Dompdf 2.0.1
This release has been superseded by version 2.0.2
Change highlights since 2.0.0
- Improved font-face declaration parsing and handling. External fonts are now restricted by resource access constraints.
- Improved layout of images with percentage-based dimensions
This release addresses the following vulnerabilities:
| Vulnerability | References | Type | Severity |
|---|---|---|---|
| Remote Code Execution via font installation | #2994, CVE-2022-41343, Tanto | Remote Code Execution | Critical |
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
The list of addressed issues can be found in the 2.0.1 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.1 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
- GD (for image processing)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.