View Issue Details

IDProjectCategoryView StatusLast Update
0023830mantisbtsecuritypublic2018-02-06 21:17
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Target Version2.11.0Fixed in Version2.11.0 
Summary0023830: Update PHPMailer to 5.2.26
Description

Minor security issue [1]

PHPMailer 5.2.25 and earlier default to using echo for output, which has a potential for XSS if debug output is left on in production. This was already fixed in 6.0, change added to 5.2.26.
Thanks to Bankde Eakasit for spotting it.

TagsNo tags attached.

Activities

dregad

dregad

2018-01-11 10:07

developer   ~0058528

Not targeting to 2.10.1, because it's a minor issue that shouldn't be affecting us since we do not enable PHPMailer debug output.

Related Changesets

MantisBT: master c883b834

2018-01-11 05:03

dregad


Details Diff
Updating PHPMailer to v5.2.26

Fixing minor security issue, potential XSS if debug output is activated.

Composer:
- Updating phpmailer/phpmailer (v5.2.25 => v5.2.26)

Fixes 0023830
Affected Issues
0023830
mod - composer.lock Diff File