CIVI-PSA-2024-01: wkhtmltopdf (EOL)

Publicat
2024-10-16 13:00
Written by

CiviCRM generates *.pdf files with the assistance of a PDF engine. It is compatible with multiple engines, including the default DOMPDF and the alternative wkhtmltopdf. The latter option is now unsupported and insecure. Sites should remove it.

(Note: wkhtmltopdf is not distributed by CiviCRM. This is a public service announcement to alert people who may have installed wkhtmltopdf as an add-on.)

What PDF engines can be used by CiviCRM?

  • DOMPDF is the default, recommended engine.
  • wkhtmltopdf can be installed separately. The upstream project has been abandoned and is now insecure.
  • weasyprint can be installed separately. It is a candidate to replace wkhtmltopdf. However, as of October 2024, the integration has not been documented or audited for multi-user applications like CiviCRM. You may regard it as experimental.

Why are multiple engines supported?

They have different characteristics regarding compatibility, font-libraries, memory-usage, performance, and so on.

How do you determine if wkhtmltopdf is used by CiviCRM?

There is a setting in CiviCRM to configure the executable-path to wkhtmltopdf. The setting is normally blank; but if it is filled-in, then your system uses wkhtmltopdf.

Check the setting:

  • Web UI: Navigate to Administer > System Settings > Misc. Search for the wkhtmltopdf field. See if the setting is empty or defined.
  • CLI: Run the command cv vget wkhtmltopdfPath. This may return an empty result or the defined path.

How do you remove wkhtmltopdf?

  1. Update or delete the setting.
    • Web UI: Navigate to Administer > System Settings > Misc. Delete the wkhtmltopdf data.
    • CLI: Run the command cv vdel wkhtmltopdfPath.
  2. Uninstall wkhtmltopdf packages
    • If you previously installed wkhtmltopdf using a package-manager (apt-get, yum, etc), then you should remove the package.
  3. (Optional) Update the DOMPDF font configuration
    • After disabling, you will return to using DOMPDF.
    • The default font-library for DOMPDF (bundled with CiviCRM) is relatively small and has weak support for non-Latin alphabets.
    • Depending on your organization/use-case, you may find that it no longer supports enough fonts.
    • To add more, see CiviCRM Installation Guide: Unicode PDF Fonts
Security Risk
Highly Critical
Vulnerability
Other
Affected Versions

N/A

Fixed Versions

N/A

Publication Date
Solutions

N/A

Credits
  • Situational Assessment: Blackfly Solutions - Alan Dixon; CiviCRM - Tim Otten; CiviDesk - Nicolas Ganivet; Dave D; JMA Consulting - Joe Murray, Seamus Lee
CVE
CVE-2022-35583