All Versions
105
Latest Version
Avg Release Cycle
48 days
Latest Release
731 days ago
Changelog History
Page 4
Changelog History
Page 4
-
v6.0.1 Changes
September 14, 2017- ๐ Use shorter Message-ID headers (with more entropy) to avoid iCloud blackhole bug
- ๐ Switch to Symfony code style (though it's not well defined)
- ๐ CI builds now apply syntax & code style checks, so make your PRs tidy!
- ๐ CI code coverage only applied on latest version of PHP to speed up builds (thanks to @Slamdunk for these CI changes)
- โ Remove
composer.lock
- it's important that libraries break early; keeping it is for apps - โ Rename test scripts to PSR-4 spec
- ๐ Make content-id values settable on attachments, not just embedded items
- โ Add SMTP transaction IDs to callbacks & allow for future expansion
- โ Expand test coverage
-
v6.0 Changes
August 28, 2017โก๏ธ This is a major update that breaks backwards compatibility.
- Requires PHP 5.5 or later
- ๐ Uses the
PHPMailer\PHPMailer
namespace - File structure simplified and PSR-4 compatible, classes live in the
src/
folder - ๐ The custom autoloader has been removed: use composer!
- Classes & Exceptions renamed to make use of the namespace
- Most statically called functions now use the
static
keyword instead ofself
, so it's possible to override static internal functions in subclasses, for examplevalidateAddress()
- 0๏ธโฃ Complete RFC standardisation on CRLF (
\r\n
) line breaks for SMTP by default:PHPMailer:$LE
defaults to CRLF- All uses of
PHPMailer::$LE
property converted to usestatic::$LE
constant for consistency and ease of overriding - Similar changes to line break handling in SMTP and POP3 classes.
- Line break format for
mail()
transport is set automatically. - Warnings emitted for buggy
mail()
in PHP versions 7.0.0 - 7.0.16 and 7.1.0 - 7.1.2; either upgrade or switch to SMTP.
- ๐ Extensive reworking of XOAUTH2, adding support for Google, Yahoo and Microsoft providers, thanks to @sherryl4george
- ๐ Major cleanup of docs and examples
- ๐ All elements previously marked as deprecated have been removed:
PHPMailer->Version
(replaced withVERSION
constant)PHPMailer->ReturnPath
PHPMailer->PluginDir
PHPMailer->encodeQPphp()
SMTP->CRLF
(replaced withLE
constant)SMTP->Version
(replaced withVERSION
constant)SMTP->SMTP_PORT
(replaced withDEFAULT_PORT
constant)POP3->CRLF
(replaced withLE
constant)POP3->Version
(replaced withVERSION
constant)POP3->POP3_PORT
(replaced withDEFAULT_PORT
constant)POP3->POP3_TIMEOUT
(replaced withDEFAULT_TIMEOUT
constant)
- ๐ NTLM authentication has been removed - it never worked anyway!
PHPMailer->Workstation
PHPMailer->Realm
- ๐
SingleTo
functionality is deprecated; this belongs at a higher level - PHPMailer is not a mailing list system. SMTP::authenticate
method signature changed- ๐
parseAddresses()
is now static - ๐
validateAddress()
is now called statically fromparseAddresses()
- ๐
idnSupported()
is now static and is called statically frompunyencodeAddress()
PHPMailer->SingleToArray
is now protected- ๐
fixEOL()
method removed - it duplicatesPHPMailer::normalizeBreaks()
, so use that instead - ๐ Don't try to use an auth mechanism if it's not supported by the server
- Reorder automatic AUTH mechanism selector to try most secure method first
- ๐ฆ
Extras
classes have been removed - use alternative packages from packagist.org instead - ๐ Better handling of automatic transfer encoding switch in the presence of long lines
- Simplification of address validation - now uses PHP's
FILTER_VALIDATE_EMAIL
pattern by default, retains advanced options Debugoutput
can accept a PSR-3 logger instance- ๐ To reduce code footprint, the examples folder is no longer included in composer deployments or github zip files
- Trap low-level errors in SMTP, reports via debug output
- More reliable folding of message headers
- Inject your own SMTP implementation via
setSMTPInstance()
instead of having to subclass and overridegetSMTPInstance()
. - ๐ Make obtaining SMTP transaction ID more reliable
- ๐ Better handling of unreliable PHP timeouts
- Made
SMTPDebug = 4
slightly less noisy
-
v5.2.28 Changes
March 19, 2020๐ A small change to prevent deprecation notices while running legacy systems on newer PHP versions. See #2015
-
v5.2.27 Changes
November 14, 2018- ๐ SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.
๐ Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018.
-
v5.2.26 Changes
November 04, 2017- ๐ Minor security backport from 6.0 - set
Debugoutput
in constructor according to SAPI in use, avoiding potential XSS in default debug output. Thanks to Bankde Eakasit for spotting it.
- ๐ Minor security backport from 6.0 - set
-
v5.2.25 Changes
August 28, 2017- ๐ Make obtaining SMTP transaction ID more reliable
- โ Add Bosnian translation
- ๐ This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the 5.2-stable branch), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0.
-
v5.2.24 Changes
July 26, 2017- ๐ SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The
code_generator.phps
example did not filter user input prior to output. This file is distributed with a.phps
extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project. - ๐ Handle bare codes (an RFC contravention) in SMTP server responses
- ๐ Make message timestamps more dynamic - calculate the date separately for each message
- More thorough checks for reading attachments.
- ๐ป Throw an exception when trying to send a message with an empty body caused by an internal error.
- Replaced all use of MD5 and SHA1 hash functions with SHA256.
- Now checks for invalid host strings when sending via SMTP.
- Include timestamps in HTML-format debug output
- ๐ Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations
- Correction of Serbian ISO language code from
sr
tors
- ๐ Fix matching of multiple entries in
Host
to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b) - ๐ Better capture and reporting of SMTP connection errors
- ๐ SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The
-
v5.2.23 Changes
March 15, 2017- ๐ Improve trapping of TLS errors during connection so that they don't cause warnings, and are reported better in debug output
- โ Amend test suite so it uses PHPUnit version 4.8, compatible with older versions of PHP, instead of the version supplied by Travis-CI
- ๐ This forces pinning of some dev packages to older releases, but should make travis builds more reliable
- โ Test suite now runs on HHVM, and thus so should PHPMailer in general
- ๐ Improve Czech translations
- โ Add links to CVE-2017-5223 resources
-
v5.2.22 Changes
January 05, 2017- ๐ SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to
msgHTML()
is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls tomsgHTML()
without a$basedir
will not import images with relative URLs, and relative URLs containing..
will be ignored. - โ Add simple contact form example
- โ Emoji in test content
- ๐ SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to
-
v5.2.21 Changes
December 28, 2016- ๐ Fix missed number update in version file - no functional changes