Skip to content

Dompdf 2.0.0
Compare
Choose a tag to compare
@bsweeney bsweeney released this 23 Jun 13:55
· 172 commits to master since this release
v2.0.0
79573d8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release has been superseded by version 2.0.1

Change highlights since 1.2.x

  • Addresses multiple security vulnerabilities (see below)
  • Modifies callback and page_script/page_text handling (breaking change, see below)
  • Switches the HTML5 parser to Masterminds/HTML5
  • Improves CSS property parsing and representation
  • Improves border, outline, and background rendering for inline elements
  • Switches installed fonts and font metrics cache file format to JSON
  • Adds support for the inset CSS shorthand property and the legacy break-word keyword for word-break
  • Adds "end_document" callback event

The full list of addressed issues can be found in the release milestone. View all changes since the previous release in the commit history.

This release addresses the following announced vulnerabilities:

Vulnerability References Type Severity
Improper Restriction of XML External Entity Reference #2564, CVE-2021-3902, huntr.dev Information Disclosure; Remote Code Execution Critical
Deserialization of Untrusted Data #2564, CVE-2021-3838, huntr.dev Remote Code Execution Critical
External Control of File Name or Path #2564, CVE-2022-2400, huntr.dev Information Disclosure Medium
Server-Side Request Forgery #2564, CVE-2022-0085, huntr.dev SSRF Medium

Breaking Changes

  • Callback signature change: callbacks should now accept three individual arguments (Frame, Canvas, FontMetrics)
  • Canvas::page_* methods are executed immediately rather than during output generation and should be called after rendering the document
  • Cpdf::polygon method signature changed, no longer accepts the number of points
  • See the migration guide for details

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.0 requires the following:

  • PHP 7.1 or greater
  • MBString
  • php-font-lib
  • php-svg-lib

Additionally, the following are recommended for optimal use:

  • GD (for image processing)
  • allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

Assets 3