This is a maintenance and feature release, adding support for the official release of PHP 8.3, methods for removing and replacing custom headers, XCLIENT support, and links to a new way of implementing XOAUTH2 authentication.
The only change likely to have any impact on existing code is that PHPMailer previously attempted to use opportunistic STARTTLS encryption when connecting to localhost, which was unlikely to work. The workaround required setting SMTPAutoTLS = false, but that's no longer required. You may still need to use this setting when connecting to literal IPs.
Changes
Add support for official release of PHP 8.3, add experimental support for PHP 8.4
Add clearCustomHeader and replaceCustomHeader methods
Add support for the XCLIENT SMTP extension with setSMTPXclientAttribute and getSMTPXclientAttributes methods
Don't attempt opportunistic TLS when connecting to localhost
Update example to show a better way of using an SMTP subclass
Avoid some more deprecation warnings
Update Danish and Polish translations
Add Bengali and Assamese translations
Note: most of these changes were in the unreleased 6.9.0 version.
PHPMailer 6.8.1
This is a minor maintenance release.
Minor security note
The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages.
Changes
Don't reflect malformed DSNs in error messages to avert any risk of XSS
Improve Simplified Chinese, Sinhalese, and Norwegian translations
In WordPressCS 3.0.0, the functionality of the WordPress.Security.EscapeOutput sniff was updated to report unescaped message parameters passed to exceptions created in throw statements. This specific violation now has a separate error code: ExceptionNotEscaped. This will allow users to ignore or exclude that specific error code. Props @anomiex.
The error code(s) for other escaping issues flagged by the sniff remain unchanged.
Changed
Updated the CI workflow to test the example ruleset for issues.
Funding files and updates in the Readme about funding the project.
Fixed
Fixed a sniff name in the phpcs.xml.dist.sample file (case-sensitive sniff name). Props @dawidurbanski.
3.0.0
Important information about this release:
At long last... WordPressCS 3.0.0 is here.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the Upgrade Guide to WordPressCS 3.0.0 for ruleset maintainers which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the Upgrade Guide to WordPressCS 3.0.0 for Developers.
In all cases, please read the complete changelog carefully before you upgrade.
Added
Dependencies on the following packages: PHPCSUtils, PHPCSExtra and the [Composer PHPCS plugin].
A best effort has been made to add support for the new PHP syntaxes/features to all WordPressCS native sniffs and utility functions (or to verify/improve existing support).
While support in external sniffs used by WordPressCS has not be exhaustively verified, a lot of work has been done to try and add support for new PHP syntaxes to those as well.
WordPressCS native sniffs and utilities have received fixes for the following syntaxes:
PHP 7.2
Keyed lists.
PHP 7.3
Flexible heredoc/nowdoc (providing the PHPCS scan is run on PHP 7.3 or higher).
In WordPressCS 3.0.0, the functionality of the WordPress.Security.EscapeOutput sniff was updated to report unescaped message parameters passed to exceptions created in throw statements. This specific violation now has a separate error code: ExceptionNotEscaped. This will allow users to ignore or exclude that specific error code. Props [@anomiex].
The error code(s) for other escaping issues flagged by the sniff remain unchanged.
Changed
Updated the CI workflow to test the example ruleset for issues.
Funding files and updates in the Readme about funding the project.
Fixed
Fixed a sniff name in the phpcs.xml.dist.sample file (case-sensitive sniff name). Props [@dawidurbanski].
[3.0.0] - 2023-08-21
Important information about this release:
At long last... WordPressCS 3.0.0 is here.
This is an important release which makes significant changes to improve the accuracy, performance, stability and maintainability of all sniffs, as well as making WordPressCS much better at handling modern PHP.
WordPressCS 3.0.0 contains breaking changes, both for people using ignore annotations, people maintaining custom rulesets, as well as for sniff developers who maintain a custom PHPCS standard based on WordPressCS.
If you are an end-user or maintain a custom WordPressCS based ruleset, please start by reading the Upgrade Guide to WordPressCS 3.0.0 for end-users which lists the most important changes and contains a step by step guide for upgrading.
If you are a maintainer of an external standard based on WordPressCS and any of your custom sniffs are based on or extend WordPressCS sniffs, please read the Upgrade Guide to WordPressCS 3.0.0 for Developers.
In all cases, please read the complete changelog carefully before you upgrade.
Added
Dependencies on the following packages: PHPCSUtils, PHPCSExtra and the [Composer PHPCS plugin].
A best effort has been made to add support for the new PHP syntaxes/features to all WordPressCS native sniffs and utility functions (or to verify/improve existing support).
