Yii Framework Forum: Recent security issues with PHPMailer and SwiftMailer - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Recent security issues with PHPMailer and SwiftMailer Yii is not affected if you do it right. Rate Topic: -----

#1 User is offline   CeBe 

  • Advanced Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 558
  • Joined: 16-July 10
  • Location:Berlin. Germany

Posted 28 December 2016 - 06:08 PM

*
POPULAR

Recently three security vulnerabilities in PHPMailer and SwiftMailer have been announced:

- 25.12.2016, CVE-2016-10033 Remote Code Execution vulnerability in PHPMailer
- 27.12.2016, CVE-2016-10045 Remote Code Execution vulnerability in PHPMailer
- 28.12.2016, CVE-2016-10074 Remote Code Execution vulnerability in SwiftMailer

All three mention Yii among the affected frameworks in the initial release, so we want to comment on this to clarify who is affected and what action is required.

About PHPMailer, Yii has never officially provided any mailing component related to PHPMailer, nor do we bundle PHPMailer in any code released officially by the Yii team.
The mentioning of Yii in the report was a copy and paste from the PHPMailer README, which claims that you can use it with Yii.
As patches are available, the required action is to simply upgrade PHPMailer to at least version 5.2.20, if you use it.

The situation is different with SwiftMailer for which we provide a Yii2 extension: yii2-swiftmailer.
The details are described in the following.

See our news post for details.
5

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users