Nakiami / mellivora

Mellivora is a CTF engine written in PHP
GNU General Public License v3.0
443 stars 170 forks source link

Bump phpmailer/phpmailer from 5.2.27 to 6.1.6 #140

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps phpmailer/phpmailer from 5.2.27 to 6.1.6.

Release notes

Sourced from phpmailer/phpmailer's releases.

PHPMailer 6.1.6

This is a security release, with some other minor changes. For full details, refer to the advisory.

  • SECURITY Fix insufficient output escaping bug in file attachment names. CVE-2020-13625. Reported by Elar Lang of Clarified Security.
  • Correct Armenian ISO language code from am to hy, add mapping for fallback
  • Use correct timeout property in debug output

PHPMailer 6.1.5

This is a maintenance release.

  • Reject invalid custom headers that are empty or contain breaks
  • Various fixes for DKIM issues, especially when using mail() transport
  • Drop the l= length tag from DKIM signatures; it's a mild security risk
  • Ensure CRLF is used explicitly when needed, rather than static::$LE
  • Add a method for trimming header content consistently
  • Some minor tweaks to resolve static analyser complaints
  • Check that attachment files are readable both when adding and when sending
  • Work around Outlook bug in mishandling MIME preamble
  • Danish translation improvements

PHPMailer 6.1.4

The RFC2047 folding added in 6.1.0 was a little overenthusiastic; It will now only happen when header lines exceed 998 chars.

  • Clean up hostname handling
  • Avoid IDN error on older PHP versions, prep for PHP 8.0
  • Don't force RFC2047 folding unnecessarily
  • Enable tests on full release of PHP 7.4

PHPMailer 6.1.3

  • Fix an issue preventing injected debug handlers from working
  • Fix an issue relating to connection timeout
  • Add SMTP::MAX_REPLY_LENGTH constant
  • Remove some dev dependencies; phpdoc no longer included
  • Fix an issue where non-compliant servers returning bare codes caused an SMTP hang

PHPMailer 6.1.2

  • Substantial revision of DKIM header generation
  • Use shorter hashes for auto-generated CID values
  • Fix format of content-id headers, and only use them for inline attachments
  • Remove all use of XHTML
  • Lots of coding standards cleanup
  • API docs are now auto-updated via GitHub actions
  • Fix header separation bug created in 6.1.1
  • Fix misidentification of background attributes in SVG images in msgHTML

PHPMailer 6.1.1

No code changes, just retagging for a misordered commit for 6.1.0.

PHPMailer 6.1.0

... (truncated)
Changelog

Sourced from phpmailer/phpmailer's changelog.

Version 6.1.6 (May 27th, 2020)

  • SECURITY Fix insufficient output escaping bug in file attachment names. CVE-2020-13625. Reported by Elar Lang of Clarified Security.
  • Correct Armenian ISO language code from am to hy, add mapping for fallback
  • Use correct timeout property in debug output

Version 6.1.5 (March 14th, 2020)

  • Reject invalid custom headers that are empty or contain breaks
  • Various fixes for DKIM issues, especially when using mail() transport
  • Drop the l= length tag from DKIM signatures; it's a mild security risk
  • Ensure CRLF is used explicitly when needed, rather than static::$LE
  • Add a method for trimming header content consistently
  • Some minor tweaks to resolve static analyser complaints
  • Check that attachment files are readable both when adding and when sending
  • Work around Outlook bug in mishandling MIME preamble
  • Danish translation improvements

Version 6.1.4 (December 10th, 2019)

  • Clean up hostname handling
  • Avoid IDN error on older PHP versions, prep for PHP 8.0
  • Don't force RFC2047 folding unnecessarily
  • Enable tests on full release of PHP 7.4

Version 6.1.3 (November 21st, 2019)

  • Fix an issue preventing injected debug handlers from working
  • Fix an issue relating to connection timeout
  • Add SMTP::MAX_REPLY_LENGTH constant
  • Remove some dev dependencies; phpdoc no longer included
  • Fix an issue where non-compliant servers returning bare codes caused an SMTP hang

Version 6.1.2 (November 13th, 2019)

  • Substantial revision of DKIM header generation
  • Use shorter hashes for auto-generated CID values
  • Fix format of content-id headers, and only use them for inline attachments
  • Remove all use of XHTML
  • Lots of coding standards cleanup
  • API docs are now auto-updated via GitHub actions
  • Fix header separation bug created in 6.1.1
  • Fix misidentification of background attributes in SVG images in msgHTML

Version 6.1.1 (September 27th 2019)

  • Fix misordered version tag

Version 6.1.0 (September 27th 2019)

  • Multiple bug fixes for folding of long header lines, thanks to @caugner
  • Add support for RFC2387 child element content-type hint in multipart/related structures.
  • Support for Ical event methods other than REQUEST, thanks to @puhr-mde
  • Change header folding and param separation to use spaces instead of tabs
  • Use ; to separate multiple MIME header params
  • Add support for RFC3461 DSN messages
  • IMAP example code fixed
... (truncated)
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Nakiami/mellivora/network/alerts).
dependabot[bot] commented 4 years ago

Looks like phpmailer/phpmailer is up-to-date now, so this is no longer needed.