PHPMailer 6.9.1

This is a maintenance and feature release, adding support for the official release of PHP 8.3, methods for removing and replacing custom headers, XCLIENT support, and links to a new way of implementing XOAUTH2 authentication.

The only change likely to have any impact on existing code is that PHPMailer previously attempted to use opportunistic STARTTLS encryption when connecting to localhost, which was unlikely to work. The workaround required setting SMTPAutoTLS = false, but that's no longer required. You may still need to use this setting when connecting to literal IPs.

Changes

• Add support for official release of PHP 8.3, add experimental support for PHP 8.4
• Add clearCustomHeader and replaceCustomHeader methods
• Add support for the XCLIENT SMTP extension with setSMTPXclientAttribute and getSMTPXclientAttributes methods
• Don't attempt opportunistic TLS when connecting to localhost
• Add package link and example showing how to use @decomplexity's SendOauth2 wrapper
• Update example to show a better way of using an SMTP subclass
• Avoid some more deprecation warnings
• Update Danish and Polish translations
• Add Bengali and Assamese translations

Note: most of these changes were in the unreleased 6.9.0 version.

This is a minor maintenance release.

Minor security note

The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input (a very bad idea), it opens a distant possibility of XSS if the host app does not escape output. In an abundance of caution, malformed DSNs are no longer reflected in error messages.

Changes

• Don't reflect malformed DSNs in error messages to avert any risk of XSS
• Improve Simplified Chinese, Sinhalese, and Norwegian translations
• Don't use setAccessible in PHP >= 8.1 in tests
• Avoid a deprecation notice in PHP 8.3
• Fix link in readme

This is a maintenance release with a new feature: DSN URL parsing, added by @voronkovich. This allows you to create a PHPMailer instance with most important settings by passing in a single URL, ideal for configuring PHPMailer from an environment variable.

Other changes:

• Fix some name edge cases, expand tests
• Add pattern for ZoneMTA message IDs
• Improve Hindi translation

• Add official support for PHP 8.2 (on release day!)
• Add PHP 8.3 to test suite with "experimental" status
• Add ext-openssl to composer suggest list
• Bump development dependencies

• Break out boundary definitions into a method (note that boundary format has also changed slightly)
• Remove MIME preamble to match popular client behaviour, may help with DKIM too
• Fix handling of trailing whitespace in simple DKIM canonicalisation
• Fix some possible POP3 auth issues, including a TCP hang (thanks to @czirkoszoltan)
• Add Azure XOAUTH2 example and docs (thanks to @greew)
• Preserve errors during disconnect
• Avoid some PHP 8.1 type issues
• Update CI to run on Ubuntu 22.04

This is a maintenance release

• Don't try to issue RSET if there has been a connection error
• Reject attempts to add folders as attachments
• Don't suppress earlier error messages on close()
• Handle Host === null better
• Update Danish and Polish translations
• Change recommendation for Microsoft OAuth package to thenetworg/oauth2-azure
• Bump some GitHub action versions

Happy Hacktoberfest!

This is a maintenance release.

• Update Greek translation
• Add text/csv MIME type
• Fix DKIM when sending to anonymous group via mail()
• Improve docs around auth following gmail & MS deprecations
• Update GitHub action deps
• Add OpenSSF Scorecard security health metrics

This is a maintenance release.

• Add an HTML form to the OAuth setup script
• Minor CS improvements
• Add Mongolian translation
• Remove bogus "ch" translation

The removal of the translation file is effectively a BC break, however, I don't expect it to affect anyone except that small group of users that request error messages in the Chamorro language, but are happy getting them in Chinese instead 😆.

This is a maintenance release.

• Don't clear errors on RSET, so they can still be obtained when using keepalive
• Bump some GitHub action versions
• Fix some tests
• Fix docs deployment GitHub action
• Updates to parallel-lint and console highlighter, thanks to @jrfnl
• 🇺🇦 Slava Ukraini!

Note that 6.6.1 was not released.

This is a minor feature release.

Prior to this version, any OAuth provider needed to extend the provided OAuth base class, and this made it difficult to use with libraries other than ones based on the default league client packages. The OAuth property now accepts anything that implements the OAuthProviderInterface, making it much easier to use things like Google's own OAuth classes. Existing implementations that extend the provided OAuth base class will still work, as that base class now implements this interface too. Thanks to @pdscopes.

When TLS errors occurred in PHPMailer, the error messages were often missing important info that might help diagnose/solve the problem. These error messages should now be more informative. A minor change is that a TLS error on SMTP connect will now throw an exception if exceptions are enabled. Thanks to @miken32.