[wp-trac] [WordPress Trac] #40472: Update PHPMailer to 5.2.25
WordPress Trac
noreply at wordpress.org
Thu Jan 4 22:47:58 UTC 2018
#40472: Update PHPMailer to 5.2.25
-------------------------------------+------------------------------
Reporter: MattyRob | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: External Libraries | Version: 4.8
Severity: major | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by rogueresearch):
I'm using WordPress 4.9.1 (current) and started evaluating the Ninja Forms
plugin (which can send emails). In the headers of the emails it
generates, I see:
{{{
X-Mailer: PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer)
}}}
This concerned me because:
1) 5.2.22 is a year old (2017-01-09).
2) 5.2 branch is only getting security updates at this point.
3) 5.2.24 has security fixes (CVE-2017-11503).
3) 5.2.26 is current (2017-11-04) and contains another security fix.
Even if the security issue doesn't affect the WP core, might it not affect
plugins?
@MattyRob : I tried to look at your patch, but it seems there was a
space<->tab change, making it difficult to review.
What is required to move this along? I could help with testing...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40472#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list