Hi everyone,
A Release Candidate for the upcoming phpList 3.5.7 is now available for testing. This release introduces security enforcements on the authentication process.
Fixes to look for:
-
Dashboard page title has been renamed from “Upgrade phpList” to “Update database” to avoid confusion. Thanks to @hktang for the Pull Request.
-
Session fixation: The application now generates a new session key upon authentication to avoid unauthenticated users to obtain key on a legitimate user.
-
Sanitise the browser trail cookie to prevent cross-site scripting.
Guidelines
Upgrading
Upgrade from releases older than phpList 3.3.7-RC1 following the usual upgrade process
Use the Automatic Updater if you are running phpList 3.3.7 or later.
Use your phpList as normal, and report any new problems that you find.
Activating the REST API
If you haven’t checked the REST API yet, you can see the dedicated chapter in the manual to help you get started with it: API and Integrations
Reporting issues
Report any issues you find with phpList3 to the phpList Bugtracker, selecting “3.5.7-RC1” as the Product Version.
Use the usual bug fixing process if you know how to fix it.
Report any issues you find with phpList 4 core or REST API to the corresponding repo on GitHub.
Please read the contribution guide on how to contribute and how to run the unit tests and style checks locally.
Happy testing!