Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[REF] Upgrade DomPDF to v0.8.6 #18688

Merged
merged 1 commit into from
Oct 9, 2020
Merged

[REF] Upgrade DomPDF to v0.8.6 #18688

merged 1 commit into from
Oct 9, 2020

Conversation

seamuslee001
Copy link
Contributor

@seamuslee001 seamuslee001 commented Oct 7, 2020
edited
Loading

Overview

Upgrades DomPDF version to v0.8.6

Before

DomPDF Version 0.8.5 used

After

DomPDF version 0.8.6 used

Technical Details

Fixes a minor security issue and also fixes a few other issues https://github.com/dompdf/dompdf/releases/tag/v0.8.6

@civibot
Copy link

civibot bot commented Oct 7, 2020

(Standard links)

@civibot civibot bot added the master label Oct 7, 2020
@eileenmcnaughton
Copy link
Contributor

@seamuslee001 given we have just cut the rc I'm OK merging this - since we do generally try to keep this up to date - any thoughts?

@seamuslee001
Copy link
Contributor Author

I had tested this on a firefox page and worked so lets merge it tbqh

@eileenmcnaughton
Copy link
Contributor

@seamuslee001 ok - I'm fine with merging if you fix up the PR template - we should link to the changelog changes in that

@seamuslee001
Copy link
Contributor Author

Updated now @eileenmcnaughton

@eileenmcnaughton eileenmcnaughton merged commit 8e49992 into civicrm:master Oct 9, 2020
@eileenmcnaughton eileenmcnaughton deleted the dompdf_upgrade branch October 9, 2020 00:46
@eileenmcnaughton
Copy link
Contributor

Cool - just noting this requires php7.1 so any ESR backport is out

@eileenmcnaughton
Copy link
Contributor

This might require some action?

Note on resource references: Because of the changes in resource security, some resources (images, external stylesheets) that would previously load with the default settings may not longer load. To ensure compatibility with this release ensure the remote resources can be loaded and that any local filesystem resources are within the directory specified by the chroot setting. By default, chroot is set to the Dompdf directory. Information on how to change these settings can be found in the readme section on setting options.

This update addresses the following announced vulnerabilities:

@colemanw
Copy link
Member

colemanw commented Oct 9, 2020

@seamuslee001 I don't really understand how Composer works, but why is the "content-hash" not getting updated at the top of the file in this PR?

@seamuslee001
Copy link
Contributor Author

@colemanw checking this suggests that https://stackoverflow.com/questions/46185777/is-content-hash-a-mandatory-part-of-composer-lock it is only when things change in composer.json that the hash gets updated

artfulrobot pushed a commit to artfulrobot/civicrm-core that referenced this pull request Oct 12, 2020
@eileenmcnaughton
Merge pull request civicrm#18688 from seamuslee001/dompdf_upgrade
f1dd38f 
[REF] Upgrade DomPDF to v0.8.6
@omarabuhussein omarabuhussein mentioned this pull request Apr 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@seamuslee001 @eileenmcnaughton @colemanw