Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#33952] - [4.0] Composer update phpmailer to version 6.4.1

? ? Pending

User tests: Successful: Unsuccessful:

avatar richard67
richard67
18 May 2021

Pull Request for Issue # .

Summary of Changes

This pull request (PR) updates the PHP Mailer to version 6.4.1.

The reason for that is the reported security issue here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326 .

Joomla 3.x is not affected by this issue because in 3.x we use version 5.

Testing Instructions

  1. On a 4.0 site with current 4.0-dev branch where composer and npm have been run, configure mailing so that it works (SMTP, mail() or sendmail doesn't matter).

  2. Check that mail works by sending the test mail from Global Configuration.

Result: The email is sent.

  1. Apply the patch of this PR.

  2. Run composer install.

Result: Only the phpmailer/phpmailer is updated, nothing else.

  1. Repeat step 2.

Result: The email is sent.

Actual result BEFORE applying this Pull Request

Mail works, phpmailer version is 6.4.0.

Expected result AFTER applying this Pull Request

Mail works, phpmailer version is 6.4.1.

Documentation Changes Required

None.

avatar richard67 richard67 - open - 18 May 2021
avatar richard67 richard67 - change - 18 May 2021
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 18 May 2021
Category External Library Composer Change
avatar PhilETaylor
PhilETaylor - comment - 18 May 2021

I don't think this is right - I believe Joomla has forked phpMailer right? and therefore someone has to manually merge upstream changes https://github.com/joomla-backports/PHPMailer

avatar richard67
richard67 - comment - 18 May 2021

I don't think this is right - I believe Joomla has forked phpMailer right? and therefore someone has to manually merge upstream changes https://github.com/joomla-backports/PHPMailer

@PhilETaylor What you write applies to Joomla 3, but this here is for 4 and as you can see we have it in composer.json ?

avatar PhilETaylor
PhilETaylor - comment - 18 May 2021

yup - almost bedtime - sorry.

avatar richard67
richard67 - comment - 18 May 2021

@PhilETaylor P.S.: The backport was moved to this repo for Joomla 3 with PR #33772 .

avatar wilsonge wilsonge - change - 18 May 2021
The description was changed
avatar wilsonge wilsonge - edited - 18 May 2021
avatar wilsonge wilsonge - change - 18 May 2021
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2021-05-18 22:06:58
Closed_By wilsonge
Labels Added: ? ?
avatar wilsonge wilsonge - close - 18 May 2021
avatar wilsonge wilsonge - merge - 18 May 2021
avatar wilsonge
wilsonge - comment - 18 May 2021

Simple version bump merging on review

avatar richard67
richard67 - comment - 18 May 2021

Thanks!

Add a Comment

Login with GitHub to post a comment