Dompdf 1.2.1
This release has been superseded by version 1.2.2
Change highlights since 1.2.0
This release addresses the following announced vulnerability:
| Vulnerability | References | Type | Severity |
|---|---|---|---|
| Remote Code Execution via remote font installation | Positive Security, #2598 | Remote Code Execution | Critical |
Bugs addressed:
- Infinite recursion when generated content spans more than one line
- Errors or display corruption caused during CSS parsing of inherited properties, border style, and list style
- Empty table handling exceptions
Improvements:
- HTTP context can now be set through the Options class
1.2.x highlights
- Addresses PHP 8.1 compatibility issues
- Improves table parsing and layout
- Adds callback function support to Canvas::page_script
- Fixes issues with metadata in protected PDFs
The list of addressed issues can be found in the 1.2.1 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 1.2.1 requires the following:
- PHP 7.1 or greater
- MBString
- php-font-lib v0.5.x
- php-svg-lib v0.3.x
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
- GD (for image processing)
allow_url_fopenset to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.