Security Information: PHPMailer update

There's a severe vulnerability in PHPMailer class. I hope Boonex will fix it soon? Or is it unmodified code so we can replace it with the standard update to 5.2.19?

https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.19

It's unmodified version, you can just upload new version.

Thanks for the quick reply @AlexT.

So guide for everyone:

• download PHPMailer 5.2.19 (or later) here https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.19
• unpack it to your disk
• open FTP connection to your community
• navigate to plugins directory, phpmailer
• replace the two files "class.phpmailer.php" and "class.smtp.php" with the ones from the local folder
• be safe ;)

two additional links for information (thanks to Joomla Advisory!)

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md

User of PHPMailer library are advised to upgrade as soon as possible!

Thanks for the heads up on this security issue. The current version as of Apr 2017 is PHPMailer 5.2.23, and highly recommend installing.  Thankfully there's an active group keeping the lights on for PHPMailer:  https://github.com/PHPMailer/PHPMailer/releases