Nitro Product Information

Everything you need to know about Nitro Products - from product updates and downloads, to user guides and release notes.

 

Product Updates

Nitro regularly releases updated products with new features, enhancements, and bug fixes. Minor updates (from version 11.1 to 11.2, for example) are available free of charge for users with a valid license.


Nitro Pro 11

Latest Version:  11.0.7.411
Release date:  November 17, 2017
Release Notes »


Nitro Pro 10

Latest Version:  10.5.9.14
Release date:  August 25, 2017
Release Notes »

Security Updates for Nitro Pro

Security Update Published 11/17/2017

Originally published: 11/17/2017

Last updated: 11/17/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.3.173 and prior
10.0.5.8.44 and prior
A vulnerability exists in the Doc.SaveAs function which
could be exploited by a specially crafted PDF file,
potentially leading to a File Write taking place outside
of the intended path.
CVE-2017-7442
11.0.3.173 and prior
10.0.5.8.44 and prior
A vulnerability exists in the Doc.SaveAs function which
ecould be exploited by a specially crafted PDF file,
potentially leading to a URL launch taking place in
conjunction with a Security Alert.
CVE-2017-7442

Solution

Nitro recommends Personal (individual) users update their software to the latest version below. Business customers may contact their Nitro Account Manager for access to any security updates and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.7.411 Please update to the latest version of Nitro Pro 11 available here
10 Nitro is unable to fix this vulnerability in Nitro Pro 10. Please upgrade to the latest version of Nitro Pro 11 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Security Update Published 9/27/2017

Originally published: 9/27/2017

Last updated: 9/27/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.5.271 and prior
10.5.9.14 and prior
A memory write vulnerability that could potentially be
exploited when opening a specially crafted PDF file, with
a specific Count field, leading to memory corruption and
a crash.
CVE Pending
11.0.5.271 and prior A use-after-free vulnerability exists that could potentially
be exploited when opening a specially crafted PDF file
containing a malformed JPEG2000 image, leading to
memory corruption and a crash.
CVE Pending

Solution

Nitro recommends Personal (individual) users update their software to the latest version below. Business customers may contact their Nitro Account Manager for access to any security updates and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.6.326 Please update to the latest version of Nitro Pro 11 available here
10 Nitro is unable to fix this vulnerability in Nitro Pro 10. Please upgrade to the latest version of Nitro Pro 11 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Security Update Published 7/21/2017

Originally published: 7/21/2017

Last updated: 8/25/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.3.173 and prior
10.5.9.14 and prior
An out of bound memory write vulnerability that could
potentially be exploited when opening a specially crafted
PDF file, leading to memory corruption and a crash.
CVE-2017-2796
11.0.3.173 and prior
10.5.9.14 and prior
A heap overflow vulnerability that could potentially be
exploited when opening a specially crafted PCX image
file, resulting in memory corruption and a crash.
CVE-2017-7950

Solution

Nitro recommends Personal (individual) users update their software to the latest version, which includes fixes for these vulnerabilities. Business customers may contact their Nitro Account Manager for access to the latest version and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.6.326+ Please update to the latest version of Nitro Pro 11 available here
10 Nitro is unable to fix this vulnerability in Nitro Pro 10. Please upgrade to the latest version of Nitro Pro 11 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Security Update Published 2/3/2017

Originally published: 2/3/2017

Last updated: 8/25/2017

Update

Nitro has released a new version of Nitro Pro, which resolves potential security vulnerabilities.

Affected Versions Vulnerability CVE
11.0.3.134 and prior
10.5.9.9 and prior
A specially crafted PDF file can potentially cause
memory corruption leading to a crash.
CVE-2016-8709
CVE-2016-8713
11.0.3.134 and prior
10.5.9.9 and prior
A potential remote code execution vulnerability in the
PDF parsing functionality of Nitro Pro.
CVE-2016-8711

Solution

Nitro recommends Personal (individual) users update their software to the latest version, which includes fixes for these vulnerabilities. Business customers may contact their Nitro Account Manager for access to the latest version and deployment instructions. Enterprise customers with a dedicated Customer Success Manager will receive details of updated releases that address the issues.

Updated Version Availability
11.0.3.173+ Please update to the latest version of Nitro Pro 11 available here
10.5.9.14+ Please update to the latest version of Nitro Pro 10 available here

For more information, please contact the Nitro Security Team at security@gonitro.com


Nitro Security Vulnerability Policy & Process

Nitro’s commitment to the security of its products and services is a core value. Through proactive security design and testing, Nitro is proud to have required few historical security updates. Central to this philosophy is how Nitro manages security vulnerabilities, including those reported to Nitro by third parties.

Reporting a Vulerability

All Nitro security vulnerabilities should be reported via email to the Nitro Security Team at security@gonitro.com. Please provide the version/build affected, concise steps to reproduce the vulnerability that are easily understood, and include a proof-of-concept file. While Nitro appreciates reported bugs and vulnerabilities, Nitro does not provide rewards or acknowledgements for bug or security vulnerability submissions.

Nitro Security Vulnerability Process:

(1) Nitro will acknowledge and assess any vulnerability reported according to the instructions above, typically within 7 days.

