Nitro Product Information

Everything you need to know about Nitro Products - from product updates and downloads, to user guides and release notes.

 

Product Updates

Nitro regularly releases updated products with new features, enhancements, and bug fixes. Minor updates (from version 11.1 to 11.2, for example) are available free of charge for users with a valid license.


Latest Nitro Pro 11

Version:  11.0.5.271
Release date:  July 21, 2017
Release Notes »


Previous Versions

Version Release Date Latest Download
Nitro Pro 10 August 5, 2016 32-bit 64-bit

Security updates available for Nitro Pro

Nitro Pro 10 Release date: February 3, 2017
Nitro Pro 11.0.5 Release date: July 21st, 2017
Last Updated: July 21st, 2017
Platform: Windows
Summary: Nitro has released an update for Nitro Pro 11, which addresses potential security vulnerabilities.

Specifically, this update resolves a heap overflow condition that could lead to a Nitro Pro crash when opening a specially crafted PCX image file. (CVE-2017-7950).

This update also resolves an out of bound memory write condition that could lead to potential memory corruption when opening a specially crafted PDF file. (CVE-2017-2796 / TALOS-2017-0289)

Affected Versions

Product Affected Versions Platform
Nitro Pro 11.0.3 and prior releases Windows

Solution

Nitro has released an update for Nitro Pro 11. Nitro recommends updating to the latest version using the installers below:

Nitro Pro 11

32 bit 64 bit

Vulnerability Details

For more information on the potential vulnerabilities please visit:
Vulnerability Summary for CVE-2016-8709
Vulnerability Summary for CVE-2016-8711
Vulnerability Summary for CVE-2016-8713

For more information, please contact the Nitro Security Team at security@gonitro.com


Nitro Security Vulnerability Policy & Process:

Nitro’s commitment to the security of its products and services is a core value. Through proactive security design and testing, Nitro is proud to have required few historical security updates. Central to this philosophy is how Nitro manages Security Vulnerabilities, especially those reported to us by Third Party Security Researchers.

Nitro Security Vulnerability Process:

(1) Nitro will acknowledge and assess any vulnerabilities reported by a third party, typically within 7 days.

(2) When a vulnerability is confirmed, Nitro will conduct risk analysis using the Common Vulnerability Scoring System (CVSS v3) and determine the most appropriate response for our customers.

  • Critical security updates: Issues within the software that, if not addressed, pose a high risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers. Nitro will resolve critical security updates by providing a critical update to the current and previous released software version, or a major upgrade to the current release.

  • Non-critical Security updates: Issues within the software that, if not addressed, pose a low to moderate risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers. Nitro will resolve non-critical security updates by providing a minor update or major upgrade to the current release.

(3) Nitro will design, implement & test any security updates, and make them available to customers on supported software versions; typically within 90 days.

(4) Nitro will publicly disclose all critical security vulnerabilities, affected versions, and relevant details of any patched releases.

  • Nitro Personal (individual) users may access any Security updates on this page.

  • Nitro Business customers may contact their Nitro Account Manager for access to the security fix and deployment instructions.

  • Nitro Enterprise customers with a dedicated Customer Success Manager will receive notice and fix deployment instructions.

Reporting a vulnerability: All Nitro security vulnerabilities should be reported via email to the Nitro Security Team at security@gonitro.com. Please provide concise steps to reproduce that are easily understood, and include a proof-of-concept file. Nitro does not provide rewards for bug or security vulnerability submissions.

Nitro System Requirements & Deployment Options

Nitro supports most common deployment methods and system requirements, making it fast and easy to deploy, maintain and update across large enterprises.


Deployment

Client-side deployment (push installations)

  • Industry standard deployment tools. Install and manage our software using Microsoft Active Directory (AD), System Center Configuration Manager (SCCM), or other deployment managers that support Microsoft Installer (MSI) files.
  • Command line installation for silent, automated activation of serial numbers.
  • Nitro Pro also works with roaming profiles so users can access their own preferences from whatever computers they access on networks running AD.

