[
https://issues.apache.org/jira/browse/AIRAVATA-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcus Christie updated AIRAVATA-2297:
--------------------------------------
Description:
PGA uses [PHPMailer version
5.2.13|https://github.com/apache/airavata-php-gateway/blob/8a7330c205d9e37bf8fbf9a062bdcf24d44d95c1/composer.json#L9].
Looks like a new release, [5.2.20|
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20], fixes the
security exploit mentioned in [this security
bulletin|https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html].
was:
PGA uses [PHPMailer version 5.2.13|
https://github.com/apache/airavata-php-gateway/blob/8a7330c205d9e37bf8fbf9a062bdcf24d44d95c1/composer.json#L9
]. Looks like a new release, [5.2.20|
https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20], fixes the
security exploit mentioned in [this security
bulletin|https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html].
> Upgrade PHPMailer to >= 5.2.20 to address CVE-2016-10045
> --------------------------------------------------------
>
> Key: AIRAVATA-2297
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2297
> Project: Airavata
> Issue Type: Bug
> Components: PGA PHP Web Gateway
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Critical
> Fix For: 0.17
>
>
> PGA uses [PHPMailer version
> 5.2.13|https://github.com/apache/airavata-php-gateway/blob/8a7330c205d9e37bf8fbf9a062bdcf24d44d95c1/composer.json#L9].
> Looks like a new release, [5.2.20|
> https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20], fixes the
> security exploit mentioned in [this security
> bulletin|https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
