PHPMailer 5.4.x-dev?
I just found out about the critical PHPMailer vulnerable, and went to update my code. When my call to sudo composer update did not output anything from PHPMailer, I started investigating, and found that PHPStorm had installed version 5.4.x-dev (I had previously installed PHPStorm via the Tools->Composer->Add Dependency option, and the default version there is 5.4.x-dev.
However, 5.4.x branch does not exists (there is 5.2.x, and 6.0.x, but no 5.4.x). Since there is no security release for the vulnerability, I'm confused about what the compatible upgrade to 5.4.x-dev is. Also, why is PHPStorm still showing an non-existent 5.4.x-dev version as the "default" version?
Any help would be appreciated.
Thanks!
Please sign in to leave a comment.
Typo: I installed PHPMailer (not PHPStorm) via Tools->Composer->Add Dependency.
Looks like outdated version of composer is used in File | Settings | Languages & Frameworks | PHP | Composer. Could you please check it?
I've just checked the same on my installation and I can see only 5.2x and 6.0x versions via Tools->Composer->Add Dependency.
.
Hi Dmitry,
I first updated composer (checked File | Settings | Languages & Frameworks | PHP | Composer to find the dir of my composer.phar file, and ran "php composer.phar self-update", quit and restarted PHPStorm, but PHPStorm was still showing 5.4.x-dev as the default version of phpmailer/phpmailer.
I then switched to my composer directory (the dir when I have composer.json and .lock), and ran "composer remove phpmailer/phpmailer". Tools -> Composer -> Add Dependency then showed 6.0.x-dev as the default version, and I could install that. I BELIEVE this is interface compatible with 5.4... testing now.
In any case, the vulnerability is for versions before 5.2.18, so I believe I was OK. PHPMailer 6.0.x did not even get an update.
Thanks!
Ed