hcodebr / ecommerce

77 stars 69 forks source link

Bump phpmailer/phpmailer from 5.2.22 to 5.2.27 #10

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps phpmailer/phpmailer from 5.2.22 to 5.2.27.

Release notes

Sourced from phpmailer/phpmailer's releases.

PHPMailer 5.2.27

  • SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.

Note that the 5.2 branch is deprecated and will not receive security updates after 31st December 2018.

PHPMailer 5.2.26

  • Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output. Thanks to Bankde Eakasit for spotting it.

PHPMailer 5.2.25

  • Make obtaining SMTP transaction ID more reliable
  • Add Bosnian translation

This is the last official release in the legacy PHPMailer 5.2 series; there may be future security patches (which will be found in the 5.2-stable branch), but no further non-security PRs or issues will be accepted. Migrate to PHPMailer 6.0.

PHPMailer 5.2.24

  • SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The code_generator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default). Patches for both issues kindly provided by Patrick Monnerat of the Fedora Project.
  • Handle bare codes (an RFC contravention) in SMTP server responses
  • Make message timestamps more dynamic - calculate the date separately for each message
  • Include timestamps in HTML-format debug output
  • Improve Turkish, Norwegian, Serbian, Brazilian Portuguese & simplified Chinese translations
  • Correction of Serbian ISO language code from sr to rs
  • Fix matching of multiple entries in Host to match IPv6 literals without breaking port selection (see #1094, caused by a3b4f6b)
  • Better capture and reporting of SMTP connection errors

PHPMailer 5.2.23

This is a minor maintenance release.

  • Improve trapping of TLS errors during connection so that they don't cause warnings, and are reported better in debug output
  • Amend test suite so it uses PHPUnit version 4.8, compatible with older versions of PHP, instead of the version supplied by Travis-CI
  • This forces pinning of some dev packages to older releases, but should make travis builds more reliable
  • Test suite now runs on HHVM, and thus so should PHPMailer in general
  • Improve Czech translations
  • Add links to CVE-2017-5223 resources
Changelog

Sourced from phpmailer/phpmailer's changelog.

Version 5.2.27 (November 14th 2018)

  • SECURITY Fix potential object injection vulnerability. Reported by Sehun Oh of cyberone.kr.
  • Note that the 5.2 branch is now deprecated and will not receive security updates after 31st December 2018.

Version 6.0.5 (March 27th 2018)

  • Re-roll of 6.0.4 to fix missed version file entry. No code changes.

Version 6.0.4 (March 27th 2018)

  • Add some modern MIME types
  • Add Hindi translation (thanks to @dextel2)
  • Improve composer docs
  • Fix generation of path to language files

Version 6.0.3 (January 5th 2018)

  • Correct DKIM canonicalization of line breaks for header & body - thanks to @themichaelhall
  • Make dependence on ext-filter explicit in composer.json

Version 6.0.2 (November 29th 2017)

  • Don't make max line length depend on line break format
  • Improve Travis-CI config - thanks to Filippo Tessarotto
  • Match SendGrid transaction IDs
  • idnSupported() now static, as previously documented
  • Improve error messages for invalid addresses
  • Improve Indonesian translation (thanks to @januridp)
  • Improve Esperanto translation (thanks to @dknacht)
  • Clean up git export ignore settings for production and zip bundles
  • Update license doc
  • Updated upgrading docs
  • Clarify addStringEmbeddedImage docs
  • Hide auth credentials in all but lowest level debug output, prevents leakage in bug reports
  • Code style cleanup

Version 6.0.1 (September 14th 2017)

  • Use shorter Message-ID headers (with more entropy) to avoid iCloud blackhole bug
  • Switch to Symfony code style (though it's not well defined)
  • CI builds now apply syntax & code style checks, so make your PRs tidy!
  • CI code coverage only applied on latest version of PHP to speed up builds (thanks to @Slamdunk for these CI changes)
  • Remove composer.lock - it's important that libraries break early; keeping it is for apps
  • Rename test scripts to PSR-4 spec
  • Make content-id values settable on attachments, not just embedded items
  • Add SMTP transaction IDs to callbacks & allow for future expansion
  • Expand test coverage

Version 6.0 (August 28th 2017)

This is a major update that breaks backwards compatibility.

  • Requires PHP 5.5 or later
  • Uses the PHPMailer\PHPMailer namespace
  • File structure simplified and PSR-4 compatible, classes live in the src/ folder
  • The custom autoloader has been removed: use composer!
... (truncated)
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hcodebr/ecommerce/network/alerts).
dependabot[bot] commented 4 years ago

Superseded by #12.