Quite soon after release 2.11.8 a bugfix and security update of the development versions.
This version fixes two issues that were found in the previous development release.
1. click tracking did not work
2. the graphical editor did not load, if you had a different path than the default "lists" for phpList.
It also fixes several security issues in 2.11.8 found by HTTPCS.
We've released a new development version, 2.11.8.
This version is a further stabilisation of the 2.11 branch of phpList. We are working hard to be able to call this out new stable version.
As usual development versions are for those of you who are a bit more technically advanced. However, this one is getting close to stable, so if you want to give it a try, make a copy of your existing system, and see if it works for you. Make sure to do it in such a way that you can roll back. If you encounter any issues, please report them to the issue tracker so that we can fix it.
Upgrading is easy and quick. Copy your config file in a save place, FTP the files in the "lists" folder up to your site and copy the config file back. Then click the link "Upgrade" that you will see when you login to your phpList admin pages.
or How to avoid spammers on your website without using CAPTCHA
If you have forms that can be filled out by your website visitors, you most likely have come across form spammers. These are "bots" that automatically fill out your forms and fill your database with junk. This can cause all kinds of problems, particularly when sending newsletters to your subscribers, many of whom will be bogus.
On the phpList website, we encountered this issue last year. The common approach to solve this problem is to use a CAPTCHA, which is a hard to read code, that supposedly only real humans can solve.
However, there are two problems with CAPTCHAs. First of all, they are often so hard to read, that even humans cannot solve them. But then, if they are made easier for humans, often computers or bots can solve them as well. As a result, they are not a brilliant way to block the real spammers. Too many real people are blocked and too many bots are let through.
So, we decided to find a different way to solve the problem. If you use PHP on your website, then you may be interested to find out how.Read more...
We've released a new development version, 2.11.7
We've released a new stable version. This version fixes a few small bugs and some security issues. Download
1. keep your config.php file somewhere safe (you can find your config.php file in the config folder)
2. make a backup of your database. (recommended, but not essential)
3. overwrite your existing code with the new code. You will primarily want to copy the "lists" folder and all files in it.
4. copy the config.php file back (to the "lists/config/" folder)
5. go to your phpList admin main page with your web browser and login
6. click the "Upgrade" link, which will now be there
7. You're all done
Quite soon after the previous stable release, another one. We missed a few issues that Secunia had found, which we felt was better to address sooner rather than later.
The security issues that were dealt with require having login details to your phpList installation. Therefore they are not exploitable by unknown outsiders, which makes the threat a little less. Nevertheless we advice everyone to upgrade to the latest stable version. In general that's a good idea with any software you use.Read more...
We've released a new stable version of phpList, 2.10.14
This version fixes several bugs and a security vulnerability. Everyone running the 2.10 versions or before is strongly advised to upgrade to this version.
Changes in this version can be found in the changelog page , as generated by Mantis.
Many thanks to all involved, for reporting the issues, and helping to resolve them.
We have released a new stable version of phpList, version 2.10.13. This version is a further update on security, removing a few potential security vulnerabilities and further hardening the application against malicious attacks.
We have not heard of any instances where these vulnerabilities have been exploited, and we hope it stays that way.
We're very pleased to announce the release of a new development version of phpList. To get your copy, go to the Sourceforge Download page .
Main changes in this version: UTF-8 support.
This version can also handle sending your campaigns with the Amazon SES service.
Our hosted newsletter service already runs on this version, but to declare the download version stable, we want to add some finishing touches first, particularly in the UI and internationalisation side of the application.
As always with development versions, it's for the bold and brave. Be careful, backup often and report issues you find in our bugtracker .Read more...
We are delighted to announce the release of a new development version of phpList.This version is not yet ready for general use, but is for the courageous amongst you to try out and play with.
Before we are able to consider this version stable, quite some testing will need to be done. For example, we haven't really tested upgrade to this version from the latest stable. If you want to help out, please play with it, and report your findings in mantis , marking the issue for version 2.11.5
This version has quite a large amount of changes. Below we are giving a summary of what has changed, but in fact loads more changes have been made. The most important change to keep in mind that phpList will no longer work with PHP4.Read more...
WebReference has published an article on how to setup, manage and even hack phpList. This mostly applies to phpList when you download it to your own server. Our phpList Hosted service has phpList all installed and configured.
"Find out how to set up -- and when necessary, hack -- phpList on your
server to get the most out of this popular email campaign manager."
Quite soon after the previous release, we are pleased to announce the release of a new stable version. The most important fix is the import of users using a CSV file, which broke in the previous version.Read more...
We are pleased to announce the release of a new stable version. This version fixes a range of bugs reported by the community. We would like to thank all the persons involved in their great support to provide patches for problems found.Read more...
Joomla users may be interested in a subscription service provided by Dioscouri. We haven't tried it, but the screenshots look very good. For more information check out their website .
This release is aimed at hardening the security in phpList. Several changes have been made to eliminate potential attack vectors.
It also includes:
It is mainly a minor release, but we wanted to make this fixes available.
For more information please visit the mantis changelog page.
Upgrading your current version
Once that is ready the new version is available for the public into the URL you were using.
Please go to the forum if you have questions.
We've released version 2.10.9 that fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access.
Everyone using any version up to this one is advised to upgrade as soon as possible. Any clients hosted by Tincan have already been patched or upgraded.
Recently a vulnerability was found that allows unauthorized access to files locally on the server that phpList is hosted on. We have released version 2.10.8 to fix this issue. Everyone using a version prior to this version is strongly recommended to upgrade.
We want to thank Paul Myatt for reporting this vulnerability and handling the issue in a responsible manner.Read more...
We've released a new stable version of phpList. This version is a security update, that fixes a vulnerability that was found in the FCKeditor that is shipped with phpList. We strongly advise everyone to upgrade to this release.Read more...
We hope you enjoy it, and that it serves the phplist community better! Now you can quickly and easily find and navigate between the online documentation wiki, the forums, issue tracker, and other general information.Read more...