Server-Side Deployment

  • PDF for Citrix and Terminal Server Software
  • Nitro products support server-based hosting, allowing you to run and manage Nitro from one central location with:
    • Remote Desktop Services
    • Terminal Services
    • Citrix XenApp (Published Desktop/Application)

System Requirements

Nitro Pro Desktop System Requirements

  • Desktops: Windows 10, 8, and 7 (64 bit)
  • Servers: Microsoft Windows Server 2008 R2, 2012, and 2012 R2 (64 bit)
  • Processor: 1.5 GHz or faster
  • RAM: 1GB
  • Available Hard Disk Space: 4.5GB
  • Display screen resolution: 1024x768
  • Microsoft Office Integrated Features: MS Office 2013 (32bit or 64bit), 2016 (32bit or 64bit)
  • Video hardware acceleration (optional)

Nitro Cloud Browser Requirements (in addition to desktop requirements above)

  • Microsoft Windows 10, 8 or 7 using Internet Explorer 11, Firefox, or Chrome
  • Mac OS X v10.9 or later using Safari 9 or later, Firefox, or Chrome
  • Mobile browsers:
    • iPad Tablets: Chrome and Safari (down to 768px or 7” equivalent to iPad portrait)
    • Android Tablets: Chrome (down to 768px or 7”)
    • Other tablets and smartphones: Receiving, viewing and e-signing documents are supported on all devices and all browsers.

Multi-Language Support:

  • The Nitro Pro desktop app is available in the following languages:
    • English
    • German
    • Spanish
    • French
    • Italian
    • Dutch
  • The Nitro Cloud browser app is available in English only.

Software Sunset Policy

Scope of Policy

1.1. The Software Sunset Policy ('the Policy') applies to the following products:

  • Nitro Pro
  • Nitro Reader

1.2. The following products are discontinued and do not fall under the scope of the Policy:

  • Nitro PDF Express
  • PrimoPDF

1.2.1. No updates or releases (major or minor, critical or otherwise) will be supplied for discontinued products.

Definitions

Critical updates are a subset of minor updates and are aimed at resolving the following product issues:

  • Critical security updates: Issues within the software that, if not addressed, pose a high risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers.
  • Critical software issues: Issue renders the software completely inoperable and affects all users.
  • Major software issues: Issue materially impairs a major software feature, with no reasonable work-around available.

Current release means the latest major upgrade in the market.

Major upgrade means products released to market where the version major number increments (eg Nitro Pro v10 to Nitro Pro v11).

Minor update means products released to market where the version minor, build or revision numbers increments (eg Nitro Pro v11 to Nitro Pro v11.0.5). Minor updates are often used to introduce small feature improvements and critical/non-critical updates.

Premium support means prioritized ticketed support in addition to phone and live chat support within west coast business hours.

Previous release means the major upgrade immediately preceding the current release.

Prior release means the major upgrades older than the prior release.

Products With respect to the Policy, products include Nitro Pro, Nitro Reader, Nitro PDF Express and PrimoPDF.

Software Assurance means Software Assurance or SA (previously known as the Nitro SAP - Software Assurance Program). This gives the user all major upgrades and minor updates, unlimited access to Premium Support and the Nitro Customer Success and Service Team through a dedicated support phone number, for a period of 12 months from the purchase date.

Software Sunset Policy ('The Policy')

Important The following should be viewed as guidelines, rather than strict rules.

3.1. Unless specified to the contrary, Nitro will provide critical and minor updates for the current release, until such time as a new major upgrade is released.

3.2. Unless specified to the contrary, Nitro will only provide critical updates for the previous release, until such time as a new major upgrade is released. Nitro, at its discretion, may also provide a major upgrade to the current release, instead of a critical update to a previous release, to provide a critical update.

3.3. Unless specified to the contrary, Nitro will not provide any minor updates or critical updates for prior releases.

3.4. Minor updates and critical updates will be supplied, regardless of a customer's software assurance status.

Transitioning between release phases

3.5. When a new major upgrade is released to market:

  • It becomes the current release;
  • The existing current release becomes the previous release; and
  • The previous release becomes a prior release.

