HTML to PDF converter for PHP
Change highlights since 2.0.4
This release:
2.0.x highlights
View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.7 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-7.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
Change highlights since 2.0.3
This release addresses the following announced vulnerability:
Vulnerability | References | Type | Severity |
---|---|---|---|
Possible DoS caused by infinite recursion when validating SVG images | GHSA-3qx2-6f78-w2j2 | Resource Exhaustion | Moderate |
2.0.x highlights
View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.4 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-4.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
This release addresses the following vulnerability:
Vulnerability | References | Type | Severity |
---|---|---|---|
URI validation failure on SVG parsing | [GHSA-56gj-mvh6-rp75][GHSA-56gj-mvh6-rp75], CVE-2023-24813 | Remote Code Execution | Critical |
2.0.x highlights
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.3 requires the following:
Additionally, the following are recommended for optimal use:
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-3.zip" for the packaged release.
This release has been superseded by version 2.0.3
Change highlights since 2.0.1
This release addresses the following vulnerability:
Vulnerability | References | Type | Severity |
---|---|---|---|
URI validation failure on SVG parsing | GHSA-3cw5-7cxw-v5qg, CVE-2023-23924 | Remote Code Execution | Critical |
2.0.x highlights
The list of addressed issues can be found in the 2.0.2 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.2 requires the following:
Additionally, the following are recommended for optimal use:
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-2.zip" for the packaged release.
This release has been superseded by version 2.0.2
Change highlights since 2.0.0
This release addresses the following vulnerabilities:
Vulnerability | References | Type | Severity |
---|---|---|---|
Remote Code Execution via font installation | #2994, CVE-2022-41343, Tanto | Remote Code Execution | Critical |
2.0.x highlights
The list of addressed issues can be found in the 2.0.1 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.1 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
This release has been superseded by version 2.0.1
Change highlights since 1.2.x
inset
CSS shorthand property and the legacy break-word
keyword for word-break
The full list of addressed issues can be found in the release milestone. View all changes since the previous release in the commit history.
This release addresses the following announced vulnerabilities:
Vulnerability | References | Type | Severity |
---|---|---|---|
Improper Restriction of XML External Entity Reference | #2564, CVE-2021-3902, huntr.dev | Information Disclosure; Remote Code Execution | Critical |
Deserialization of Untrusted Data | #2564, CVE-2021-3838, huntr.dev | Remote Code Execution | Critical |
External Control of File Name or Path | #2564, CVE-2022-2400, huntr.dev | Information Disclosure | Medium |
Server-Side Request Forgery | #2564, CVE-2022-0085, huntr.dev | SSRF | Medium |
Breaking Changes
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 2.0.0 requires the following:
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_2-0-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
This release has been superseded by version 2.0.0
Change highlights since 1.2.1
1.2.x highlights
The list of addressed issues can be found in the 1.2.2 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 1.2.2 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-2.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
This release has been superseded by version 1.2.2
Change highlights since 1.2.0
This release addresses the following announced vulnerability:
Vulnerability | References | Type | Severity |
---|---|---|---|
Remote Code Execution via remote font installation | Positive Security, #2598 | Remote Code Execution | Critical |
Bugs addressed:
Improvements:
1.2.x highlights
The list of addressed issues can be found in the 1.2.1 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 1.2.1 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
This release has been superseded by version 1.2.1
Change highlights since 1.1.1
The list of addressed issues can be found in the 1.2.0 release milestone. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 1.2.0 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-2-0.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.
This release has been superseded by version 1.2.0
Change highlights since 1.0.2
Bugs addressed since 1.1.0
The list of addressed issues can be found in the 1.1.0 and 1.1.1 release milestones. View all changes since the previous release in the commit history.
We would like to extend our gratitude to the community members who helped make this release possible.
Requirements
Dompdf 1.1.1 requires the following:
Note that some dependencies may have further dependencies (notably php-svg-lib requires sabberworm/php-css-parser).
Additionally, the following are recommended for optimal use:
allow_url_fopen
set to true or the curl PHP extension (for retrieving stylesheets, images, etc via http)For full requirements and recommendations see the requirements page on the wiki.
Download Instructions
The dompdf team recommends that you use Composer for easier dependency management.
If you're not yet using Composer you can download a packaged release of dompdf which includes all the files you need to use the library. Click the link labeled "dompdf_1-1-1.zip" for the packaged release. The download options labeled "Source code" are auto-generated by github and do not include all the dependencies.