PHPMailer needs an update

While investigating an issue with emails, I noticed that Gibbon is using a deprecated version of PHPMailer (5.2.23 which was deprecated about a year ago. The issue that I investigated was not related to the version of PHPMailer but I thought it is good to bring this here because it may cause some security issues as the newer versions of PHPMailer contain more security fixes.

Adelphe

Comments

  • Hi Adelphe,

    Well spotted. Would you be interested in checking out the release notes for the current PHPMailer version, compared to Gibbon's version, and seeing if there's any breaking changes we should be aware of? Then I think we could look at upgrading the PHPMailer library for v19 and testing it.

    Thanks!
  • Hi Sandra,

    Sorry for the delayed response because I did not get notified of your post. Sure thing, I can do that and I’ll let you know.

    Thank you,
    Adelphe
  • Hi @sandra,

    The latest released version of PHPMailer is 6.1.3 (released on November 21st, 2019) while Gibbon's version is 5.2.23. The current version of PHPMailer (starting with 6.0) is NOT compatible with 5.2. Here are some useful links about PHPMailer 6.0:

    1. Changelog
    2. Upgrading from PHPMailer 5.2 to 6.0

    Hope it helps.
    Adelphe
  • edited December 2019
    Thanks Adelphe for checking into this :smiley: We're late in the development cycle for v19, and the mailer is currently stable, so my thoughts are to keep the current PHPMailer 5.2.23 version for v19, and plan to upgrade to PHPMailer 6.1.3+ early in the v20 development cycle, that way we'll have plenty of time to test and handle the breaking changes.

    I've made a note on the roadmap: https://github.com/GibbonEdu/core/projects/4
Sign In or Register to comment.