Problem/Motivation

The module has a potential Remote code injection vulnerability due to depending on 0.8.4 of the dompdf/dompdf package: https://git.drupalcode.org/project/entity_print/-/blob/85f8e5fe/composer...

References:

- https://github.com/advisories/GHSA-x752-qjv4-c4hc
- https://github.com/Roave/SecurityAdvisories/commit/8de287d3e2b7504c77a6f...

Originally reported by codebymikey to the security queue, but can be public under https://www.drupal.org/psa-2011-002

Steps to reproduce

Proposed resolution

Update the minimum constraint

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#5 3274668.patch281 byteslarowlan

Comments

larowlan created an issue. See original summary.

larowlan credited DamienMcKenna.

larowlan credited codebymikey.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented
larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented
Status: Active » Needs review
StatusFileSize
new 3274668.patch281 bytes

  • larowlan committed b4fe8ea on 8.x-2.x 
    Issue #3274668 by larowlan, DamienMcKenna, codebymikey: Update minimum...
larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
commented
Status: Needs review » Fixed

Cutting 8.x-2.5

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.