Register | Log in

weasyprint

Document factory for creating PDF files from HTML

Choose email to subscribe with

general

source: weasyprint (main)
version: 67.0-1
maintainer: Debian Python Team (DMD)
uploaders: Scott Kitterman [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 51-2
oldstable: 57.2-1
stable: 62.3-1
testing: 67.0-1
unstable: 67.0-1

versioned links

51-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
57.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
62.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
67.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

weasyprint

action needed

A new upstream version is available: 69.0 high

A new upstream version 69.0 is available, you should consider packaging it.

Created: 2026-02-26 Last update: 2026-06-07 10:00

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-68616: WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Created: 2026-06-07 Last update: 2026-06-07 07:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-68616: WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Created: 2026-06-07 Last update: 2026-06-07 07:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-68616: WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Created: 2026-06-07 Last update: 2026-06-07 07:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-68616: WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Created: 2026-06-07 Last update: 2026-06-07 07:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-68616: WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Created: 2026-06-07 Last update: 2026-06-07 07:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 67.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 0edab335529368c0ea067aa5ff21ce12de7ee40e
Author: Michael R. Crusoe <crusoe@debian.org>
Date:   Tue Mar 3 15:38:31 2026 +0100

    Enable running most of the tests at build time and as autopkgtests.

commit 0779a492eb91dae2fcc6d2841880b1151a6b766e
Author: Michael R. Crusoe <crusoe@debian.org>
Date:   Tue Mar 3 15:38:13 2026 +0100

    d/rules: simplifications

Created: 2026-03-03 Last update: 2026-06-01 16:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.0).

Created: 2025-02-21 Last update: 2026-03-31 15:01

news

[2026-03-04] weasyprint 67.0-1 MIGRATED to testing (Debian testing watch)
[2026-02-27] Accepted weasyprint 67.0-1 (source) into unstable (Stéphane Glondu)
[2024-07-02] weasyprint 62.3-1 MIGRATED to testing (Debian testing watch)
[2024-06-27] Accepted weasyprint 62.3-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-06-15] weasyprint 62.2-1 MIGRATED to testing (Debian testing watch)
[2024-06-09] Accepted weasyprint 62.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-05-13] weasyprint 62.1-1 MIGRATED to testing (Debian testing watch)
[2024-05-06] Accepted weasyprint 62.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-05-06] Accepted weasyprint 62.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-05-03] weasyprint 61.2-2 MIGRATED to testing (Debian testing watch)
[2024-04-27] Accepted weasyprint 61.2-2 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-03-21] weasyprint 61.2-1 MIGRATED to testing (Debian testing watch)
[2024-03-16] Accepted weasyprint 61.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-03-07] weasyprint 61.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-01] Accepted weasyprint 61.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-02-24] weasyprint 61.0-1 MIGRATED to testing (Debian testing watch)
[2024-02-18] Accepted weasyprint 61.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2024-01-09] weasyprint 60.2-1 MIGRATED to testing (Debian testing watch)
[2024-01-03] Accepted weasyprint 60.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2023-06-20] weasyprint 59.0-1 MIGRATED to testing (Debian testing watch)
[2023-06-12] Accepted weasyprint 59.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2023-01-20] weasyprint 57.2-1 MIGRATED to testing (Debian testing watch)
[2023-01-15] Accepted weasyprint 57.2-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-11-12] weasyprint 57.1-1 MIGRATED to testing (Debian testing watch)
[2022-11-07] weasyprint 57.0-2 MIGRATED to testing (Debian testing watch)
[2022-11-07] Accepted weasyprint 57.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-11-02] Accepted weasyprint 57.0-2 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-10-21] Accepted weasyprint 57.0-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)
[2022-10-18] weasyprint 56.1-1 MIGRATED to testing (Debian testing watch)
[2022-10-12] Accepted weasyprint 56.1-1 (source) into unstable (Scott Kitterman) (signed by: Donald Scott Kitterman)

1
2

bugs [bug history graph]

all: 2
RC: 1
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 67.0-1
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing