 Discontinued
Nitro Express 1 01-Jun-2007 Discontinued

Primo PDF

Version Release Date Status
Primo PDF 5 N/A Discontinued

Nitro Security Overview

Nitro’s commitment to data security is one of our core values, and our philosophy is simple: We protect your data as carefully as we would want anyone to protect our own. Our success as a company depends on earning and maintaining your trust by ensuring your information is always safe. Every day, we protect the data of more than 600,000 businesses, including IBM, Pfizer, Swiss Re, Continental, and Colliers International. Over half of the Fortune 500 trust Nitro. You can too.


Our team

Security is part of Nitro’s DNA. Our team consists of industry veterans with deep backgrounds related to security-sensitive industries, such as finance and government agencies. We believe experience matters when it comes to security, but we’re also working to improve our practices and understand new risks and trends in data security. We take this approach with all of our business processes across the organization, including internal policies, our Software Development Lifecycle (SDLC), and platform operations.


Secure by design

We follow industry best practices to transfer, process, and store customer data.

All Cloud-enabled features make use of state-of-the-art computing facilities that satisfy industry standards such as PCI DSS, HIPAA, SSAE 16, and SOC.

Nitro protects documents in motion and at rest with digital audit trails and SSL AES encryption. Through extensive logging and instrumentation, we monitor our production environment in order to audit security, availability, access, and other metrics for our services. We use a combination of automated tools and manual inspection to ensure constant oversight of security events.

We use Amazon Web Services (AWS) for much of our cloud infrastructure. AWS has extensive documentation regarding their security practices on their website. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations. The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.


Third-party security audits

We hire external experts to perform regular security audits of Nitro. These rigorous assessments ensure not only that our practices are up to date with current standards, but also that we’ve tested Nitro against the latest vulnerabilities identified by security professionals. Our customers may perform audits too, which we invite and facilitate.


Confidentiality

We go to great lengths to make sure no one sees or processes your data unless they’re authorized to do so, and exceptions are strictly limited. All employees are subject to background checks, and access to production servers is limited to engineers who directly need to work with our production systems. We build our machine learning tools so that employees aren’t exposed to customer data while working on production issues. The only exceptions to this rule are when Nitro employees are investigating active security events or system outages whose resolution requires viewing the critical section of data. Nitro’s CEO or VP of Engineering must approve these exceptions.


Nitro Pro minimizes security risk

Nitro Pro uses a proprietary code base and fully owned intellectual property that minimizes the surface area for exfiltration. We have written the code base to be insusceptible against threat vectors designed to penetrate Adobe Acrobat and other PDF applications. We don’t support sources of risk such as Adobe Flash and other Adobe plugins, and we use a constrained subset of Javascript within Nitro Pro.


More information

Customer support is a top priority. All enterprise customers have a dedicated customer success manager, and we staff 24-hour worldwide coverage on business days for premium support tickets submitted via our support site.

We invite your questions and concerns about data security and privacy. We welcome the opportunity to partner with you to ensure that Nitro meets your company’s workflow and security needs. Please contact us at info@gonitro.com.

For more about personally identifiable information (PII) and privacy in general, please read our privacy policy.


Report a vulnerability

If you find a security vulnerability related to Nitro, we want to know ASAP. Please contact us at security@gonitro.com.

 

Get support

Ask the community

Share feedback, advice, and suggestions with hundreds of thousands of other Nitro customers.

Enter the Forum

Knowledge Base

Find immediate answers to feature and product questions, FAQs, and more.

Go to the Base