This release contains security fixes – you should upgrade as soon as possible.
phpList 3.4.0 is a significant update that incorporates many changes. These include jQuery security updates for phpList 3, a new campaign template, and the introduction of the new REST API powered by phpList 4.
Use the Automatic Updater to get it, or see the Download page for full installation and upgrade instructions.
Changes in this release
- jQuery for phpList 3 admin pages has been upgraded to version 3.3.1. This update addresses two upstream vulnerabilities from 2018. Thanks to forum user Kathleen Garland for reporting.
- Change permissions of the /plugins directory to 755 to improve security and fix compatibility with suPHP — thanks to Duncan for reporting.
New REST API
The new REST API is included for the first time which, when enabled, allows other software systems to interact with phpList in a variety of ways, such as managing subscribers, lists, and campaigns. The API currently supports a limited number of actions which are increasing over time. it is disabled by default. For system requirements and usage information see the new chapter of the phpList manual: API and Integrations.
A simple example of a REST API client can be accessed here.
New stock campaign template
- A new stock campaign template is available in this release. It is based on the ‘Really Simple Free Responsive HTML Email Template’ by Lee Munroe, adapted by forum user Angel Gonzalez for phpList.
- A new stock template selection system provides access to the new template, accessible from the ‘Campaign Templates’ page.
- The Automatic Updater is out of beta and update notifications have replaced the previous notification system.
- Two settings allow management of update notifications:
- All update notifications can be turned off in the config.php file
- If update notifications are switched on, then Release Candidate update notifications can be switched off via the ‘Settings’ page — see the pull request
- The setting ‘check_new_version’ for controlling update polling frequency has been depreciated – the interval is now 3 days
- Bounces to system messages are now associated with the subscriber they belong to for the first time. This means you can view all bounces relating to a subscriber, regardless of the kind of message that caused it, in one place within the Subscriber’s profile page — see the pull request
- Lists how honour the list order configured on the ‘Edit a subscribe page’ page even when public list categories are used — thanks to Duncan, see the pull request
- Made use of CONTACT placeholder case-insensitive.
- Removed extraneous space from CONTACT placeholder links which broke some URLs– thanks to Duncan, see the pull request.
- Improved wording and fixed typo in the transactional email containing personalised preferences links requested by subscribers.
This release is the work of Duncan Cameron, Angel Gonzalez, Kathleen Garland and other Open Source community members who have submitted bug reports and valuable feedback, as well as phpList Ltd. developers. To get involved in phpList development, check out the developer resources pages.
Need help upgrading your phpList server to the newest version? Ask the community at discuss.phplist.org. Professional support from community experts, as well as manuals, source code, and developer resources, can be found at phplist.org. Report all bugs to the bugtracker!