Releases: PHPMailer/PHPMailer
PHPMailer 5.2.17
A maintenance update with a few minor feature additions.
This is officially the last feature release of the 5.2.x line. Security fixes only from now on; use PHPMailer 6.0!
- Added ability to extract SMTP transaction ID from successful submissions
- Allow DKIM private key to be provided as a string
- Provide mechanism to allow overriding of boundary and message ID creation
- Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations
- PHP 7.1 support for Travis-CI
- Fix some language codes
- Add security notices
- Improve DKIM compatibility in older PHP versions
- Improve trapping and capture of SMTP connection errors
- Improve passthrough of error levels for debug output
PHPMailer 5.2.16
A minor maintenance release
- Added DKIM example
- Fixed empty additional_parameters problem
- Fixed wrong version number in VERSION file!
- Improve line-length tests
- Use instance settings in
smtpConnectby default - Use more secure auth mechanisms first
PHPMailer 6.0.0rc2
Some minor tweaks and late features merged in from 5.2. Please test and report any issues. See #710
PHPMailer 5.2.15
A maintenance release with some small features:
- Added ability to inject custom address validators, and set the default validator
- Fixed TLS 1.2 compatibility
- Improved examples
- Improved Windows compatibility
- Upgraded DKIM signing to use SHA-2 hashes
- Fixed gmail XOAUTH2 scope
Note that (security patches notwithstanding) this will likely be the last release in the PHPMailer 5.2.x series for some time. The 6.0 branch will become master, and development will continue there, and any future 5.2.x releases will be in the 5.2-stable branch.
PHPMailer 6.0.0rc1
This is the first release candidate for PHPMailer 6.0 - please test and report any issues!
PHPMailer 5.2.14
This release contains an important security update.
Security update
Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack. These addresses were allowed by the 'pcre8' validator pattern (the default in recent PHP versions). This has been mitigated by rejecting line breaks during address validation, and also by rejecting line breaks in SMTP commands, which addresses the problem for applications using the SMTP class directly.
Internationalized domain names
In better news, this release also introduces support for internationalized domain names (IDNs) thanks to @fbonzon. A significant effect of this is that the point at which addresses are validated may change; since an IDN may depend on the current value of CharSet (which can be changed at any time), validations of addresses potentially containing IDNs are queued and not actually checked until send() is called rather than when the address is added. You may now use addresses like test@françois.ch and pre-punycoded addreses like test@xn--franois-xxa.ch everywhere that addresses are used in PHPMailer.
POP3
There is now better access to POP3 errors (when using POP-before-SMTP), and can now access POP3 properties and methods from subclasses.
Updated Russian and Brazilian Portuguese translations.
PHPMailer 5.2.13
This is a minor update, renaming the internal OAuth class to PHPMailerOAuthGoogle in order to avoid class name clashes.
Also updates PHPUnit dependency to 4.7 and updates Estonian translations.
PHPMailer 5.2.12
Minor changes:
- Fix incorrect composer package dependencies.
- Skip existing embedded image
cids inmsgHTML.
PHPMailer 5.2.11
Major changes:
- Support for Gmail's XOAUTH2 authentication system, thanks to @sherryl4george. Use of this feature requires PHP 5.4 or later. Read the docs.
- PHP7 is officially supported. Test suite is now run on PHP 7 and passes applicable php7cc checks.
Minor changes:
- Can now convert addresses from RFC822 format (e.g.
User Name <user@example.com>) - Fix some quoted-printable & line-length edge cases.
- Work-around for invalid MS Exchange AUTH implementation.
PHPMailer 5.2.10
Major changes:
- Automatic opportunistic TLS encryption even if you don't specify
SMTPSecure = 'tls' - Parsing of SMTP server capabilities
- The html2text class in extras had to be removed for licence reasons, inject your own converter
- Better standards compliance on timeouts, encoding, line length, DKIM, MIME structure
- Allow additional certs for S/MIME signing
- More languages - now up to 47!
- Provide stream context options to allow finer control of SSL options, such as allowing self-signed certs
- EasyPeasyICS much improved
- Better error reporting when individual messsages in a group fail, more detail on SMTP errors
- Improved checking for missing extensions (e.g. openssl)
- Improved composer config and docs