This release contains security fixes – you should upgrade as soon as possible
phpList 3.3.0 is the most significant update in years, incorporating over 150 code changes including system-wide security hardening and a brand new user interface.
New user interface
- A new theme named ‘Trevelin’ presents a much improved user interface. It is included by default and can be enabled using the Theme Switcher.
- New Theme Switcher allows the application theme to be set via the user interface for the first time, via the Config -> Settings page
- Introduced Unique User ID code generation for all personalised links in campaigns. Thanks to Edmund Huggett.
- Introduced optional HMAC authentication code generation for campaign link tracking. Thanks to Edmund Huggett.
- Increased entropy used by CSRF tokens used to authenticate links between admin pages. Thanks to Edmund Huggett.
- Introduced additional checks for user-submitted campaign data. Thanks to Tim Coen at Curesec.
- Introduced additional checks when redirecting subscriber preferences, forward, and unsubscribe links, and admin password reset links. Thanks to Edmund Huggett.
- Increased randomness of tokens preventing cross-site request forgeries by 3.4 x 1043 times. Thanks to Edmund Huggett.
- Statistics overview
- Domain Statistics
- Campaign click statistics
- View opens
- View bounces per list
- Fixed slow page load due to failed RSS News Feed caching. Thanks to Duncanc. See the Pull Request.
- Added accessibility labels to form fields on public subscribe pages. See the Pull Request.
- Improved and compacted table layout of ‘View members of list’ page. See the Pull Request.
- Improved About page formatting. See the Pull Request.
- Added announcement mailing list signup form to about page. See the Pull Request.
- Linked campaign title to view campaign on campaign statistics page. See the Pull Request.
- Linked list name to List Members page from Subscriber Lists page. See the Pull Request.
- Updated help page content, added links to resources. See the Pull Request.
- Improved message queue processing notification email content. See the Pull Request.
- Improved new installation email notification formatting. See the Pull Request.
- Improved formatting of mail queue event log messages. See the Pull Request.
- Improved formatting of Event log page. See Pull Request.
- Improved date formatting on the Schedule tab of the Campaign composer pages. See the Pull Request.
- Improved form field descriptions on Campaign composer page. See Pull Request.
- Numerous fixes to table column titles and labels
- Numerous number formatting fixes on Admin pages
Languages & Translations
- Languages preferences are saved between sessions. When language is set manually it will be stored after logout (by default phpList uses the default language of the web browser)
- Made ‘Logout’ and ‘Login’ buttons translatable in new theme See the Pull Request.
- Numerous fixes to English language text capitalisation
- Introduced support for plugin handling of mail queue sending. Thanks to Duncanc. See the Pull Request.
- Clearer error message on plugins page when url fopen wrappers are not enabled. Thanks to Duncanc. See the Pull Request.
- Fix bug misreporting bounce message download failure. Thanks to Duncanc. See the Pull Request.
- Made content of Database Check page translatable. See the Pull Request.
Need help upgrading your phpList server? Ask the community at discuss.phplist.com. Professional support from community experts, as well as manuals, source code, and developer resources, can be found at phplist.org. Report bugs to the bugtracker!
Want to focus on campaigns and forget hosting headaches? Sign up at phplist.com for an account with everything included. Send from 300 free messages to 30 million messages per month.