All Versions
105
Latest Version
Avg Release Cycle
48 days
Latest Release
361 days ago
Changelog History
Page 2
Changelog History
Page 2
-
v6.5.0 Changes
June 16, 2021- ๐ SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See [SECURITY.md](SECURITY.md) for details.
- The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the
.operator. - ๐ Deprecation The current translation file format using PHP arrays is now deprecated; the next major version will introduce a new format.
- ๐ SECURITY Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator. See [SECURITY.md](SECURITY.md) for details.
- The fix for this issue includes a minor BC break: callables injected into
validateAddress, or indirectly through the$validatorclass property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name. - Haraka message ID strings are now recognised
-
v6.4.1 Changes
April 29, 2021- ๐ SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details
- Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as
ssh2 - Ensure method signature consistency in
doCallbackcalls - โก๏ธ Ukrainian language update
- โ Add composer scripts for checking coding standards and running tests
-
v6.4.0 Changes
March 31, 2021- โช Revert change that made the
mail()and sendmail transports set the envelope sender if one isn't explicitly provided, as it causes problems described in https://github.com/PHPMailer/PHPMailer/issues/2298 - ๐ Check for mbstring extension before decoding addresss in
parseAddress - โ Add Serbian Latin translation (
sr_latn) - Enrol PHPMailer in Tidelift
- โช Revert change that made the
-
v6.3.0 Changes
February 19, 2021- ๐ Handle early connection errors such as 421 during connection and EHLO states
- Switch to Github Actions for CI
- Generate debug output for
mail(), sendmail, and qmail transports. Enable using the same mechanism as for SMTP: setSMTPDebug> 0 - ๐ง Make the
mail()and sendmail transports set the envelope sender the same way as SMTP does, i.e. use whateverFromis set to, only falling back to thesendmail_fromphp.ini setting ifFromis unset. This avoids errors from themail()function ifSenderis not set explicitly and php.ini is not configured. This is a minor functionality change, so bumps the minor version number. - โ
Extend
parseAddressesto decode encoded names, improve tests
-
v6.2.0 Changes
November 25, 2020๐ This is a maintenance release. With this release, PHPMailer gains official PHP 8 compatibility; earlier versions worked in PHP 8 pre-releases, but the test suite did not. The considerable rework this required (which also restored tests running on older PHP versions) was done by @jrfnl โ thank you very much!
- PHP 8.0 compatibility
- Switch from PHP CS Fixer to PHP CodeSniffer for coding standards
- Create class constants for the debug levels in the POP3 class
- ๐ Improve French, Slovenian, and Ukrainian translations
- ๐ Improve file upload examples so file extensions are retained
- ๐ Resolve PHP 8 line break issues due to a very old PHP bug being fixed
- โ Avoid warnings when using old openssl functions
- ๐ Improve Travis-CI build configuration
-
v6.1.8 Changes
October 09, 2020๐ This is a maintenance release.
- Mark
ext-hashas required in composer.json. This has long been required, but now it will cause an error at install time rather than runtime, making it easier to diagnose - ๐ Make file upload examples safer
- โก๏ธ Update links to SMTP testing servers
- Avoid errors when set_time_limit is disabled (you need better hosting!)
- ๐ Allow overriding auth settings for local tests; makes it easy to run tests using HELO
- Recover gracefully from errors during keepalive sessions
- โ Add AVIF MIME type mapping
- Prevent duplicate
Toheaders in BCC-only messages when usingmail() - ๐ Avoid file function problems when attaching files from Windows UNC paths
- ๐ Improve German, Bahasa Indonesian, Filipino translations
- โ Add Javascript-based example
- โ Increased test coverage
- Mark
-
v6.1.7 Changes
July 14, 2020PHPMailer 6.1.7
๐ This is a maintenance release.
- Split SMTP connection into two separate methods
- Undo BC break in PHP vesions 5.2.3 - 7.0.0 introduced in 6.1.2 when injecting callables for address validation and HTML to text conversion
- ๐พ Save response to SMTP welcome banner as other responses are saved
- ๐ฆ Retry stream_select if interrupted by a signal
-
v6.1.6 Changes
May 27, 2020PHPMailer 6.1.6
๐ This is a security release, with some other minor changes. For full details, refer to the advisory.
- ๐ SECURITY Fix insufficient output escaping bug in file attachment names. CVE-2020-13625. Reported by Elar Lang of Clarified Security.
- Correct Armenian ISO language code from
amtohy, add mapping for fallback - โฑ Use correct timeout property in debug output
-
v6.1.5 Changes
March 14, 2020๐ This is a maintenance release.
- Reject invalid custom headers that are empty or contain breaks
- ๐ Various fixes for DKIM issues, especially when using
mail()transport - ๐ Drop the
l=length tag from DKIM signatures; it's a mild security risk - Ensure CRLF is used explicitly when needed, rather than
static::$LE - โ Add a method for trimming header content consistently
- Some minor tweaks to resolve static analyser complaints
- Check that attachment files are readable both when adding and when sending
- โช Work around Outlook bug in mishandling MIME preamble
- ๐ Danish translation improvements
-
v6.1.4 Changes
December 10, 2019The RFC2047 folding added in 6.1.0 was a little overenthusiastic; It will now only happen when header lines exceed 998 chars.
- Clean up hostname handling
- Avoid IDN error on older PHP versions, prep for PHP 8.0
- Don't force RFC2047 folding unnecessarily
- ๐ Enable tests on full release of PHP 7.4