dompdf/dompdf v0.6.2

DOMPDF 0.6.2

on GitHub

This release is superseded by version 0.7.0

This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new document and take appropriate measures to protect your systems.

We urge all users to upgrade to this release if you are using dompdf 0.6.1 or earlier.

Change Summary for 0.6.2

This update addresses the following announced vulnerabilities:

Change Summary for 0.6.1

• Removed pre-processing of PHP code when DOMPDF_ENABLE_PHP is true (this does not affect embedded script).
• Prior to this release dompdf was vulnerable to an information disclosure vulnerability. Thanks to Portcullis Computer Security Ltd. for reporting the issue. See the security advisory for additional details: Arbitrary file read in dompdf.

This update addresses the following announced vulnerabilities:

Change Summary for 0.6.0

• Fonts: Full Unicode support (with embedded fonts); DejaVu fonts pre-installed; php-font-lib now provides font handling and sub-setting
• CSS: float support, border radius, transparency, @page, @font-face, generated content, fixed-positioning, transformations
• HTML: HTML5 Parser cleans your HTML syntax
• Images: Expanded image handling (including alpha transparency); added support for Data-URI image sources
• Performance improvements
• The project is now hosted on GitHub (the Google Code project is being temporarily maintained).

Download Instructions

Click the link labeled "dompdf-0.6.2.zip" to download the packaged release. The two buttons labeled "Source code" are auto-generated by github and do not include all the necessary files.