[5.3] Update SwiftMailer #17131
[5.3] Update SwiftMailer #17131
Conversation
|
This won't actually affect security at all, because composer will just resolve an earlier version of laravel if someone wants to install an older swiftmailer. |
|
Please send to the 5.4 branch here, so that 5.4.x will force the new version of swiftmailer. Also, please update all our composer.json files in this repo. The only other file should be in laravel/framework/src/Mail, but please check for any others I could have forgotten about. |
|
Also, this vulnerability probably affects nearly nobody using laravel, because use of smtp, or guzzle powered drivers is much more common. |
|
Should we deprecate/remove the mail() method? As it's now also deprecated in swiftmailer? |
|
I already removed it from the list of config options in the 5.4 boilerplate. We can probably remove support entirely in L5.5. |
|
I would officially deprecate it in the docs/code then, so we can remove it without anybody complaining about it ;) |
This is due to the vulnerability discovered in SwiftMailer which is now fixed in 5.4.5:
swiftmailer/swiftmailer#847
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html