All Versions
105
Latest Version
Avg Release Cycle
48 days
Latest Release
731 days ago

Changelog History
Page 4

  • v6.0.1 Changes

    September 14, 2017
    • ๐Ÿ‘‰ Use shorter Message-ID headers (with more entropy) to avoid iCloud blackhole bug
    • ๐Ÿ’… Switch to Symfony code style (though it's not well defined)
    • ๐Ÿ’… CI builds now apply syntax & code style checks, so make your PRs tidy!
    • ๐Ÿ— CI code coverage only applied on latest version of PHP to speed up builds (thanks to @Slamdunk for these CI changes)
    • โœ‚ Remove composer.lock - it's important that libraries break early; keeping it is for apps
    • โœ… Rename test scripts to PSR-4 spec
    • ๐Ÿ‘‰ Make content-id values settable on attachments, not just embedded items
    • โž• Add SMTP transaction IDs to callbacks & allow for future expansion
    • โœ… Expand test coverage
  • v6.0 Changes

    August 28, 2017

    โšก๏ธ This is a major update that breaks backwards compatibility.

    • Requires PHP 5.5 or later
    • ๐Ÿ‘‰ Uses the PHPMailer\PHPMailer namespace
    • File structure simplified and PSR-4 compatible, classes live in the src/ folder
    • ๐Ÿ‘‰ The custom autoloader has been removed: use composer!
    • Classes & Exceptions renamed to make use of the namespace
    • Most statically called functions now use the static keyword instead of self, so it's possible to override static internal functions in subclasses, for example validateAddress()
    • 0๏ธโƒฃ Complete RFC standardisation on CRLF (\r\n) line breaks for SMTP by default:
      • PHPMailer:$LE defaults to CRLF
      • All uses of PHPMailer::$LE property converted to use static::$LE constant for consistency and ease of overriding
      • Similar changes to line break handling in SMTP and POP3 classes.
      • Line break format for mail() transport is set automatically.
      • Warnings emitted for buggy mail() in PHP versions 7.0.0 - 7.0.16 and 7.1.0 - 7.1.2; either upgrade or switch to SMTP.
    • ๐Ÿ‘ Extensive reworking of XOAUTH2, adding support for Google, Yahoo and Microsoft providers, thanks to @sherryl4george
    • ๐Ÿ“„ Major cleanup of docs and examples
    • ๐Ÿšš All elements previously marked as deprecated have been removed:
      • PHPMailer->Version (replaced with VERSION constant)
      • PHPMailer->ReturnPath
      • PHPMailer->PluginDir
      • PHPMailer->encodeQPphp()
      • SMTP->CRLF (replaced with LE constant)
      • SMTP->Version (replaced with VERSION constant)
      • SMTP->SMTP_PORT (replaced with DEFAULT_PORT constant)
      • POP3->CRLF (replaced with LE constant)
      • POP3->Version (replaced with VERSION constant)
      • POP3->POP3_PORT (replaced with DEFAULT_PORT constant)
      • POP3->POP3_TIMEOUT (replaced with DEFAULT_TIMEOUT constant)
    • ๐Ÿšš NTLM authentication has been removed - it never worked anyway!
      • PHPMailer->Workstation
      • PHPMailer->Realm
    • ๐Ÿ—„ SingleTo functionality is deprecated; this belongs at a higher level - PHPMailer is not a mailing list system.
    • SMTP::authenticate method signature changed
    • ๐Ÿ“œ parseAddresses() is now static
    • ๐Ÿ“œ validateAddress() is now called statically from parseAddresses()
    • ๐Ÿ‘ idnSupported() is now static and is called statically from punyencodeAddress()
    • PHPMailer->SingleToArray is now protected
    • ๐Ÿšš fixEOL() method removed - it duplicates PHPMailer::normalizeBreaks(), so use that instead
    • ๐Ÿ‘ Don't try to use an auth mechanism if it's not supported by the server
    • Reorder automatic AUTH mechanism selector to try most secure method first
    • ๐Ÿ“ฆ Extras classes have been removed - use alternative packages from packagist.org instead
    • ๐Ÿ‘ Better handling of automatic transfer encoding switch in the presence of long lines
    • Simplification of address validation - now uses PHP's FILTER_VALIDATE_EMAIL pattern by default, retains advanced options
    • Debugoutput can accept a PSR-3 logger instance
    • ๐Ÿš€ To reduce code footprint, the examples folder is no longer included in composer deployments or github zip files
    • Trap low-level errors in SMTP, reports via debug output
    • More reliable folding of message headers
    • Inject your own SMTP implementation via setSMTPInstance() instead of having to subclass and override getSMTPInstance().
    • ๐Ÿ‘‰ Make obtaining SMTP transaction ID more reliable
    • ๐Ÿ‘ Better handling of unreliable PHP timeouts
    • Made SMTPDebug = 4 slightly less noisy
  • v5.2.28 Changes

    March 19, 2020

    ๐Ÿ‘€ A small change to prevent deprecation notices while running legacy systems on newer PHP versions. See #2015

  • v5.2.27 Changes

    November 14, 2018
    • ๐Ÿ”’ SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.

    ๐Ÿ—„ Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018.

  • v5.2.26 Changes

    November 04, 2017
    • ๐Ÿ”’ Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output. Thanks to Bankde Eakasit for spotting it.
  • v5.2.25 Changes

    August 28, 2017
    • ๐Ÿ‘‰ Make obtaining SMTP transaction ID more reliable
    • โž• Add Bosnian translation
    • ๐Ÿš€ This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the 5.2-stable branch), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0.
  • v5.2.24 Changes

    July 26, 2017
    • ๐Ÿ”’ SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The code_generator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
    • ๐Ÿ– Handle bare codes (an RFC contravention) in SMTP server responses
    • ๐Ÿ‘‰ Make message timestamps more dynamic - calculate the date separately for each message
    • More thorough checks for reading attachments.
    • ๐Ÿ‘ป Throw an exception when trying to send a message with an empty body caused by an internal error.
    • Replaced all use of MD5 and SHA1 hash functions with SHA256.
    • Now checks for invalid host strings when sending via SMTP.
    • Include timestamps in HTML-format debug output
    • ๐Ÿ‘Œ Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations
    • Correction of Serbian ISO language code from sr to rs
    • ๐Ÿ›  Fix matching of multiple entries in Host to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b)
    • ๐Ÿ‘ Better capture and reporting of SMTP connection errors
  • v5.2.23 Changes

    March 15, 2017
    • ๐Ÿ‘Œ Improve trapping of TLS errors during connection so that they don't cause warnings, and are reported better in debug output
    • โœ… Amend test suite so it uses PHPUnit version 4.8, compatible with older versions of PHP, instead of the version supplied by Travis-CI
    • ๐Ÿš€ This forces pinning of some dev packages to older releases, but should make travis builds more reliable
    • โœ… Test suite now runs on HHVM, and thus so should PHPMailer in general
    • ๐Ÿ‘Œ Improve Czech translations
    • โž• Add links to CVE-2017-5223 resources
  • v5.2.22 Changes

    January 05, 2017
    • ๐Ÿ”’ SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML() is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML() without a $basedir will not import images with relative URLs, and relative URLs containing .. will be ignored.
    • โž• Add simple contact form example
    • โœ… Emoji in test content
  • v5.2.21 Changes

    December 28, 2016
    • ๐Ÿ›  Fix missed number update in version file - no functional changes