Dompdf v0.6.2 Release Notes
Release Date: 2015-12-11 // over 8 years ago-
🚀 This release is superseded by version 0.7.0
🚀 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new document and take appropriate measures to protect your systems.
🚀 We urge all users to upgrade to this release if you are using dompdf 0.6.1 or earlier.
🔄 Change Summary for 0.6.2
⚡️ This update addresses the following announced vulnerabilities:
Vulnerability Reference Type Severity 🚑 Remote Code Execution (complement of CVE-2014-2383) CVE-2014-5013 Remote Code Execution Denial Of Service Vector CVE-2014-5012 Information Disclosure Medium Information Disclosure CVE-2014-5011 Information Disclosure Medium Arbitrary file read in dompdf using PHP stream filters CVE-2014-2383 Information Disclosure Medium 🔄 Change Summary for 0.6.1
- Removed pre-processing of PHP code when DOMPDF_ENABLE_PHP is true (this does not affect embedded script).
- 🚀 Prior to this release dompdf was vulnerable to an information disclosure vulnerability. Thanks to Portcullis Computer Security Ltd. for reporting the issue. See the security advisory for additional details: Arbitrary file read in dompdf.
⚡️ This update addresses the following announced vulnerabilities:
Vulnerability Reference Type Severity Arbitrary file read in dompdf using PHP stream filters CVE-2014-2383 Information Disclosure Medium 🚑 PHP remote file inclusion vulnerability in dompdf.php CVE-2010-4879 Remote File Inclusion 🔄 Change Summary for 0.6.0
- 👍 Fonts: Full Unicode support (with embedded fonts); DejaVu fonts pre-installed; php-font-lib now provides font handling and sub-setting
- 🛠 CSS: float support, border radius, transparency,
@page
,@font-face
, generated content, fixed-positioning, transformations - 📜 HTML: HTML5 Parser cleans your HTML syntax
- 👍 Images: Expanded image handling (including alpha transparency); added support for Data-URI image sources
- 🐎 Performance improvements
- The project is now hosted on GitHub (the Google Code project is being temporarily maintained).
Download Instructions
🚀 Click the link labeled "dompdf-0.6.2.zip" to download the packaged release. The two buttons labeled "Source code" are auto-generated by github and do not include all the necessary files.