Recently a vulnerability was found that allows unauthorized access to files locally on the server that phpList is hosted on. We have released version 2.10.8 to fix this issue. Everyone using a version prior to this version is strongly recommended to upgrade.
We want to thank Paul Myatt for reporting this vulnerability and handling the issue in a responsible manner.
Go to the download page to get it from sourceforge.
This version also updates the FCKeditor that is included with phpList to the currently latest version 2.6.3. However, if you use the image and file upload connectivity functionality in the FCKeditor, this has not been updated. If you want to retain this functionality, you can do the following:
1. remove the FCKeditor folder in lists/admin/
2. copy the FCKeditor folder from version 2.10.7 into this folder