Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issue #949

Closed
hiren-plancover opened this issue Jan 30, 2023 · 12 comments
Closed

Security Issue #949

hiren-plancover opened this issue Jan 30, 2023 · 12 comments

Comments

@hiren-plancover
Copy link

domPDF repository has a security issue due to which they recently updated their repository. Any idea when will that be updated here?

Security Advisories:
GHSA-6x28-7h8c-chx4
GHSA-5qj8-6xxj-hp9h
GHSA-pf6p-25r2-fx45
GHSA-x752-qjv4-c4hc
@ilazaridis ilazaridis mentioned this issue Feb 1, 2023
Closed
@ilazaridis
Copy link

@barryvdh I have already prepared the PR. Thank you!

@parallels999
Copy link

@hiren-plancover run composer update -W

@ilazaridis
Copy link

right! thanks!

@marcusmoore
Copy link

In addition, composer update dompdf/dompdf -W will update dompdf/dompdf specifically and leave the other dependencies alone.

@hiren-plancover
Copy link
Author

In addition, composer update dompdf/dompdf -W will update dompdf/dompdf specifically and leave the other dependencies alone.

I tried this but it does not work.

[root@vps]# composer update dompdf/dompdf -W
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Continue as root/super user [yes]? y
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Nothing to modify in lock file
Installing dependencies from lock file (including require-dev)
Nothing to install, update or remove

I still see a security vulnerability advisory on the server. How do I fix this issue?

@marcusmoore
Copy link

@hiren-plancover what are the results from running composer show dompdf/dompdf?

@hiren-plancover
Copy link
Author

This is the output

name     : dompdf/dompdf
descrip. : DOMPDF is a CSS 2.1 compliant HTML to PDF converter
keywords :
versions : * v0.8.6
type     : library
license  : GNU Lesser General Public License v2.1 only (LGPL-2.1) (OSI approved) https://spdx.org/licenses/LGPL-2.1.html#licenseText
homepage : https://github.com/dompdf/dompdf
source   : [git] https://github.com/dompdf/dompdf.git db91d81866c69a42dad1d2926f61515a1e3f42c5
dist     : [zip] https://api.github.com/repos/dompdf/dompdf/zipball/db91d81866c69a42dad1d2926f61515a1e3f42c5 db91d81866c69a42dad1d2926f61515a1e3f42c5
path     : /home/demo/laravel/vendor/dompdf/dompdf
names    : dompdf/dompdf

autoload
psr-4
Dompdf\ => src/
classmap
lib/

requires
ext-dom *
ext-mbstring *
phenx/php-font-lib ^0.5.2
phenx/php-svg-lib ^0.3.3
php ^7.1

requires (dev)
mockery/mockery ^1.3
phpunit/phpunit ^7.5
squizlabs/php_codesniffer ^3.5

suggests
ext-gd Needed to process images
ext-gmagick Improves image processing performance
ext-imagick Improves image processing performance
ext-zlib Needed for pdf stream compression

@barryvdh
Copy link
Owner

And which version of this library? 1.x should install dompdf 2.x, niet 0.8.6

@angeljqv
Copy link

upgrade to laravel/dompdf 2.x

@Romkabouter
Copy link

I see this one is still open and wondering if it is going to be merged?

@barryvdh
Copy link
Owner

What should be merged? There is no issue if you just update composer

@Romkabouter
Copy link

Sorry, I was reading this incorrectly. This was fixed indeed, but I was confused about the issue still open :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump dompdf/dompdf version
7 participants
@barryvdh @marcusmoore @ilazaridis @Romkabouter @angeljqv @hiren-plancover @parallels999