v2.12.3

Security fix and refinements

Fix for potential Denial of Service vulnerability

Summary: The fix prevents the RawDataParser.php‎ to enter an endless loop under certain circumstances which would lead to memory exhaustion.

Details: When parsing a specifically crafted, malformed PDF file, the low-level RawDataParser enters a state that leads to uncontrolled memory allocation. This continues until the PHP script exhausts its memory_limit and crashes with a fatal error. An attacker can leverage this vulnerability by submitting a small, malicious PDF file to any service using this library, causing the server process to crash and become unavailable.

Thank you Yang LUO (https://github.com/N0zoM1z0) for reporting this and the provided details on the matter. #787 contains further information.

Refinement to improve extracted texts

Ignore Form as well as Image XObjects when assembling the text array for a PDFObject. by @rupertj in #783

---

Full Changelog: v2.12.2...v2.12.3

v2.12.2

What's Changed

• Include PHP 8.5 in CI + Fixes deprecations by @k00ni in #779

Full Changelog: v2.12.1...v2.12.2

v2.12.1

What's Changed

• Stop Image XObjects being included as empty strings in PDFObject::getTextArray(). by @rupertj in #775

Internal

• CI: Updated OS images (Windows, Ubuntu) by @k00ni in #776

New Contributors

• @rupertj made their first contribution in #775

Full Changelog: v2.12.0...v2.12.1

v2.12.0

What's Changed

• Fix incorrect parsing of bfrange (#631) by @nsfisis in #763
• More dedicated exceptions were added by @ThomasLandauer in #739 and #745

Internal changes

• chore: update phpunit.xml by @vitormattos in #757
• CI: added PHP 8.4 by @k00ni in #723
• Simplified Coding Style checks: PSR12 replaces Symfony, risky not allowed anymore by @k00ni in #737
• Introducing CONTRIBUTING.md by @k00ni in #744
• pull_request_template.md: Set path to CONTRIBUTING.md by @k00ni in #760

New Contributors

• @ThomasLandauer made their first contribution in #739
• @nsfisis made their first contribution in #763

Full Changelog: v2.11.0...v2.12.0

v2.11.0

What's Changed

• Account for inline images in formatContent() by @GreyWyvern in #693
• Fix for two bugs related to Unicode translation support by Font objects by @unixnut in #698
• Fix for adjacent escaped slashes and escaped parentheses in strings by @GreyWyvern in #711
• Merge XMP Metadata if dc:format tag not found by @GreyWyvern in #722
• Implement missing cm command by @DominikDostal in #720
• fix typo and clarify sentence by @bernard-ng in #729
• fix: check that the previous xref is not the just processed xref by @tkegan in #727

Internal changes

• Continuous-integration.yml: let workflow run on each push event by @k00ni in #719

New Contributors

• @DominikDostal made their first contribution in #720
• @bernard-ng made their first contribution in #729
• @tkegan made their first contribution in #727

Full Changelog: v.2.10.0...v2.11.0

v2.10.0

What's Changed

• Prevent zero from being passed to array_chunk() by @GreyWyvern in #686
• Filter ElementHexa::decode() of non-hex chars by @GreyWyvern in #687
• Account for inaccurate offsets in getXrefData() by @GreyWyvern in #692
• Strengthen check for UTF-8 conformity in formatContent() by @GreyWyvern in #704

Internal changes

• improved documentation: Return page width and height from document by @vitormattos in #700
• Fixed CS issue in PDFObject.php by @k00ni in #695

Full Changelog: v2.9.0...v.2.10.0

v.2.10.0

Replaced by v2.10.0

v2.9.0

What's Changed

• Fix returning empty text in some cases by @xAzoom in #666
• Baseencoding fallback by @GreyWyvern in #669
• Check for binary content in formatContent() before a problematic regexp by @GreyWyvern in #676
• Fixed latest coding style issues and refined a few PHP doc entries to match types by @k00ni in #677
• Fixes Scrutinizer integration (mostly failing tests) by @k00ni in #682
• Fixed a few coding style issues by @k00ni in #670

New Contributors

• @xAzoom made their first contribution in #666

Full Changelog: v2.8.0...v2.9.0

v2.8.0

❗ This release contains a lot of changes in comparison to v2.7.0. We decided to have at least one release candidate before the next production-ready release.

Pull request #634 (Major Update to PDFObject.php + Ancillary) by @GreyWyvern fixes almost 20 issues, brings better parsing and more understandable code. If you wanna find out what exactly changed, have a look.

What's Changed

• fix: Fail to identify fonts (name and size) #629 by @mbideau-atreal in #630
• Add a pull request template which contains helpful information by @k00ni in #633
• Check for wrong line-endings when getting xref by @GreyWyvern in #635
• Better octal and hex-entity decode by @GreyWyvern in #640
• Absorb spaces after 'stream' declarations by @GreyWyvern in #642
• Usage.md: change example code to avoid PHP notice by @k00ni in #644
• Font.php: hot fix for calculateTextWidth in case Widths key is not set by @k00ni in #645
• Major Update to PDFObject.php + Ancillary by @GreyWyvern in #634
• Ignore encryption by @unixnut in #653

New Contributors

• @mbideau-atreal made their first contribution in #630
• @unixnut made their first contribution in #653

Full Changelog: v2.7.0...v2.8.0

v2.8.0-RC2 - Call for testers!

What's Changed

• Added a workaround to ignore encryption by @unixnut in #653

New Contributors

• @unixnut made their first contribution in #653

Full Changelog: v2.8.0-RC1...v2.8.0-RC2