PHPMailer 5.4.x-dev?

I just found out about the critical PHPMailer vulnerable, and went to update my code. When my call to sudo composer update did not output anything from PHPMailer, I started investigating, and found that PHPStorm had installed version 5.4.x-dev (I had previously installed PHPStorm via the Tools->Composer->Add Dependency option, and the default version there is 5.4.x-dev.

However, 5.4.x branch does not exists (there is 5.2.x, and 6.0.x, but no 5.4.x). Since there is no security release for the vulnerability, I'm confused about what the compatible upgrade to 5.4.x-dev is. Also, why is PHPStorm still showing an non-existent 5.4.x-dev version as the "default" version?

Any help would be appreciated.

Thanks!

1
3 comments

Typo: I installed PHPMailer (not PHPStorm) via Tools->Composer->Add Dependency.

0

Looks like outdated version of composer is used in File | Settings | Languages & Frameworks | PHP | Composer. Could you please check it?

I've just checked the same on my installation and I can see only 5.2x and 6.0x versions via Tools->Composer->Add Dependency.

.

0

Hi Dmitry,

I first updated composer (checked File | Settings | Languages & Frameworks | PHP | Composer to find the dir of my composer.phar file, and ran "php composer.phar self-update", quit and restarted PHPStorm, but PHPStorm was still showing 5.4.x-dev as the default version of phpmailer/phpmailer.

I then switched to my composer directory (the dir when I have composer.json and .lock), and ran "composer remove  phpmailer/phpmailer". Tools -> Composer -> Add Dependency then showed 6.0.x-dev as the default version, and I could install that. I BELIEVE this is interface compatible with 5.4... testing now.

In any case, the vulnerability is for versions before 5.2.18, so I believe I was OK. PHPMailer 6.0.x did not even get an update.

Thanks!
Ed

0

Please sign in to leave a comment.