This release is a security release – you should upgrade as soon as possible.
This is a release to address a recently found vulnerability in the system that verifies a password when an administrator logs in. As a result, attackers can potentially gain access by using a carefully constructed, but incorrect, password.
This vulnerability is present in all versions before 3.5.1.
We have released version 3.5.1 which fixes this issue. Everyone using a version before 3.5.1 is strongly recommended to upgrade.
If you are running on version 3.4.7 or later you can use the Automatic Updater to update your installation, or see the Download page for full installation and upgrade instructions.
All phpList hosted customers have been patched for this vulnerability.
We want to thank Suvadip Kar for reporting and submitting the fix for the issue.