Dompdf 0.6.2

348 views
Skip to first unread message

BrianS

unread,
Dec 11, 2015, 5:04:32 PM12/11/15
to dom...@googlegroups.com

The Dompdf team is happy to announce the availability of Dompdf 0.6.2. This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new document and take appropriate measures to protect your systems.

We urge all users to upgrade to this release if you are using dompdf 0.6.1 or earlier.

Change Summary for 0.6.2

This update addresses the following announced vulnerabilities:

  • Remote Code Execution
  • Denial of Service Vector
  • Information Disclosure
  • Arbitrary file read in dompdf using PHP stream filters
  • PHP remote file inclusion vulnerability in dompdf.php


Change Summary for 0.6.1


Change Summary for 0.6.0

  • Fonts: Full Unicode support (with embedded fonts); DejaVu fonts pre-installed; php-font-lib now provides font handling and sub-setting
  • CSS: float support, border radius, transparency, `@page`, `@font-face`, generated content, fixed-positioning, transformations
  • HTML: HTML5 Parser cleans your HTML syntax
  • Images: Expanded image handling (including alpha transparency); added support for Data-URI image sources
  • Performance improvements
  • The project is now hosted on GitHub (the Google Code project is being temporarily maintained).



You can find the full release notes and packaged download at https://github.com/dompdf/dompdf/releases/tag/v0.6.2

Please post any questions, comments, or suggestions to this group. Issues can be posted to the issue tracker.

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages