Dompdf 2.0.3
This release addresses the following vulnerability:
Vulnerability | References | Type | Severity |
---|---|---|---|
URI validation failure on SVG parsing | [GHSA-56gj-mvh6-rp75][GHSA-56gj-mvh6-rp75], CVE-2023-24813 | Remote Code Execution | Critical |
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.3 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Additionally, the following are recommended for optimal use:
- GD (for image processing)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-3.zip" for the packaged release.