« Changelog History


Dompdf v0.6.2 Release Notes

Release Date: 2015-12-11 // over 8 years ago

  • 🚀 This release is superseded by version 0.7.0

    🚀 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new document and take appropriate measures to protect your systems.

    🚀 We urge all users to upgrade to this release if you are using dompdf 0.6.1 or earlier.

    🔄 Change Summary for 0.6.2

    ⚡️ This update addresses the following announced vulnerabilities:

    Vulnerability Reference Type Severity
    🚑 Remote Code Execution (complement of CVE-2014-2383) CVE-2014-5013 Remote Code Execution
    Denial Of Service Vector CVE-2014-5012 Information Disclosure Medium
    Information Disclosure CVE-2014-5011 Information Disclosure Medium
    Arbitrary file read in dompdf using PHP stream filters CVE-2014-2383 Information Disclosure Medium

    🔄 Change Summary for 0.6.1

    • Removed pre-processing of PHP code when DOMPDF_ENABLE_PHP is true (this does not affect embedded script).
    • 🚀 Prior to this release dompdf was vulnerable to an information disclosure vulnerability. Thanks to Portcullis Computer Security Ltd. for reporting the issue. See the security advisory for additional details: Arbitrary file read in dompdf.

    ⚡️ This update addresses the following announced vulnerabilities:

    Vulnerability Reference Type Severity
    Arbitrary file read in dompdf using PHP stream filters CVE-2014-2383 Information Disclosure Medium
    🚑 PHP remote file inclusion vulnerability in dompdf.php CVE-2010-4879 Remote File Inclusion

    🔄 Change Summary for 0.6.0

    • 👍 Fonts: Full Unicode support (with embedded fonts); DejaVu fonts pre-installed; php-font-lib now provides font handling and sub-setting
    • 🛠 CSS: float support, border radius, transparency, @page, @font-face, generated content, fixed-positioning, transformations
    • 📜 HTML: HTML5 Parser cleans your HTML syntax
    • 👍 Images: Expanded image handling (including alpha transparency); added support for Data-URI image sources
    • 🐎 Performance improvements
    • The project is now hosted on GitHub (the Google Code project is being temporarily maintained).

    Download Instructions

    🚀 Click the link labeled "dompdf-0.6.2.zip" to download the packaged release. The two buttons labeled "Source code" are auto-generated by github and do not include all the necessary files.