vt7 dev release - class.phpmailer.php is ~6 years old...

from github:

Commits on Apr 11, 2013 5.2.6 release

I recently installed the most recent version (5.2.22) on a customer's vtiger 5.4.0 system because the old one will not connect to certain tls smtp servers. The only thing I had to do was to include the class.smtp.php at the top of the class.phpmailer.php file to get it to work.

Please update this library.

@satish.dvnk This is a big problem. Many SMTP servers simply will not work unless these library files are updated. It seems to be a trivial process to update them.

Milestone changed to 6.5.0

Milestone changed to 7.2.0

@lord_alan I have faced similar problems. Btw, you can now update the title to say "...6 years old..."

Title changed from vt7 dev release - class.phpmailer.php is almost 4 years old... to vt7 dev release - class.phpmailer.php is ~6 years old...

@ruben.estrada Done!

haha Thanks Alan!

Confident we can +- easily upgrade to PHPMailer 5.2.27 (rel. date 15 Nov 2018). PHPMailer 6+ will require more work due to not being backwards compatible. PHPMailer devs mention using composer to mantain upgrades therefore I am wondering if it would be a good choice upgrading to PHPMailer 5.2.27 [latest version 5 iteration] for the time being (and get vtiger 7.2 milestone a step further from being completed) and wait for any moves on getting Vtiger working with composer and fully upgrade to PHPMailer 6. Any thoughts?

Milestone changed to 8.0.0

@code80 - this decision will be made in version (8.0.0)

@prasad while I appreciate you are driving phpmailer upgrade for vtiger milestone 8 my feeling is that it will take years to be released. Php mailer upgrade should be considered a priority due to well know security vulnerabilities (one example: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html) but also because it simply doesn't work with several more up to date SMTP servers (see @lord_alan comment above). Since Code80 operates in the European Union we are strictly bound by GDPR compliance and regulations therefore we always need to take reasonable steps to protect our clients personal data (including email communication).

@code80 - can you please provide a test-case that explains the issue that can be patched to current library used. I'm unable to go through the link.

@prasad the test-case in explained at the link. I can copy webpage content here if required. The exploit mentioned affects "PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)" With regards to the patching a PHPmailer library upgrade should do the job. (as per my initial comment). PHPmailer 5.2.x should b backwards compatible. I can do the upgrade myself and commit it if you need me to.

@code80 - merge request is welcome.

mentioned in merge request !404 (merged)

@prasad done. can someone run some tests on the workflow and template emails?

mentioned in commit ab6edc9c

mentioned in commit 6549ea30

Issue #431 (closed) - class.phpmailer.php is ~6 years old... PHP mailer upgrade source has already been merged. It's now 9 months old. @lord_alan @prasad we've already committed the source code for the upgrade and merge request was accepted. I’ve run a number of tests and seem to be OK however, since we don't use the email functionality on the CRM an awful lot maybe, someone else would be on a better position the run more thorough testing (workflows, email templates, etc)?

@code80 - we did run with basic testing. Is there anything specific you are citing?