PHPMailer 5.2.20

@Synchro Synchro released this Dec 28, 2016 · 15 commits to master since this release

Important security update!

This release patches the critical vulnerability described in CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane (@Zenexer).

Possible side effect - complex sender addresses (such as those used in VERP addressing) may no longer work. We advise switching to the SMTP transport if you need that functionality, and it offers higher performance anyway.

Please update your systems as soon as possible.

Additional notes on this incident are available in the PHPMailer wiki.

Note that the vulnerability described in here likely affects many other projects in a similar way, so please practice responsible disclosure, and help project maintainers fix security issues.