Version 6.7.7 (2024-10-26)

• Update regular expression to avoid ReDoS (CVE-2024-22641)
• [PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
• SVG detection fix for inline data images #646
• Fix count svg #647
• Since the version 6.7.4, the "0" is considered like empty string and not displayed
• Fixed handling of transparency in PDF/A mode in addExtGState method
• Encrypt /DA string when document is encrypted
• Improve quality of generated seed, avoid potential security pitfall
• Try to use random_bytes() first if it's available
• Do not include the server parameters in the generated seed, as they might contain sensitive data
• Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
• Fix SVG coordinate parser that caused drawing artifacts
• Remove usage of xml_set_object() function

Version 6.7.6 (2024-10-06)

• Forbid access to parent folder in HTML images.

Version 6.7.5 (2024-04-20)

• Update GitHub actions
• fix: CSV-2024-22640 (#712)

Version 6.7.4 (2024-03-24)

• Upgrade tcpdf tag encryption algorithm.
• Fix regression issue #699.
• Fix security issue.
• [BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
• New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
• Raised minimum PHP version to PHP 5.5.0.