Question
Embedded PDF binary metadata (XMP/DocumentInfo) persists after download despite removing all AEM-managed metadata
A third-party penetration test flagged that PDF files downloaded from our AEM publish instance contain embedded metadata revealing software version information (e.g., Adobe InDesign 19.5, Adobe PDF Library 17.0, Adobe XMP Core 9.1). The security team requires this metadata to be stripped before the file is served to end users.
We are requesting Adobe's official confirmation that AEM as a Cloud Service does not modify or strip metadata embedded within the binary content of uploaded DAM assets, and guidance on the recommended approach.