A Release Candidate for the upcoming phpList 3.5.7 is now available for testing. This release introduces security enforcements on the authentication process.
Fixes to look for:
Session fixation: The application now generates a new session key upon authentication to avoid unauthenticated users to obtain key on a legitimate user.
Sanitise the browser trail cookie to prevent cross-site scripting.
Upgrade from releases older than phpList 3.3.7-RC1 following the usual upgrade process
Use the Automatic Updater if you are running phpList 3.3.7 or later.
Use your phpList as normal, and report any new problems that you find.
Activating the REST API
If you haven’t checked the REST API yet, you can see the dedicated chapter in the manual to help you get started with it: API and Integrations
Report any issues you find with phpList3 to the phpList Bugtracker, selecting “3.5.7-RC1” as the Product Version.
Use the usual bug fixing process if you know how to fix it.
Please read the contribution guide on how to contribute and how to run the unit tests and style checks locally.