While support in external sniffs used by WordPressCS has not be exhaustively verified, a lot of work has been done to try and add support for new PHP syntaxes to those as well.
WordPressCS native sniffs and utilities have received fixes for the following syntaxes:
PHP 7.2
Keyed lists.
PHP 7.3
Flexible heredoc/nowdoc (providing the PHPCS scan is run on PHP 7.3 or higher).
Trailing commas in function calls.
PHP 7.4
Arrow functions.
Array unpacking in array expressions.
Numeric literals with underscores.
Typed properties.
... (truncated)
Commits
b4caf96 Merge pull request #2386 from WordPress/develop
289cf43 Merge pull request #2385 from WordPress/feature/changelog-for-wpcs-3.0.1-release
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the dev-dependencies group with 5 updates:
8.5.33
9.6.15
6.8.0
6.9.1
5.5.0
5.6.0
0.7.2
1.0.0
2.3.0
3.0.1
Updates
phpunit/phpunit
from 8.5.33 to 9.6.15Changelog
Sourced from phpunit/phpunit's changelog.
... (truncated)
Commits
05017b8
Prepare release838af84
Merge branch '8.5' into 9.69652df5
Prepare release3ba3e82
Pin humbug/php-scoper to 0.18.4 for #559643653e6
Prepare releasec55b107
Merge branch '8.5' into 9.6c14b7dc
Prepare release7000410
Merge branch '8.5' into 9.6539165b
Revert "Ensure that dependencies are up-to-date"75922e1
Use "composer outdated" instead of "composer show" (because PHPUnit >= 9.6 do...Updates
phpmailer/phpmailer
from 6.8.0 to 6.9.1Release notes
Sourced from phpmailer/phpmailer's releases.
Changelog
Sourced from phpmailer/phpmailer's changelog.
Commits
039de17
6.9.13190bef
CSd327514
Merge pull request #2985 from decomplexity/patch-1934f852
PHPMailer 6.9.01a7d9e3
Suggest SendOauth2 packagebffe290
Update readme for XOAUTH2 changese443047
Don't need this to demo xoauthd5615bf
Merge pull request #2986 from frankforte/custom-headers8a91dd6
Code formatting for custom header methods.b0ffd67
Update replaceCustomerHeader to remove duplicates. Improve clearCustomHeader ...Updates
vlucas/phpdotenv
from 5.5.0 to 5.6.0Release notes
Sourced from vlucas/phpdotenv's releases.
Commits
2cf9fb6
Document why superglobals can appear empty (#558)2f323be
Fixed handling of array keys in the testsf1f4ca5
Drop PHP 7.1 and support PHP 8.3Updates
dealerdirect/phpcodesniffer-composer-installer
from 0.7.2 to 1.0.0Release notes
Sourced from dealerdirect/phpcodesniffer-composer-installer's releases.
... (truncated)
Commits
4be4390
Merge pull request #201 from PHPCSStandards/feature/160-update-references-to-...fcae465
Merge pull request #198 from PHPCSStandards/feature/gitattributes-update02f83b9
Rename references tomaster
branch752347f
.gitattributes: sync with current repo statec3ad43d
Merge pull request #195 from PHPCSStandards/feature/ghactions-fix-fail-fast8a9b213
GH Actions: fix up fail-fast for setup-php4ff0459
Merge pull request #194 from PHPCSStandards/feature/ghactions-fail-setup-phpeb5932a
GH Actions: selectively usefail-fast
with setup-php77cfd99
Merge pull request #193 from PHPCSStandards/feature/ghactions-tweak-php-versionsb290f87
GH Actions: minor simplificationUpdates
wp-coding-standards/wpcs
from 2.3.0 to 3.0.1Release notes
Sourced from wp-coding-standards/wpcs's releases.
... (truncated)
Changelog
Sourced from wp-coding-standards/wpcs's changelog.
... (truncated)
Commits
b4caf96
Merge pull request #2386 from WordPress/develop289cf43
Merge pull request #2385 from WordPress/feature/changelog-for-wpcs-3.0.1-release9f57f6b
Add changelog for v3.0.1d0e0fd3
Merge pull request #2378 from anomiex/add/escapeoutput-error-codes-for-error-...81f40bc
Merge pull request #2383 from WordPress/feature/update-release-checklist401e4ec
Release checklist: add link to monthly dev blogcaa0a8b
Merge pull request #2382 from WordPress/feature/fix-fundingd3c67d8
Funding: fix format4367be3
Merge pull request #2372 from WordPress/feature/update-funding-page45cff8d
Update README.mdDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show