mirror
/
PHPMailer
mirror of https://github.com/PHPMailer/PHPMailer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

5.2.22

This commit is contained in:
Marcus Bointon 2017-01-06 22:35:54 +01:00
parent ad4cb09682
commit 5d88839afc
No known key found for this signature in database
GPG Key ID: DE31CD6EB646AA24
5 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@ -2,6 +2,8 @@
Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
PHPMailer versions prior to 5.2.22 (released January 2017) have a local file disclosure vulnerability if content passed into `msgHTML()` is sourced from unfiltered user input. Also note that `addAttachment` (just like `file_get_contents`, `passthru`, `unlink`, etc) should not be passed user-sourced params either!
PHPMailer versions prior to 5.2.20 (released December 28th 2016) are vulnerable to [CVE-2016-10045](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10045) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html), and patched by Paul Buonopane (@Zenexer).
PHPMailer versions prior to 5.2.18 (released December 2016) are vulnerable to [CVE-2016-10033](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10033) a remote code execution vulnerability, responsibly reported by [Dawid Golunski](http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html).

2
VERSION
View File

@ -1 +1 @@
5.2.21
5.2.22

5
changelog.md
View File

@ -1,5 +1,10 @@
# ChangeLog
## Version 5.2.22 (January 5th 2017)
* **SECURITY** Fix local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input.
* Add simple contact form example
* Emoji in test content
## Version 5.2.21 (December 28th 2016)
* Fix missed number update in version file - no functional changes

2
class.pop3.php
View File

@ -34,7 +34,7 @@ class POP3
* @var string
* @access public
*/
public $Version = '5.2.21';
public $Version = '5.2.22';
/**
* Default POP3 port number.

4
class.smtp.php
View File

@ -30,7 +30,7 @@ class SMTP
* The PHPMailer SMTP version number.
* @var string
*/
const VERSION = '5.2.21';
const VERSION = '5.2.22';
/**
* SMTP line break constant.
@ -81,7 +81,7 @@ class SMTP
* @deprecated Use the `VERSION` constant instead
* @see SMTP::VERSION
*/
public $Version = '5.2.21';
public $Version = '5.2.22';
/**
* SMTP server port number.