mirror
/
PHPMailer
mirror of https://github.com/PHPMailer/PHPMailer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tidelift security

This commit is contained in:
Marcus Bointon 2021-03-22 17:55:59 +01:00
parent 59173eb2bf
commit a792de883b
No known key found for this signature in database
GPG Key ID: DE31CD6EB646AA24
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@ -1,6 +1,6 @@
# Security notices relating to PHPMailer
Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
Please disclose any security issues or vulnerabilities found through [Tidelift's coordinated disclosure system](https://tidelift.com/security) or to the maintainers privately.
PHPMailer versions 6.1.5 and earlier contain an output escaping bug that occurs in `Content-Type` and `Content-Disposition` when filenames passed into `addAttachment` and other methods that accept attachment names contain double quote characters, in contravention of RFC822 3.4.1. No specific vulnerability has been found relating to this, but it could allow file attachments to bypass attachment filters that are based on matching filename extensions. Recorded as [CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625). Reported by Elar Lang of Clarified Security.

1
changelog.md
View File

@ -3,6 +3,7 @@
## WIP
* Check for mbstring extension before decoding addresss in `parseAddress`
* Add Serbian Latin translation (`sr_latn`)
* Enrol PHPMailer in Tidelift
## Version 6.3.0 (February 19th, 2021)
* Handle early connection errors such as 421 during connection and EHLO states