0028821: Update PHPMailer to 6.5.0 - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0028821	mantisbt	security	public	2021-06-17 03:05	2021-08-24 06:40

Reporter	dregad	Assigned To	dregad
Priority	normal	Severity	major	Reproducibility	N/A
Status	closed	Resolution	fixed
Product Version	2.25.0
Target Version	2.25.2	Fixed in Version	2.25.2

Summary	0028821: Update PHPMailer to 6.5.0
Description	PHPMailer 6.5.0 is a security release, fixing. CVE-2021-34551, a complex RCE affecting Windows hosts. CVE-2021-3603 that may permit untrusted code to be run from an address validator. See https://github.com/PHPMailer/PHPMailer/blob/HEAD/SECURITY.md for details. PR: https://github.com/mantisbt/mantisbt/pull/1759
Tags	No tags attached.

MantisBT: master-2.25 d092e648 2021-06-16 17:09 dependabot[bot] Committer: dregad Details Diff	Bump phpmailer/phpmailer from 6.4.1 to 6.5.0 Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.4.1 to 6.5.0. - [Release notes](https://github.com/PHPMailer/PHPMailer/releases) - [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md) - [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.4.1...v6.5.0) --- updated-dependencies: - dependency-name: phpmailer/phpmailer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Fixes 0028821, PR https://github.com/mantisbt/mantisbt/pull/1759		Affected Issues 0028821
	mod - composer.lock		Diff File

related to	0028530	closed	dregad	Update PHPMailer to 6.4.1 (fixes CVE-2020-36326)
related to	0029025	closed	dregad	Update PHPMailer to 6.8.0