Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

All code examples must follow the Markdown rules as this site uses Markdown. If you don't know how, click here for a tutorial. Any code examples not using Markdown will be deleted.
All code examples must follow the Markdown rules as this site uses Markdown. If you don't know how, click here for a tutorial. Any code examples not using Markdown will be deleted.

phpFox 4.5 build 3 Security Update Released

phpFox has released a security update, v4.5.0 build 3. You should update to that version or at least update the PHPmailer per the instructions below. BryZar also performs upgrades for #phpFox clients if you need us to do this for you. It is included free via our support plans.

The issues is seen here:

You can get the zip file here .

All of the .php files currently in the PF.Base/vendor/phpmailer/phpmailer/ are in this updated zip.

Extract the downloaded file.

Open the folder "PHPMailer-5.2.19"

Upload all of files to the directory [your_site_dir]/PF.Base/vendor/phpmailer/phpmailer

Doesn't hurt to clear cache after from PF.Base/file/cache , leaving the index.html in it. This is if you are using the default phpFox cache system and not any of the other cache systems available.



  • Does this affect 3.9 - if so is there a fix for it?

  • I hadn't checked the v3 files. Will do that and see.

  • Yes. I'll update my dev and see. Process is the same as posted but the files are not in the PF.Base folder, they are just in the include/library/phpmailer folder.

  • Well it's not causing any errors to replace the files. I just don't have mail working on my local for testing. I'll have to try it on my live too.

  • worked fine on my v3 dev site. Guess I'll update my live sites after work.

  • I just downloaded the PHPmailer files. Then I uploaded them (open the folder mentioned in the first post and upload the files that are inside it) to the include/library/phpmailer folder but I had made the original phpmailer renamed to phpmailerbu and made a new phpmailer folder just in case there was any issue.

  • Bryzar can do this for those with our support plans.

  • Coolbeans!

  • Heads up folks,

    For those of you wondering, we didn't need to post a thread for #SocialEngine as it doesn't use that so it's not vulnerable to this hack.

  • Loving my Social Engine! :) Lots of work to make the change but so far all the members that have made it to the new SE site are very happy! My site is small with 90% of the members on subscription plans so when they are not happy I need to make changes.

  • Note, the one listed here isn't the updated one now. It was their first attempt at a patch and was still vulnerable. Reports are saying 21 is the final patch, that's located here-

  • Yes thanks for posting the link to that as I mentioned above that there was a new vulnerability with the patch above. Good that they released another. That was fast as the hackers had already gotten past the .19 and .20 . Fast buggers.

  • A direct link to download version 5.2.21 is here so that you don't get all the unnecessary Github files and folders of the master branch. A tip, if you look at the link I have there, just substitute the version number in the url to get to the direct zip files. :)

  • edited January 2017

    Uploading the files to 3.9 as above throws errors:

    Fatal error: Class 'SMTP' not found in /home/sitename/web/sitename/public_html/include/library/phpmailer/class.phpmailer.php on line 1520

  • Well that's odd. I have it on my 3.9 dev and it works. Roll back to the backup file for now. I'll compare the files on my site and the download.

  • I don't have an issue using the php mail but I need to set up smtp on that site to test it. I see the line of code and believe it needs to be commented out (the entire code) but let me test things today.

  • Yeah roll back for those that use SMTP. It works with the basic php mail function but this fix does not work for the SMTP and I don't know if it works for v4 either.

  • Sorry about that. I never thought to check smtp as I thought it would work too. This is something that needs addressing though. Hopefully, there will be an answer.

  • Ok I got it working.

Sign In or Register to comment.