This release is a security release – you should upgrade as soon as possible.
This vulnerability is present in all versions before 3.5.1.
This is a release to address a recently found vulnerability in the system that verifies a password when an administrator logs in. As a result, attackers can potentially gain access by using a carefully constructed, but incorrect, password.
The fix is provided by switching to using strict comparison ‘===’ on the Password validation line in this file.
If you are running on version 3.4.7 or later you can use the Automatic Updater to update your installation, or see the Download page 8 for full installation and upgrade instructions.
We want to thank Suvadip Kar for reporting and submitting the fix for the issue.
To get involved in phpList development, check out the developer resources pages.
Need help upgrading your phpList server to the newest version? Ask the community at discuss.phplist.org. Professional support from community experts, as well as manuals, source code, and developer resources, can be found at phplist.org. Report all bugs to the bugtracker!