Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dompdf and security checks #7454

Closed
briand44 opened this issue Mar 8, 2024 · 1 comment · Fixed by #7471
Closed

Dompdf and security checks #7454

briand44 opened this issue Mar 8, 2024 · 1 comment · Fixed by #7471
Assignees
@joewhitsitt
Labels
dependencies Pull requests that update a dependency file small story pointing

Comments

@briand44
Copy link
Contributor

briand44 commented Mar 8, 2024
edited by joewhitsitt

Just looked at the issue queue and we may just able to update the underlying issue ourselves? dompdf/dompdf#3393 - joe

Dompdf is only vulnerable based on the SvgLib dependency

And Dompdf version constraints allow the dependency to be updated.

Proposed Solution

  • ddev composer update phenx/php-svg-lib
  • Normal dompdf admissions checks/testing
  • Enable security checks again and achieve a passing build.

Follow up

  • Update dompdf next release.
@joewhitsitt joewhitsitt added dependencies Pull requests that update a dependency file needs grooming labels Mar 8, 2024
@briand44
Copy link
Contributor Author

briand44 commented Mar 8, 2024
edited

Grooming conversation... Do we have an old issue or PR where we tested Admissions that outlines specific things to check? Sized as a small assuming if we run into major issues we could wait for the dompdf release or create separate issues to address.

@briand44 briand44 added small story pointing and removed needs grooming labels Mar 8, 2024
@joewhitsitt joewhitsitt self-assigned this Mar 15, 2024
@joewhitsitt joewhitsitt mentioned this issue Mar 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joewhitsitt joewhitsitt

Labels
dependencies Pull requests that update a dependency file small story pointing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dompdf security fix uiowa/uiowa
2 participants
@briand44 @joewhitsitt