Artboard 27
Account
Purchase
Download

Enhanced Security and Stability in Gravity PDF 6.13

Included text: Housekeeping, Security, and Bug Fixes, 6.13 Release

We’ve released version 6.13 of the Gravity PDF core plugin, which focuses on security hardening and improved stability. Let’s take a look.

Hardened Security Measures

The PDF engine powering Gravity PDF now uses WordPress’s wp_safe_remote_get() function to fetch external assets like images and CSS (previously it used cURL directly). This offers additional safeguards by doing URL validation before each request, and developers can use existing tools to block requests or modify the arguments used in this requests. Additionally, we’ve restricted the temporary directory cleanup routine so it can only be done on folders created and managed by Gravity PDF.

Improved Stability

The PDF engine cache has been modified so that any new directories receive same permissions as the parent directory. The cache cleanup routine has also been disabled, and this is now handled by the existing scheduled cleanup task. Other changes include fixing PHP notices when the canonical and WP.org version are both installed, and a fatal error using a very old version of GP Populate Anything.

How to Update Gravity PDF

You can update automatically using WordPress one-click update feature, or download the latest version on GravityPDF.com and manually install.

If you have any questions or need assistance with updating, our friendly support team is happy to help.

Changelog

Security

  • Switch from cURL to wp_safe_remote_get() when getting remote assets for PDFs (eg. images, CSS)

  • Cleanup routine will only allow directories created and managed by Gravity PDF to be deleted

Housekeeping

  • Remove mPDF temporary directory cleanup routine. Now handled directly by Gravity PDF Cron task.

  • Add gfpdf_remote_request_args filter to let developers modify the PDF remote request configuration

  • Add gfpdf_mpdf_class_container filter to let developers replace the httpClient class used by mPDF

Bugs Fixed

  • Ensure mPDF cache honors filesystem permissions when creating new folders

  • Don’t create unnecessary ttfont data directory in mPDF temporary directory

  • Fix PHP notices when displaying a message identifying which plugin is the non-canonical version

  • Prevent fatal error when a really old versions of GP Populate Anything is installed

Stay on top!
Never miss out on the latest news and updates in Gravity PDF land. Subscribe to our newsletter now!
SUBSCRIBE
Picture of Dan Tabifranca
Dan Tabifranca
Dan Tabifranca, Marketing Director at Gravity PDF, is a WordPress community advocate with a creative spirit. His seasoned experience as a professional Chef and his passion for gaming fuel his constant pursuit of new adventures.