Elan Ruusamäe [Tue, 14 Nov 2017 19:12:16 +0000 (21:12 +0200)]
up to 5.2.25 (August 28th 2017)
- Make obtaining SMTP transaction ID more reliable
- Add Bosnian translation
This is the last official release in the legacy PHPMailer 5.2 series;
there may be future security patches (which will be found in the
[5.2-stable branch](https://github.com/PHPMailer/PHPMailer/tree/5.2-stable)),
but no further non-security PRs or issues will be accepted.
Elan Ruusamäe [Tue, 14 Nov 2017 19:08:23 +0000 (21:08 +0200)]
up to 5.2.24 (July 26th 2017)
- **SECURITY** Fix XSS vulnerability in one of the code examples, [CVE-2017-11503](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11503). The `code_generator.phps` example did not filter user input prior to output. This file is distributed with a `.phps` extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
- Handle bare codes (an RFC contravention) in SMTP server responses
- Make message timestamps more dynamic - calculate the date separately for each message
- Include timestamps in HTML-format debug output
- Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations
- Correction of Serbian ISO language code from `sr` to `rs`
- Fix matching of multiple entries in `Host` to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b)
- Better capture and reporting of SMTP connection errors
Elan Ruusamäe [Tue, 27 Dec 2016 08:33:52 +0000 (10:33 +0200)]
Version 5.2.18 (December 24th 2016); SECURITY
- Critical security update for CVE-2016-10033 please update now! Thanks to Dawid Golunski.
- Add ability to extract the SMTP transaction ID from some common SMTP success messages
- Minor documentation tweaks
Elan Ruusamäe [Tue, 27 Dec 2016 08:32:46 +0000 (10:32 +0200)]
Version 5.2.17 (December 9th 2016)
This is officially the last feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0!
- Allow DKIM private key to be provided as a string
- Provide mechanism to allow overriding of boundary and message ID creation
- Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations
- PHP 7.1 support for Travis-CI
- Fix some language codes
- Add security notices
- Improve DKIM compatibility in older PHP versions
- Improve trapping and capture of SMTP connection errors
- Improve passthrough of error levels for debug output
- PHPDoc cleanup
Elan Ruusamäe [Fri, 16 Sep 2016 12:25:20 +0000 (15:25 +0300)]
Version 5.2.16 (June 6th 2016)
- Added DKIM example
- Fixed empty additional_parameters problem
- Fixed wrong version number in VERSION file!
- Improve line-length tests
- Use instance settings for SMTP::connect by default
- Use more secure auth mechanisms first
Elan Ruusamäe [Fri, 16 Sep 2016 12:24:47 +0000 (15:24 +0300)]
Version 5.2.15 (May 10th 2016)
- Added ability to inject custom address validators, and set the default validator
- Fix TLS 1.2 compatibility
- Remove some excess line breaks in MIME structure
- Updated Polish, Russian, Brazilian Portuguese, Georgian translations
- More DRY!
- Improve error messages
- Update dependencies
- Add example showing how to handle multiple form file uploads
- Improve SMTP example
- Improve Windows compatibility
- Use consistent names for temp files
- Fix gmail XOAUTH2 scope, thanks to @sherryl4george
- Fix extra line break in getSentMIMEMessage()
- Improve DKIM signing to use SHA-2
Elan Ruusamäe [Thu, 25 Feb 2016 07:11:31 +0000 (09:11 +0200)]
Version 5.2.14 (Nov 1st 2015)
- Allow addresses with IDN (Internationalized Domain Name) in PHP 5.3+, thanks to @fbonzon
- Allow access to POP3 errors
- Make all POP3 private properties and methods protected
- **SECURITY** Fix vulnerability that allowed email addresses with line breaks
(valid in RFC5322) to pass to SMTP, permitting message injection at the SMTP
level. Mitigated in both the address validator and in the lower-level SMTP
class. Thanks to Takeshi Terada.
- Updated Brazilian Portuguese translations (Thanks to @phelipealves)
Elan Ruusamäe [Fri, 4 Sep 2015 08:39:38 +0000 (11:39 +0300)]
Version 5.2.12 (Sep 1st 2015)
html2text is removed due licensing issues
https://github.com/PHPMailer/PHPMailer/issues/232
however you can use callback now:
// Use your own custom converter
$plain = $mail->html2text($html, function($html) {
$converter = new MyHtml2text($html);
return $converter->get_text();
});
for example
https://github.com/soundasleep/html2text