- CiviCRM before 4.6.11
- CiviCRM 4.6.11 and later
The 4.6.11 release of CiviCRM addresses multiple vulnerabilities in DOMPDF, a library used within CiviCRM to generate PDFs.
For more information, see the DOMPDF release notes for DOMPDF v0.6.2
- Upgrade to CiviCRM 4.6.11 or later, OR
- Apply patches from CRM-17733:
This issue was reported by Neil Drumm of the Drupal Security Team. The fix was co-ordinated by Tim Otten of CiviCRM, and Chris Burgess of Fuzion Aotearoa.