Dompdf Versions Save

Change highlights since 2.0.4

This release:

• Addresses a PHP compatibility issue in the GD back end
• Adds Options class support for validating artifact paths. The default validation does not accept paths that utilize the PHAR protocol.
• Bumps the minimum version of SvgLib to 0.5.2.

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.7 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-7.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

Change highlights since 2.0.3

This release addresses the following announced vulnerability:

Vulnerability	References	Type	Severity
Possible DoS caused by infinite recursion when validating SVG images	GHSA-3qx2-6f78-w2j2	Resource Exhaustion	Moderate

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.4 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-4.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

This release addresses the following vulnerability:

Vulnerability	References	Type	Severity
URI validation failure on SVG parsing	[GHSA-56gj-mvh6-rp75][GHSA-56gj-mvh6-rp75], CVE-2023-24813	Remote Code Execution	Critical

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.3 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Additionally, the following are recommended for optimal use:

• GD (for image processing)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-3.zip" for the packaged release.

This release has been superseded by version 2.0.3

Change highlights since 2.0.1

• Improved CSS selector parsing and handling, particularly around psuedo-classes
• Addressed issues with too-eager whitespace removal
• Updated Cpdf back end to fix rendering of unclosed paths in SVG images

This release addresses the following vulnerability:

Vulnerability	References	Type	Severity
URI validation failure on SVG parsing	GHSA-3cw5-7cxw-v5qg, CVE-2023-23924	Remote Code Execution	Critical

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

The list of addressed issues can be found in the 2.0.2 release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.2 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Additionally, the following are recommended for optimal use:

• GD (for image processing)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-2.zip" for the packaged release.

This release has been superseded by version 2.0.2

Change highlights since 2.0.0

• Improved font-face declaration parsing and handling. External fonts are now restricted by resource access constraints.
• Improved layout of images with percentage-based dimensions

This release addresses the following vulnerabilities:

Vulnerability	References	Type	Severity
Remote Code Execution via font installation	#2994, CVE-2022-41343, Tanto	Remote Code Execution	Critical

2.0.x highlights

• Modifies callback and page_script/page_text handling
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Switches installed fonts and font metrics cache file format to JSON

The list of addressed issues can be found in the 2.0.1 release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.1 requires the following:

• PHP 7.1 or greater
• html5-php v2.0.0 or greater
• php-font-lib v0.5.4 or greater
• php-svg-lib v0.3.3 or greater

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

This release has been superseded by version 2.0.1

Change highlights since 1.2.x

• Addresses multiple security vulnerabilities (see below)
• Modifies callback and page_script/page_text handling (breaking change, see below)
• Switches the HTML5 parser to Masterminds/HTML5
• Improves CSS property parsing and representation
• Improves border, outline, and background rendering for inline elements
• Switches installed fonts and font metrics cache file format to JSON
• Adds support for the inset CSS shorthand property and the legacy break-word keyword for word-break
• Adds "end_document" callback event

The full list of addressed issues can be found in the release milestone. View all changes since the previous release in the commit history.

This release addresses the following announced vulnerabilities:

Vulnerability	References	Type	Severity
Improper Restriction of XML External Entity Reference	#2564, CVE-2021-3902, huntr.dev	Information Disclosure; Remote Code Execution	Critical
Deserialization of Untrusted Data	#2564, CVE-2021-3838, huntr.dev	Remote Code Execution	Critical
External Control of File Name or Path	#2564, CVE-2022-2400, huntr.dev	Information Disclosure	Medium
Server-Side Request Forgery	#2564, CVE-2022-0085, huntr.dev	SSRF	Medium

Breaking Changes

• Callback signature change: callbacks should now accept three individual arguments (Frame, Canvas, FontMetrics)
• Canvas::page_* methods are executed immediately rather than during output generation and should be called after rendering the document
• Cpdf::polygon method signature changed, no longer accepts the number of points
• See the migration guide for details

---

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 2.0.0 requires the following:

• PHP 7.1 or greater
• MBString
• php-font-lib
• php-svg-lib

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

This release has been superseded by version 2.0.0

Change highlights since 1.2.1

• Addressed crash caused when paging some inline elements
• Improved layout of images with percentage-based dimensions

1.2.x highlights

• Addresses PHP 8.1 compatibility issues
• Improves table parsing and layout
• Adds callback function support to Canvas::page_script
• Fixes issues with metadata in protected PDFs

The list of addressed issues can be found in the 1.2.2 release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 1.2.2 requires the following:

• PHP 7.1 or greater
• MBString
• php-font-lib v0.5.x
• php-svg-lib v0.3.x

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-2.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

This release has been superseded by version 1.2.2

Change highlights since 1.2.0

This release addresses the following announced vulnerability:

Vulnerability	References	Type	Severity
Remote Code Execution via remote font installation	Positive Security, #2598	Remote Code Execution	Critical

Bugs addressed:

• Infinite recursion when generated content spans more than one line
• Errors or display corruption caused during CSS parsing of inherited properties, border style, and list style
• Empty table handling exceptions

Improvements:

• HTTP context can now be set through the Options class

1.2.x highlights

• Addresses PHP 8.1 compatibility issues
• Improves table parsing and layout
• Adds callback function support to Canvas::page_script
• Fixes issues with metadata in protected PDFs

The list of addressed issues can be found in the 1.2.1 release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 1.2.1 requires the following:

• PHP 7.1 or greater
• MBString
• php-font-lib v0.5.x
• php-svg-lib v0.3.x

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

This release has been superseded by version 1.2.1

Change highlights since 1.1.1

• Addresses PHP 8.1 compatibility issues
• Improves table parsing and layout
• Adds support for space-separated RGB color syntax
• Adds callback function support to Canvas::page_script
• Fixes issue handling differing page margins
• Fixes font issue caused by temporary file handling during concurrent execution
• Fixes issues with metadata in protected PDFs

The list of addressed issues can be found in the 1.2.0 release milestone. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 1.2.0 requires the following:

• PHP 7.1 or greater
• MBString
• php-font-lib v0.5.x
• php-svg-lib v0.3.x

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.

This release has been superseded by version 1.2.0

Change highlights since 1.0.2

• Improves margin and page break handling (element boundary detection)
• Improves containing block determination for positioned elements
• Improves support for relative positioning
• Improves border radius rendering, fixes support for border radius on table cells
• Improves table rendering in relation to borders, column widths
• Improves counter tracking, roman numeral rendering
• Adds Support for WebP images when using the CPDF back end
• Fixes issue with IMagick version check

Bugs addressed since 1.1.0

• Variable with potential string value was not correctly handled in a mathematical operation
• A potential breaking change was introduced for installations using a custom dompdf_font_family_cache.dist.php

The list of addressed issues can be found in the 1.1.0 and 1.1.1 release milestones. View all changes since the previous release in the commit history.

We would like to extend our gratitude to the community members who helped make this release possible.

Requirements

Dompdf 1.1.1 requires the following:

• PHP 7.1 or greater
• MBString
• php-font-lib v0.5.x
• php-svg-lib v0.3.x

Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).

Additionally, the following are recommended for optimal use:

• GD (for image processing)
• allow_url_fopen set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)

For full requirements and recommendations see the requirements page on the wiki.

Download Instructions

The dompdf team recommends that you use Composer for easier dependency management.

If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-1-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.