Skip to content

Bump phpmailer/phpmailer from 5.2.22 to 5.2.28 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump phpmailer/phpmailer from 5.2.22 to 5.2.28 #7

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 22, 2021

Bumps phpmailer/phpmailer from 5.2.22 to 5.2.28.

Release notes

Sourced from phpmailer/phpmailer's releases.

PHPMailer 5.2.28

A small change to prevent deprecation notices while running legacy systems on newer PHP versions. See #2015

PHPMailer 5.2.27

  • SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.

Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018.

PHPMailer 5.2.26

  • Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output. Thanks to Bankde Eakasit for spotting it.

PHPMailer 5.2.25

  • Make obtaining SMTP transaction ID more reliable
  • Add Bosnian translation

This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the 5.2-stable branch), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0.

PHPMailer 5.2.24

  • SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The code_generator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
  • Handle bare codes (an RFC contravention) in SMTP server responses
  • Make message timestamps more dynamic - calculate the date separately for each message
  • Include timestamps in HTML-format debug output
  • Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations
  • Correction of Serbian ISO language code from sr to rs
  • Fix matching of multiple entries in Host to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b)
  • Better capture and reporting of SMTP connection errors

PHPMailer 5.2.23

This is a minor maintenance release.

  • Improve trapping of TLS errors during connection so that they don't cause warnings, and are reported better in debug output
  • Amend test suite so it uses PHPUnit version 4.8, compatible with older versions of PHP, instead of the version supplied by Travis-CI
  • This forces pinning of some dev packages to older releases, but should make travis builds more reliable
  • Test suite now runs on HHVM, and thus so should PHPMailer in general
  • Improve Czech translations
  • Add links to CVE-2017-5223 resources
Changelog

Sourced from phpmailer/phpmailer's changelog.

Version 5.2.28 (March 19th, 2020)

  • Avoid deprecation notices in recent PHP versions

Version 5.2.27 (November 15th 2018)

  • SECURITY Fix potential object injection vulnerability. Reported by Sehun Oh of cyberone.kr.
  • Note that the 5.2 branch is now deprecated and will not receive security updates after 31st December 2018.

Version 5.2.26 (November 4th 2017)

  • Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output.

Version 5.2.25 (August 28th 2017)

  • Make obtaining SMTP transaction ID more reliable
  • Add Bosnian translation
  • This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the 5.2-stable branch), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0.

Version 5.2.24 (July 26th 2017)

  • SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The code_generator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
  • Handle bare codes (an RFC contravention) in SMTP server responses
  • Make message timestamps more dynamic - calculate the date separately for each message
  • Include timestamps in HTML-format debug output
  • Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations
  • Correction of Serbian ISO language code from sr to rs
  • Fix matching of multiple entries in Host to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b)
  • Better capture and reporting of SMTP connection errors

Version 5.2.23 (March 15th 2017)

  • Improve trapping of TLS errors during connection so that they don't cause warnings, and are reported better in debug output
  • Amend test suite so it uses PHPUnit version 4.8, compatible with older versions of PHP, instead of the version supplied by Travis-CI
  • This forces pinning of some dev packages to older releases, but should make travis builds more reliable
  • Test suite now runs on HHVM, and thus so should PHPMailer in general
  • Improve Czech translations
  • Add links to CVE-2017-5223 resources
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump phpmailer/phpmailer from 5.2.22 to 5.2.28
60216a1 
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 5.2.22 to 5.2.28.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/v5.2.28/changelog.md)
- [Commits](PHPMailer/PHPMailer@v5.2.22...v5.2.28)

---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants