mirror
/
PHPMailer
mirror of https://github.com/PHPMailer/PHPMailer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changelog

This commit is contained in:
Marcus Bointon 2017-08-11 14:48:43 +02:00
parent 3f80e2dc92
commit c205d94136
No known key found for this signature in database
GPG Key ID: DE31CD6EB646AA24
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelog.md
View File

@ -50,6 +50,8 @@ This is a major update that breaks backwards compatibility.
* More reliable folding of message headers
* Inject your own SMTP implementation via `setSMTPInstance()` instead of having to subclass and override `getSMTPInstance()`.
* Make obtaining SMTP transaction ID more reliable
## Version 5.2.24 (July 26th 2017)
* **SECURITY** Fix XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
* Handle bare codes (an RFC contravention) in SMTP server responses