(2) When a vulnerability is confirmed, Nitro will conduct risk analysis using the Common Vulnerability Scoring System (CVSS v3) and determine the most appropriate response for Nitro customers.

  • Critical security updates: Issues within the software that, if not addressed, pose a high risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers. Nitro will resolve critical security updates by providing a critical update to the current and previous released software version, or a major upgrade to the current and/or previous release.

  • Non-critical Security updates: Issues within the software that, if not addressed, pose a low to moderate risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers. Nitro will resolve non-critical security updates by providing a minor update or major upgrade to the current release.

(3) Nitro will design, implement & test any security updates, and make them available to customers on supported software versions; typically within 90 days.

(4) Nitro will publicly disclose all critical security vulnerabilities, affected versions, and relevant details of any updated releases that address the issues, on this Security Updates page.

For more information, please contact the Nitro Security Team at security@gonitro.com

Nitro System Requirements & Deployment Options

Nitro supports most common deployment methods and system requirements, making it fast and easy to deploy, maintain and update across large enterprises.


Deployment

Client-side deployment (push installations)

  • Industry standard deployment tools. Install and manage our software using Microsoft Active Directory (AD), System Center Configuration Manager (SCCM), or other deployment managers that support Microsoft Installer (MSI) files.
  • Command line installation for silent, automated activation of serial numbers.
  • Nitro Pro also works with roaming profiles so users can access their own preferences from whatever computers they access on networks running AD.

Server-Side Deployment

  • PDF for Citrix and Terminal Server Software
  • Nitro products support server-based hosting, allowing you to run and manage Nitro from one central location with:
    • Remote Desktop Services
    • Terminal Services
    • Citrix XenApp (Published Desktop/Application)

System Requirements

Nitro Pro Desktop System Requirements

  • Desktops: Windows 10, 8, and 7 (64 bit)
  • Servers: Microsoft Windows Server 2008 R2, 2012, and 2012 R2 (64 bit)
  • Processor: 1.5 GHz or faster
  • RAM: 1GB
  • Available Hard Disk Space: 4.5GB
  • Display screen resolution: 1024x768
  • Microsoft Office Integrated Features: MS Office 2013 (32bit or 64bit), 2016 (32bit or 64bit)
  • Video hardware acceleration (optional)

Nitro Cloud Browser Requirements (in addition to desktop requirements above)

  • Microsoft Windows 10, 8 or 7 using Internet Explorer 11, Firefox, or Chrome
  • Mac OS X v10.9 or later using Safari 9 or later, Firefox, or Chrome
  • Mobile browsers:
    • iPad Tablets: Chrome and Safari (down to 768px or 7” equivalent to iPad portrait)
    • Android Tablets: Chrome (down to 768px or 7”)
    • Other tablets and smartphones: Receiving, viewing and e-signing documents are supported on all devices and all browsers.

Multi-Language Support:

  • The Nitro Pro desktop app is available in the following languages:
    • English
    • German
    • Spanish
    • French
    • Italian
    • Dutch
  • The Nitro Cloud browser app is available in English only.

Software Sunset Policy

Scope of Policy

The Software Sunset Policy ('the Policy') applies to the following products: Nitro Pro.

The following products are discontinued and do not fall under the scope of the Policy: Nitro Reader, Nitro PDF Express, PrimoPDF.

Definitions

Critical updates are a subset of minor updates and are aimed at resolving the following product issues:

  • Critical security updates: Issues within the software that, if not addressed, pose a high risk and probability of unauthorized access, alteration or destruction of information on a user's computer or connected computers.
  • Critical software issues: Issue renders the software completely inoperable and affects all users.
  • Major software issues: Issue materially impairs a major software feature, with no reasonable work-around available.

Current release means the latest major upgrade in the market.

Previous release means the major upgrade immediately preceding the current release.

Discontinued release means the major upgrades older than the previous release, or products/versions that have been otherwise sunset and are no longer supported.

Major upgrade means products released to market where the first number of a version increases (eg Nitro Pro v10 to Nitro Pro v11).

Minor update means products released to market where any secondary number of a version increases (eg Nitro Pro v11.0.4 to Nitro Pro v11.0.5).

Premium support means prioritized ticketed support with 2 hour first response time.

Products With respect to the Policy, products include Nitro Pro, Nitro Reader, Nitro PDF Express and PrimoPDF.

Software Assurance means Software Assurance or SA (previously known as the Nitro SAP - Software Assurance Program). This gives the user all major upgrades and minor updates, unlimited access to Premium Support for a period of 12 months from the purchase date.

Software Sunset Policy ('The Policy')

Important The following should be viewed as guidelines, rather than strict rules.

Unless specified to the contrary, Nitro will provide critical and minor updates for the current release, until such time as a new major upgrade is released.

Unless specified to the contrary, Nitro will only provide critical updates for the previous release, until such time as a new major upgrade is released. Nitro, at its discretion, may also provide a major upgrade to the current release, instead of a critical update to a previous release, to provide a critical update.

