[wp-trac] [WordPress Trac] #40472: Update PHPMailer to 5.2.25

WordPress Trac noreply at wordpress.org
Sat Oct 21 18:10:32 UTC 2017


#40472: Update PHPMailer to 5.2.25
-------------------------------------+------------------------------
 Reporter:  MattyRob                 |       Owner:
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  External Libraries       |     Version:  4.8
 Severity:  minor                    |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------------------
Changes (by aaroncampbell):

 * severity:  normal => minor


Comment:

 I took a look through our code and it doesn't look like we use the
 `phpmailerException::errorMessage()` helper function anywhere, which would
 mean the reported potential XSS doesn't affect WordPress core.

 I'm of the general opinion that keeping our libraries up to date is good,
 it's just not security related in this case.

 As a side note, if it ''was'' a valid security issue it should really be
 reported to https://hackerone.com/wordpress and not discussed publicly
 here on Trac.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40472#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list