Skip to content

@Synchro Synchro released this Jan 9, 2017 · 629 commits to master since this release

  • SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML() is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML() without a $basedir will not import images with relative URLs, and relative URLs containing .. will be ignored.
  • Add simple contact form example
  • Emoji in test content
Assets 2
You can’t perform that action at this time.