Unless specified to the contrary, Nitro will not provide any updates, upgrades or releases (major or minor, critical or otherwise) for discontinued products.

Minor updates and critical updates will be supplied, regardless of a customer's software assurance status.

Transitioning between release phases

When a new major upgrade is released to market:

  • It becomes the current release;
  • The existing current release becomes the previous release; and
  • The previous release becomes a discontinued release.

Nitro's rights under the policy

Nitro reserves the right to alter, append or repeal part or all of the Policy at any time. Nitro reserves the right to make exceptions to the Policy on a case-by-case basis.

Current Product Status

Nitro Pro

Version Release Date Status
Nitro Pro 11 23-November-2016 Current
Nitro Pro 10 09-June-2015 Previous
Nitro Pro 9 30-Sep-2013 Discontinued
Nitro Pro 8 12-Sep-2012 Discontinued
Nitro Pro 7 02-Nov-2011 Discontinued
Nitro Pro 6 15-Jun-2009 Discontinued
Nitro Pro 5 01-Mar-2007 Discontinued
Nitro PDF Professional 06-May-2005 Discontinued

Nitro Reader

Version Release Date Status
Nitro Reader 5 9-Mar-2016 Discontinued
Nitro Reader 3 10-Oct-2012 Discontinued
Nitro Reader 2 21-Jun-2011 Discontinued
Nitro Reader 1 25-May-2010 Discontinued

Nitro PDF Express

Version Release Date Status
Nitro Express 2 21-Dec-2009 Discontinued
Nitro Express 1 01-Jun-2007 Discontinued

Primo PDF

Version Release Date Status
Primo PDF 5 N/A Discontinued

Nitro Security Overview

Nitro’s commitment to data security is one of our core values, and our philosophy is simple: We protect your data as carefully as we would want anyone to protect our own. Our success as a company depends on earning and maintaining your trust by ensuring your information is always safe. Every day, we protect the data of more than 600,000 businesses, including IBM, Pfizer, Swiss Re, Continental, and Colliers International. Over half of the Fortune 500 trust Nitro. You can too.


Our team

Security is part of Nitro’s DNA. Our team consists of industry veterans with deep backgrounds related to security-sensitive industries, such as finance and government agencies. We believe experience matters when it comes to security, but we’re also working to improve our practices and understand new risks and trends in data security. We take this approach with all of our business processes across the organization, including internal policies, our Software Development Lifecycle (SDLC), and platform operations.


Secure by design

We follow industry best practices to transfer, process, and store customer data.

All Cloud-enabled features make use of state-of-the-art computing facilities that satisfy industry standards such as PCI DSS, HIPAA, SSAE 16, and SOC.

Nitro protects documents in motion and at rest with digital audit trails and SSL AES encryption. Through extensive logging and instrumentation, we monitor our production environment in order to audit security, availability, access, and other metrics for our services. We use a combination of automated tools and manual inspection to ensure constant oversight of security events.

We use Amazon Web Services (AWS) for much of our cloud infrastructure. AWS has extensive documentation regarding their security practices on their website. AWS employs cutting-edge data security measures, as well as physical access restrictions at server locations. The list of AWS certifications, including ISO 27001 and SOC reports 1, 2, and 3, is available here.


Third-party security audits

We hire external experts to perform regular security audits of Nitro. These rigorous assessments ensure not only that our practices are up to date with current standards, but also that we’ve tested Nitro against the latest vulnerabilities identified by security professionals. Our customers may perform audits too, which we invite and facilitate.


Confidentiality

We go to great lengths to make sure no one sees or processes your data unless they’re authorized to do so, and exceptions are strictly limited. All employees are subject to background checks, and access to production servers is limited to engineers who directly need to work with our production systems. We build our machine learning tools so that employees aren’t exposed to customer data while working on production issues. The only exceptions to this rule are when Nitro employees are investigating active security events or system outages whose resolution requires viewing the critical section of data. Nitro’s CEO or VP of Engineering must approve these exceptions.


Nitro Pro minimizes security risk

Nitro Pro uses a proprietary code base and fully owned intellectual property that minimizes the surface area for exfiltration. We have written the code base to be insusceptible against threat vectors designed to penetrate Adobe Acrobat and other PDF applications. We don’t support sources of risk such as Adobe Flash and other Adobe plugins, and we use a constrained subset of Javascript within Nitro Pro.


More information

Customer support is a top priority. All enterprise customers have a dedicated customer success manager, and we staff 24-hour worldwide coverage on business days for premium support tickets submitted via our support site.

We invite your questions and concerns about data security and privacy. We welcome the opportunity to partner with you to ensure that Nitro meets your company’s workflow and security needs. Please contact us at info@gonitro.com.

For more about personally identifiable information (PII) and privacy in general, please read our privacy policy.


Report a vulnerability

If you find a security vulnerability related to Nitro, we want to know ASAP. Please contact us at security@gonitro.com.

 

Get support

Ask the community

Share feedback, advice, and suggestions with hundreds of thousands of other Nitro customers.

Enter the Forum

Knowledge Base

Find immediate answers to feature and product questions, FAQs, and more.

Go to the Base