Current Product Status

Nitro Pro

Version Release Date Status
Nitro Pro 11 23-November-2016 Current
Nitro Pro 10 09-June-2015 Previous
Nitro Pro 9 30-Sep-2013 Discontinued
Nitro Pro 8 12-Sep-2012 Discontinued
Nitro Pro 7 02-Nov-2011 Discontinued
Nitro Pro 6 15-Jun-2009 Discontinued
Nitro Pro 5 01-Mar-2007 Discontinued
Nitro PDF Professional 06-May-2005 Discontinued

Nitro Reader

Version Release Date Status
Nitro Reader 5 9-Mar-2016 Current
Nitro Reader 3 10-Oct-2012 Discontinued
Nitro Reader 2 21-Jun-2011 Discontinued
Nitro Reader 1 25-May-2010 Discontinued

Nitro PDF Express

Version Release Date Status
Nitro Express 2 21-Dec-2009 Discontinued
Nitro Express 1 01-Jun-2007 Discontinued

Primo PDF

Version Release Date Status
Primo PDF 5 N/A Discontinued

Nitro's rights under the policy

5.1. Nitro reserves the right to alter, append or repeal part or all of the Policy at any time.

5.2. Nitro reserves the right to make exceptions to the Policy on a case-by-case basis.

Nitro Security Overview

Nitro’s commitment to data security is one of our core values, and our philosophy is simple: We protect your data as carefully as we would want anyone to protect our own. Our success as a company depends on earning and maintaining your trust by ensuring your information is always safe. Every day, we protect the data of more than 600,000 businesses, including IBM, Pfizer, Swiss Re, Continental, and Colliers International. Over half of the Fortune 500 trust Nitro. You can too.


Our team

Security is part of Nitro’s DNA. Our team consists of industry veterans with deep backgrounds related to security-sensitive industries, such as finance and government agencies. We believe experience matters when it comes to security, but we’re also working to improve our practices and understand new risks and trends in data security. We take this approach with all of our business processes across the organization, including internal policies, our Software Development Lifecycle (SDLC), and platform operations.


Secure by design

We follow industry best practices to transfer, process, and store customer data.

All Cloud-enabled features make use of state-of-the-art computing facilities that satisfy industry standards such as PCI DSS, HIPAA, SSAE 16, and SOC.

Nitro protects documents in motion and at rest with digital audit trails and SSL AES encryption. Through extensive logging and instrumentation, we monitor our production environment in order to audit security, availability, access, and other metrics for our services. We use a combination of automated tools and manual inspection to ensure constant oversight of security events.

We use Amazon Web Services (AWS) for much of our cloud infrastructure. AWS has extensive documentation regarding their security practices on their website. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations. The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.


Third-party security audits

We hire external experts to perform regular security audits of Nitro. These rigorous assessments ensure not only that our practices are up to date with current standards, but also that we’ve tested Nitro against the latest vulnerabilities identified by security professionals. Our customers may perform audits too, which we invite and facilitate.


Confidentiality

We go to great lengths to make sure no one sees or processes your data unless they’re authorized to do so, and exceptions are strictly limited. All employees are subject to background checks, and access to production servers is limited to engineers who directly need to work with our production systems. We build our machine learning tools so that employees aren’t exposed to customer data while working on production issues. The only exceptions to this rule are when Nitro employees are investigating active security events or system outages whose resolution requires viewing the critical section of data. Nitro’s CEO or VP of Engineering must approve these exceptions.


Nitro Pro minimizes security risk

Nitro Pro uses a proprietary code base and fully owned intellectual property that minimizes the surface area for exfiltration. We have written the code base to be insusceptible against threat vectors designed to penetrate Adobe Acrobat and other PDF applications. We don’t support sources of risk such as Adobe Flash and other Adobe plugins, and we use a constrained subset of Javascript within Nitro Pro.


More information

Customer support is a top priority. All enterprise customers have a dedicated customer success manager, and we staff 24/7 worldwide coverage for tickets submitted via our support site.

We invite your questions and concerns about data security and privacy. We welcome the opportunity to partner with you to ensure that Nitro meets your company’s workflow and security needs. Please contact us at info@gonitro.com.

For more about personally identifiable information (PII) and privacy in general, please read our privacy policy.


Report a vulnerability

If you find a security vulnerability related to Nitro, we want to know ASAP. Please contact us at security@gonitro.com.

 

Get support

Go to Support Forum

Share feedback, advice, and suggestions with the Nitro customer community.

Enter Forum

Request Support

Get help from our team of experts. Fill out a support ticket and we'll get back to you ASAP, usually in less than 2 hours.

Submit a Ticket