[
https://issues.apache.org/jira/browse/AIRAVATA-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15801399#comment-15801399
]
ASF subversion and git services commented on AIRAVATA-2297:
-----------------------------------------------------------
Commit 166f18a9bfaef8aa8d8c1f436034c99c77c18e19 in airavata-php-gateway's
branch refs/heads/develop from [~marcuschristie]
[ https://git-wip-us.apache.org/repos/asf?p=airavata-php-gateway.git;h=166f18a ]
AIRAVATA-2297 Upgrade PHPMailer and swiftmailer
Note: for the upgrade to take effect, `composer update` must be run in
an existing PGA installation.
> Upgrade PHPMailer to >= 5.2.20 to address CVE-2016-10045
> --------------------------------------------------------
>
> Key: AIRAVATA-2297
> URL: https://issues.apache.org/jira/browse/AIRAVATA-2297
> Project: Airavata
> Issue Type: Bug
> Components: PGA PHP Web Gateway
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Critical
> Fix For: 0.17
>
>
> PGA uses [PHPMailer version
> 5.2.13|https://github.com/apache/airavata-php-gateway/blob/8a7330c205d9e37bf8fbf9a062bdcf24d44d95c1/composer.json#L9].
> Looks like a new release, [5.2.20|
> https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20], fixes the
> security exploit mentioned in [this security
> bulletin|https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
