phpList 3.5.7 is now available for installation. This release introduces security enforcements on the authentication process.
You can update your phpList installation using the Automatic Updater, or you can download it directly from SourceForge.
Fixes to look for:
- Dashboard page title has been renamed from “Upgrade phpList” to “Update database” to avoid confusion. Thanks to @hktang for the Pull Request 4.
- Session fixation: The application now generates a new session key upon authentication to avoid unauthenticated users to obtain key on a legitimate user.
- Sanitise the browser trail cookie to prevent cross-site scripting.
This release is the work of @hktang and other Open Source community members who have submitted bug reports and valuable feedback, as well as phpList Ltd. developers. To get involved in phpList development, check out the developer resources pages.
Need help upgrading your phpList server to the newest version? Ask the community at discuss.phplist.org. Professional support from community experts, as well as manuals, source code, and developer resources, can be found at phplist.org. Report all bugs to the bugtracker!