Version 6.6.0 February 28th, 2022)
Version 6.5.0 (June 16th, 2021)
- SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details.
- The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the
.operator. - Deprecation The current translation file format using PHP arrays is now deprecated; the next major version will introduce a new format.
- SECURITY Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator. See SECURITY.md for details.
- The fix for this issue includes a minor BC break: callables injected into
validateAddress, or indirectly through the$validatorclass property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name. - Haraka message ID strings are now recognised
PHPMailer-5.2.19
Security Fix
PHPMailer-5.2.17
A maintenance update with a few minor feature additions.
This is officially the last feature release of the 5.2.x line. Security fixes only from now on; use PHPMailer 6.0!
Added ability to extract SMTP transaction ID from successful submissions
Allow DKIM private key to be provided as a string
Provide mechanism to allow overriding of boundary and message ID creation
Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations
PHP 7.1 support for Travis-CI
Fix some language codes
Add security notices
Improve DKIM compatibility in older PHP versions
Improve trapping and capture of SMTP connection errors
Improve passthrough of error levels for debug output
PHPMailer 5.2.16
A minor maintenance release
Added DKIM example
Fixed empty additional_parameters problem
Fixed wrong version number in VERSION file!
Improve line-length tests
Use instance settings in smtpConnect by default
Use more secure auth mechanisms first