Link

Security Considerations

In terms of security, JDeli can be separated into three distinct areas:

  1. How JDeli is developed and tested
  2. Image Processing (Java)
  3. Converted Images

How IDRsolutions develops and ensures its code is safe

General coding principles

All code is written in-house by IDRsolutions full-time staff and stored on our private repositories. Every code change is peer-reviewed by at least two other developers. Every code change is also tested for performance, regression, security and code security using SonarQube and a barrage of unit tests.

AI usage

We regard AI as a useful tool that can help our developers to write better code (similar to how we might also use Stack Overflow, AI code hints, etc). Just like how we would not simply copy and paste code we found on a website, every piece of code in our codebase is developed by us, reviewed by us, and, most importantly, is fully understood by us.

Handling of vulnerabilities

Our strategy is to

  • Produce a patched version ASAP
  • Notify all customers privately and advise them to update to latest version
  • Publicly acknowledge and confirm fixed in next general release (having confirmed all our customers do not have issues with this). This happened with a potential XXE vulnerability with our JPedal product in 2018 see release note.

Image Processing

JDeli is a Java application, and all processing occurs within the Java Virtual Machine (JVM). Besides Java, there are no other system dependencies required. JDeli also does not make use of any third-party Java dependencies.

The image decoders do not run any arbitrary code stored within image files, nor do they make any network calls (except for the trial, which tracks trial usage).

JDeli avoids common vulnerabilities associated with image processing, such as buffer overflows or malformed file exploits. JDeli is built with robust input validation and error handling to prevent these issues.

Converted Images

Image files produced by JDeli will not contain any embedded code or arbitrary content and can be regarded as safe and non-executable. Output images are compatible with standard viewers and editors across operating systems, and do not rely on platform-specific behaviors that could introduce security risks.

In the event of a security vulnerability being discovered in JDeli we would aim to notify customers privately and provide opportunity for remediation before disclosing the vulnerability publicly.

If you discover a vulnerability in our software then you can disclose this to us by contacting us.

More resources

Discord icon

Developer Discord

Connect with our developers on Discord to ask technical questions and get answers quickly.
video call icon

Zoom Call

Schedule a call to find out more about JDeli and discuss how it can help with your project.
ticket icon

Create Ticket

Submit a bug report or open a ticket to ask a question.
question icon

JDeli Licensing

Find out more about JDeli licensing options and start a free trial today.

Why JDeli?

  • Support image formats such as AVIF, HEIC and JPEG XL (AVIF soon) that are not supported in Java.
  • Process images up to 3x faster than ImageIO and alternative Java image libraries.
  • Prevent JVM crashes caused by native code in other image libraries such as ImageIO.
  • Handle JPEG, PNG, TIFF image file formats fully in Java.
  • Keep your Image files secure as JDeli makes no calls to any external system or third party library.

Learn more about JDeli

Start Your Free Trial


Already have a JDeli license?

Customer Downloads

Select Download
Don't have a license yet?