The classic email sending library for PHP
LGPL-2.1 License
Bot releases are hidden (Show)
This is a maintenance and feature release, adding support for the official release of PHP 8.3, methods for removing and replacing custom headers, XCLIENT support, and links to a new way of implementing XOAUTH2 authentication.
The only change likely to have any impact on existing code is that PHPMailer previously attempted to use opportunistic STARTTLS encryption when connecting to localhost
, which was unlikely to work. The workaround required setting SMTPAutoTLS = false
, but that's no longer required. You may still need to use this setting when connecting to literal IPs.
clearCustomHeader
and replaceCustomHeader
methodssetSMTPXclientAttribute
and getSMTPXclientAttributes
methodsNote: most of these changes were in the unreleased 6.9.0 version.
Published by Synchro about 1 year ago
This is a minor maintenance release.
The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages.
setAccessible
in PHP >= 8.1 in testsPublished by Synchro over 1 year ago
This is a maintenance release with a new feature: DSN URL parsing, added by @voronkovich. This allows you to create a PHPMailer instance with most important settings by passing in a single URL, ideal for configuring PHPMailer from an environment variable.
Other changes:
Published by Synchro almost 2 years ago
Published by Synchro almost 2 years ago
Published by Synchro about 2 years ago
This is a maintenance release
Happy Hacktoberfest!
Published by Synchro about 2 years ago
This is a maintenance release.
Published by Synchro over 2 years ago
This is a maintenance release.
The removal of the translation file is effectively a BC break, however, I don't expect it to affect anyone except that small group of users that request error messages in the Chamorro language, but are happy getting them in Chinese instead π.
Published by Synchro over 2 years ago
This is a maintenance release.
Note that 6.6.1 was not released.
Published by Synchro over 2 years ago
This is a minor feature release.
Prior to this version, any OAuth provider needed to extend the provided OAuth
base class, and this made it difficult to use with libraries other than ones based on the default league client packages. The OAuth property now accepts anything that implements the OAuthProviderInterface
, making it much easier to use things like Google's own OAuth classes. Existing implementations that extend the provided OAuth
base class will still work, as that base class now implements this interface too. Thanks to @pdscopes.
When TLS errors occurred in PHPMailer, the error messages were often missing important info that might help diagnose/solve the problem. These error messages should now be more informative. A minor change is that a TLS error on SMTP connect will now throw an exception if exceptions are enabled. Thanks to @miken32.
Published by Synchro over 2 years ago
This is a maintenance release.
The change in how shell escaping is handled should not create any BC issues. What used to fail accidentally in potentially unsafe shell situations will now fail deliberately! Note to hosting providers: don't disable escapeshellarg
and escapeshellcmd
; it's not safe!
Published by Synchro almost 3 years ago
This is a maintenance release.
Published by Synchro almost 3 years ago
This is a maintenance release.
Published by Synchro about 3 years ago
This is a maintenance release.
From
addresspt_xx
will fall back to pt
rather than the default en
.parseAddresses
Many thanks to @jrfnl for all her work.
Published by Synchro over 3 years ago
This is a security release.
.
operator.validateAddress
, or indirectly through the $validator
class property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name.Thanks to Vikrant Singh Chauhan, listensec.com, and the WordPress security team for reporting and assistance with this release.
Published by Synchro over 3 years ago
This is a security release.
ssh2
doCallback
callsThanks to Fariskhi Vidyan for the report and assistance, and Tidelift for support.
Published by Synchro over 3 years ago
This is a maintenance release. The changes introduced in 6.3.0 for setting an envelope sender automatically when using mail()
caused problems, especially in WordPress, so this change has been reverted. It gets a minor version bump as it's a change in behaviour, but only back to what 6.2.0 did. See #2298 for more info.
Other changes:
parseAddress
, so it won't fail if you don't have it installedsr_latn
)Published by Synchro over 3 years ago
This is a maintenance release.
mail()
, sendmail, and qmail transports. Enable using the same mechanism as for SMTP: set SMTPDebug
> 0mail()
and sendmail transports set the envelope sender the same way as SMTP does, i.e. use whatever From
is set to, only falling back to the sendmail_from
php.ini setting if From
is unset. This avoids errors from the mail()
function if Sender
is not set explicitly and php.ini is not configured. This is a minor functionality change, so bumps the minor version number.parseAddresses
to decode encoded names, improve testsPublished by Synchro almost 4 years ago
This is a maintenance release. With this release, PHPMailer gains official PHP 8 compatibility; earlier versions worked in PHP 8 pre-releases, but the test suite did not. The considerable rework this required (which also restored tests running on older PHP versions) was done by @jrfnl β thank you very much!
Published by Synchro about 4 years ago
This is a maintenance release.
ext-hash
as required in composer.json. This has long been required, but now it will cause an error at install time rather than runtime, making it easier to diagnoseTo
headers in BCC-only messages when using mail()