View Issue Details

IDProjectCategoryView StatusLast Update
0023830mantisbtsecuritypublic2018-02-06 21:17
ReporterdregadAssigned Todregad 
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version 
Target Version2.11.0Fixed in Version2.11.0 
Summary0023830: Update PHPMailer to 5.2.26
Description

Minor security issue [1]

PHPMailer 5.2.25 and earlier default to using echo for output, which has a potential for XSS if debug output is left on in production. This was already fixed in 6.0, change added to 5.2.26.
Thanks to Bankde Eakasit for spotting it.

TagsNo tags attached.

Activities

dregad

dregad

2018-01-11 10:07

developer   ~0058528

Not targeting to 2.10.1, because it's a minor issue that shouldn't be affecting us since we do not enable PHPMailer debug output.

Related Changesets

MantisBT: master c883b834

2018-01-11 10:03:45

dregad

Details Diff
Updating PHPMailer to v5.2.26

Fixing minor security issue, potential XSS if debug output is activated.

Composer:
- Updating phpmailer/phpmailer (v5.2.25 => v5.2.26)

Fixes 0023830
Affected Issues
0023830
mod - composer.lock Diff File

Issue History

Date Modified Username Field Change
2018-01-11 10:02 dregad New Issue
2018-01-11 10:02 dregad Status new => assigned
2018-01-11 10:02 dregad Assigned To => dregad
2018-01-11 10:07 dregad Description Updated View Revisions
2018-01-11 10:07 dregad Note Added: 0058528
2018-01-11 10:08 dregad Changeset attached => MantisBT master c883b834
2018-01-11 10:08 dregad Status assigned => resolved
2018-01-11 10:08 dregad Resolution open => fixed
2018-01-11 10:08 dregad Fixed in Version => 2.11.0
2018-02-06 21:17 vboctor Status resolved => closed