Bump phpmailer/phpmailer from 5.2.23 to 5.2.27 in /app/api #39

dependabot · 2020-03-06T08:16:21Z

Bumps phpmailer/phpmailer from 5.2.23 to 5.2.27.

Release notes

Sourced from phpmailer/phpmailer's releases.

PHPMailer 5.2.27

SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.

Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018.

PHPMailer 5.2.26

Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output. Thanks to Bankde Eakasit for spotting it.

PHPMailer 5.2.25

Make obtaining SMTP transaction ID more reliable

Add Bosnian translation

This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the 5.2-stable branch), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0.

PHPMailer 5.2.24

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The code_generator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.

Handle bare codes (an RFC contravention) in SMTP server responses

Make message timestamps more dynamic - calculate the date separately for each message

Include timestamps in HTML-format debug output

Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations

Correction of Serbian ISO language code from sr to rs

Fix matching of multiple entries in Host to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b)

Better capture and reporting of SMTP connection errors

Changelog

Sourced from phpmailer/phpmailer's changelog.

Version 5.2.27 (November 14th 2018)

SECURITY Fix potential object injection vulnerability. Reported by Sehun Oh of cyberone.kr.

Note that the 5.2 branch is now deprecated and will not receive security updates after 31st December 2018.

Version 6.0.5 (March 27th 2018)

Re-roll of 6.0.4 to fix missed version file entry. No code changes.

Version 6.0.4 (March 27th 2018)

Add some modern MIME types

Add Hindi translation (thanks to @dextel2)

Improve composer docs

Fix generation of path to language files

Version 6.0.3 (January 5th 2018)

Correct DKIM canonicalization of line breaks for header & body - thanks to @themichaelhall

Make dependence on ext-filter explicit in composer.json

Version 6.0.2 (November 29th 2017)

Don't make max line length depend on line break format

Improve Travis-CI config - thanks to Filippo Tessarotto

Match SendGrid transaction IDs

idnSupported() now static, as previously documented

Improve error messages for invalid addresses

Improve Indonesian translation (thanks to @januridp)

Improve Esperanto translation (thanks to @dknacht)

Clean up git export ignore settings for production and zip bundles

Update license doc

Updated upgrading docs

Clarify addStringEmbeddedImage docs

Hide auth credentials in all but lowest level debug output, prevents leakage in bug reports

Code style cleanup

Version 6.0.1 (September 14th 2017)

Use shorter Message-ID headers (with more entropy) to avoid iCloud blackhole bug

Switch to Symfony code style (though it's not well defined)

CI builds now apply syntax & code style checks, so make your PRs tidy!

CI code coverage only applied on latest version of PHP to speed up builds (thanks to @Slamdunk for these CI changes)

Remove composer.lock - it's important that libraries break early; keeping it is for apps

Rename test scripts to PSR-4 spec

Make content-id values settable on attachments, not just embedded items

Add SMTP transaction IDs to callbacks & allow for future expansion

Expand test coverage

Version 6.0 (August 28th 2017)

This is a major update that breaks backwards compatibility.

Requires PHP 5.5 or later

Uses the PHPMailer\PHPMailer namespace

File structure simplified and PSR-4 compatible, classes live in the src/ folder

The custom autoloader has been removed: use composer!

... (truncated)

Commits

dde1db1 5.2.27
f1231a9 Backport changes for CVE-2018-19296
44776b5 Backport changes for CVE-2018-19296
4874af6 Fix 5.2-stable branch README.md minimal install links that 404 (#1461)
49ae798 Add .github directory to export-ignore (#1261)
22e8a57 Update license file, fixes #1243
7036299 5.2.26
b6316bb Switch debug output according to SAPI
b6eadbe minor typo change (#1222)
d914f73 Travis-CI no longer supports PHP 5.3, so remove it
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 5.2.23 to 5.2.27. - [Release notes](https://github.com/PHPMailer/PHPMailer/releases) - [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md) - [Commits](PHPMailer/PHPMailer@v5.2.23...v5.2.27) Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 6, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump phpmailer/phpmailer from 5.2.23 to 5.2.27 in /app/api #39

Bump phpmailer/phpmailer from 5.2.23 to 5.2.27 in /app/api #39

dependabot bot commented on behalf of github Mar 6, 2020

Bump phpmailer/phpmailer from 5.2.23 to 5.2.27 in /app/api #39

Are you sure you want to change the base?

Bump phpmailer/phpmailer from 5.2.23 to 5.2.27 in /app/api #39

Conversation

dependabot bot commented on behalf of github Mar 6, 2020

PHPMailer 5.2.27

PHPMailer 5.2.26

PHPMailer 5.2.25

PHPMailer 5.2.24

Version 5.2.27 (November 14th 2018)

Version 6.0.5 (March 27th 2018)

Version 6.0.4 (March 27th 2018)

Version 6.0.3 (January 5th 2018)

Version 6.0.2 (November 29th 2017)

Version 6.0.1 (September 14th 2017)

Version 6.0 (August 28th 2017)