PHPOffice/PhpSpreadsheet 2.4.6

on GitHub

Security Note

• File::prohibitWrappers and Drawing::setPath now reject phar paths with extra leading slashes (e.g. phar:///…) that escaped the prior parse_url-based filter. No security exploit was possible even with the extra slashes. Backport of PR #4876

Fixed

• Third-party security patches.
• Php 8.6 deprecation in Mpdf. Backport of PR #4878
• Ability to reuse disconnected spreadsheet. Backport of PR #4880