Releases: dompdf/dompdf
Dompdf 3.1.0
What's Changed
- Adds initial PDF/A compliance mode (#3269)
- Adds data-URIs to the resource reference validation logic and handles the same as other resource reference protocols (#3492)
- Note: this change requires that users of data URIs include the "data://" scheme in the list of allowed protocols.
- Allows data-URIs to be used for
@font-facedeclarations
- Adds support for data-URI JPEG images in Cpdf (#2783)
- Seeks local resources with a leading slash from the specified chroot directories if they are not found from the filesystem root (#3444)
- Addresses an issue preventing class-based Font Awesome usage (#3571)
Breaking Change
This release adds the "data://" scheme to the protocol validation rules. Installations that explicitly define the allowed protocols but do not include the "data://" protocol will no longer render data-URIs. This is a change from previous versions, where data-URIs were not processed through the validated rules. Installations that use the default validation rules included with Dompdf should see no impact.
Full Changelog: v3.0.2...v3.1.0
We would like to extend our gratitude to the community members who helped make this release possible.
v3.0.2
What's Changed
- Improves PHP 8.4 compatibility in in #3563
3.0.x Highlights
- Adds support for CSS variables (custom properties)
- Adds support for CSS math functions (calc, max, round, etc.)
- Updates the font matching logic to select the appropriate character-supporting font from the styled font families
Full Changelog: v3.0.1...v3.0.2
Requirements
Dompdf 3.0.x requires the following:
- PHP 7.1 or greater
- MBString
- GD (for image processing)
- masterminds/html5
- dompdf/php-font-lib
- dompdf/php-svg-lib
For full requirements and recommendations see the requirements page on the wiki.
We would like to extend our gratitude to the community members who helped make this release possible.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_3-0-2.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Dompdf 3.0.1
What's Changed
- Improves PHP 8.4 compatibility in #3556, #3558
- Fixes stylesheet parsing issues #3491
- Modifies internal handling of data-URIs to prevent parsing failures
- Improves CSS declaration boundary (semi-colon) detection
- Improves CPDF validation of selected font in #3415
3.0.x Highlights
- Adds support for CSS variables (custom properties)
- Adds support for CSS math functions (calc, max, round, etc.)
- Updates the font matching logic to select the appropriate character-supporting font from the styled font families
Full Changelog: v3.0.0...v3.0.1
Requirements
Dompdf 3.0.x requires the following:
- PHP 7.1 or greater
- MBString
- GD (for image processing)
- masterminds/html5
- dompdf/php-font-lib
- dompdf/php-svg-lib
For full requirements and recommendations see the requirements page on the wiki.
We would like to extend our gratitude to the community members who helped make this release possible.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_3-0-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Dompdf 3.0.0
Release Highlights
- Adds support for CSS variables (custom properties)
- Adds support for CSS math functions (calc, max, round, etc.)
- Updates the font matching logic to select the appropriate character-supporting font from the styled font families
Additional Changes
- Improves stylesheet handling, including
- enhanced regular expressions used during stylesheet parsing
- enhanced media query handling that
- supports media queries with more than one condition
- expands logical operators support (not, or)
- expands media query logic for at-import rules
- improved value parsing related to case sensitivity
- improved CSS function parsing and handling
- Improves table border rendering
- Improves automatic counter reset
- Improves compatibility with PDFLib version 10
- Improves security through
- new "allowedRemoteHosts" option to restrict which remote hosts can be requested
- new "artifactPathValidation" option to provide a mechanism for validating artifact paths (log file, temp directories, etc.)
- SVG file reference recursion
- Adds support for rendering unknown input element types
- Fixes IMagick extension temporary directory usage
- Fixes transparency after transform when using the Cpdf backend
The full list of new features and addressed issues can be found in the release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 3.0.x requires the following:
- PHP 7.1 or greater
- MBString
- GD (for image processing)
- masterminds/html5
- dompdf/php-font-lib
- dompdf/php-svg-lib
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_3-0-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Dompdf 2.0.8
Change highlights since 2.0.7
This release:
- Addresses potential deprecation notice in artifact path validation
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.8 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
- GD (for image processing)
allow_url_fopenset to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-8.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Dompdf 2.0.7
Change highlights since 2.0.5
This release:
- Addresses a PHP compatibility issue in the GD back end
- Adds Options class support for validating artifact paths. The default validation does not accept paths that utilize the PHAR protocol.
- Bumps the minimum version of SvgLib to 0.5.2.
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.7 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
- GD (for image processing)
allow_url_fopenset to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-7.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Dompdf 2.0.4
Change highlights since 2.0.3
This release addresses the following announced vulnerability:
| Vulnerability | References | Type | Severity |
|---|---|---|---|
| Possible DoS caused by infinite recursion when validating SVG images | GHSA-3qx2-6f78-w2j2 | Resource Exhaustion | Moderate |
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.4 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
- GD (for image processing)
allow_url_fopenset to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-4.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Dompdf 2.0.3
This release addresses the following vulnerability:
| Vulnerability | References | Type | Severity |
|---|---|---|---|
| URI validation failure on SVG parsing | [GHSA-56gj-mvh6-rp75][GHSA-56gj-mvh6-rp75], CVE-2023-24813 | Remote Code Execution | Critical |
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.3 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Additionally, the following are recommended for optimal use:
- GD (for image processing)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-3.zip" for the packaged release.
Dompdf 2.0.2
This release has been superseded by version 2.0.3
Change highlights since 2.0.1
- Improved CSS selector parsing and handling, particularly around psuedo-classes
- Addressed issues with too-eager whitespace removal
- Updated Cpdf back end to fix rendering of unclosed paths in SVG images
This release addresses the following vulnerability:
| Vulnerability | References | Type | Severity |
|---|---|---|---|
| URI validation failure on SVG parsing | GHSA-3cw5-7cxw-v5qg, CVE-2023-23924 | Remote Code Execution | Critical |
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
The list of addressed issues can be found in the 2.0.2 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.2 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Additionally, the following are recommended for optimal use:
- GD (for image processing)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-2.zip" for the packaged release.
Dompdf 2.0.1
This release has been superseded by version 2.0.2
Change highlights since 2.0.0
- Improved font-face declaration parsing and handling. External fonts are now restricted by resource access constraints.
- Improved layout of images with percentage-based dimensions
This release addresses the following vulnerabilities:
| Vulnerability | References | Type | Severity |
|---|---|---|---|
| Remote Code Execution via font installation | #2994, CVE-2022-41343, Tanto | Remote Code Execution | Critical |
2.0.x highlights
- Modifies callback and page_script/page_text handling
- Switches the HTML5 parser to Masterminds/HTML5
- Improves CSS property parsing and representation
- Switches installed fonts and font metrics cache file format to JSON
The list of addressed issues can be found in the 2.0.1 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.1 requires the following:
- PHP 7.1 or greater
- html5-php v2.0.0 or greater
- php-font-lib v0.5.4 or greater
- php-svg-lib v0.3.3 or greater
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
- GD (for image processing)
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.