phpList news

  • Tech bloggers to get early access to new API, manual and phpList 3.1

    Over the next two months we will be launching: phpList 3.1 the phpList API and the phpList user manual As a tech blogger, you can get advance access to all of these, along with ready-made screenshots and feature lists.  Read more about our bloggers list here. Join the tech-bloggers list

  • Giving the community room to grow: is coming soon

    At the end of May, we will be launching, a brand new website which will upgrade the current community site and all community resources including forums, documentation, download and blog. The new site will be focused (like a laser beam) on the phpList community, including all self-hosted and self-service resources. There will be room […]

  • phpList 3.0.12 released

    A new version, 3.0.12, fixes an issue with sending the mail queue in the browser. If you are affected by this problem, you will want to upgrade. If you had not noticed the problem, there is no need to upgrade. Many thanks to our community members for reporting this in the forums, duncanc for alerting […]

  • phpList 3.0.11 released

    A new year, a new release – bugs fixed and new features to try. Welcome to phpList 3.0.11! Mostly this is a bug fix and security release, however, we have released remote queue processing in beta for the adventurous to help test. Export subscribers fix Some (but not all) users were having problems exporting subscribers. […]

  • We teamed up with User Prompt to learn more about phpList users

    We have teamed up with User Prompt to learn more about you – our phpList users. In a first step we ask you to participate in a small survey. phpList is Open Source Software phpList is Open Source software: it is built by a community of users, developers, translators, documenters and many more. Some in […]

  • phpList 3.0.10 released

    We have released a new version of phpList, 3.0.10, to resolve two minor issues that were introduced in 3.0.9, which was released last week. 1. The subscribe page data was “escaped”, causing it not to display correctly. In version 3.0.9, when saving a subscribe page, the data had various slash (/) characters in the HTML code. […]

  • phpList 3.0.9 released

    We have been really rockin’ the code of late! Another batch of issues fixed and it’s time for another release, phpList 3.0.9 – all of the issues fixed Preventing and repairing mishaps A big theme of this new version is preventing problems during the subscriber import process. In phpList 3.0.9, users will: No longer be […]

  • Up by 20: Our first documentation sprint

    Our first documentation writing sprint was a big success: we had a great time and got a lot of work done… the perfect combination! What we did The sprint started at 8am GMT on the Friday the 10th, when people started to gather in the IRC. Anna, the phpList Community manager, was the first to […]

  • Use your own domain on phpList Hosted

    We have added an exciting new feature to our phpList Hosted service: you can now use your own domain. Using your own domain for your phpList newsletter has many benefits, for example your phpList subscribe pages and emails will look more professional and trustworthy. This option is available if you have a PLUS account.

  • New release of phpList 3.0.8

    phpList 3.0.8 is a minor update, released primarily to fix processing the queue via PHP-CGI cURL. We’ve also taken the opportunity to present several new tweaks and features. Processing the Queue via PHP-CGI cURL Following a bug report by a phpList community member (nymisoa) we have released a minor bugfix version. Nymisoa described using a […]

  • New version, phpList 3.0.7 is launched

    The phpList team is pleased to announce a new version of phpList, 3.0.7. This release is a minor update. We have added some more security defences, and updated the interface in a few places. Visit the changelog page to view a more detailed list of changes. Favourite Feature Back by popular demand is the option […]

  • We will be working with FlossManuals on a new phpList Manual

    The time has come for a new phpList manual to be written, and we are delighted to announce that we will be working with FlossManuals to write it. More than a manual This partnership between FlossManuals and phpList is about more than writing a single manual, however: we are working together to create a re-usable, […]

  • Free phpList Helps Open Funding

    phpList helps Free Culture Crowd Funding site communicate with the community. In January, GnuPG became the first to take us up on our offer of free phpList hosted for Free Software projects. Another fascinating project enjoying this perk is Open Funding.  Anna, the phpList community Manager, is on a mission to find out who they […]

  • The Open Source city rolls out phpList

    The City of Munich adopts phpList phpList passes government technical and security tests with flying colours It’s more than 10 years since the city of Munich in Germany voted to use Free Software. Their ambitious plans to move from Microsoft Windows to Gnu/Linux based Ubuntu are now complete . Yet the technological needs of the […]

version 3.0.7

- 20 August 2014 - GMT


Version 3.0.7 has been released. This is a minor update version.


version 3.0.5

- 1 October 2013 - GMT

A new stable version 3.0.5 is now available. This version fixes a few smaller issues and adds a new filter in the listing of campaigns.



new stable version 3.0.4

- 26 September 2013 - GMT

The latest stable version, 3.0.4 is available for download

This version fixes a few minor issues and updates the way members of a list are displayed.


All 142 config file options in one place

- 21 August 2013 - GMT

The phpList config has grown quite large, so we have now listed all the options in one place.

You can find it on the phpList resource site

We didn't realise it had grown to be a list of 142 options.


version 3.0.2

- 19 August 2013 - GMT

A new stable version 3.0.2 fixes a few minor issues and updates the way click statistics are converted.


new stable version 3.0

- 14 August 2013 - GMT

A brand new version of phpList is available. It is a major change from previous stable versions, which is why we have called it version 3.

Download it here


new development version 2.11.9

- 29 April 2013 - GMT


Quite soon after release 2.11.8 a bugfix and security update of the development versions.


This version fixes two issues that were found in the previous development release.

1. click tracking did not work

2. the graphical editor did not load, if you had a different path than the default "lists" for phpList.

It also fixes several security issues in 2.11.8 found by HTTPCS.



new development version 2.11.8

- 25 April 2013 - GMT


We've released a new development version, 2.11.8.


This version is a further stabilisation of the 2.11 branch of phpList. We are working hard to be able to call this out new stable version.

As usual development versions are for those of you who are a bit more technically advanced. However, this one is getting close to stable, so if you want to give it a try, make a copy of your existing system, and see if it works for you. Make sure to do it in such a way that you can roll back. If you encounter any issues, please report them to the issue tracker so that we can fix it.

Upgrading is easy and quick. Copy your config file in a save place, FTP the files in the "lists" folder up to your site and copy the config file back. Then click the link "Upgrade" that you will see when you login to your phpList admin pages.



fighting form spammers

- 12 September 2012 - GMT

or How to avoid spammers on your website without using CAPTCHA

If you have forms that can be filled out by your website visitors, you most likely have come across form spammers. These are "bots" that automatically fill out your forms and fill your database with junk. This can cause all kinds of problems, particularly when sending newsletters to your subscribers, many of whom will be bogus.

On the phpList website, we encountered this issue last year. The common approach to solve this problem is to use a CAPTCHA, which is a hard to read code, that supposedly only real humans can solve.

However, there are two problems with CAPTCHAs. First of all, they are often so hard to read, that even humans cannot solve them. But then, if they are made easier for humans, often computers or bots can solve them as well. As a result, they are not a brilliant way to block the real spammers. Too many real people are blocked and too many bots are let through.

So, we decided to find a different way to solve the problem. If you use PHP on your website, then you may be interested to find out how.


new development version 2.11.7

- 2 September 2012 - GMT


We've released a new development version, 2.11.7


This version is the basis for the phpList Hosted service , but it is not yet sufficiently stable for non-technical phpList operators to upgrade to it.
If PHP, Mysql and Linux all make sense to you, then youll be fine managing this version. If you encounter any issues, please report them in mantis. Make sure to include a patch to the code to fix the issue you found. If you don't know what a patch is, or how to include it, then this version is not for you and it will be better to wait for the next stable version release.
Below is a list of the most important changes, although it is not exhaustive. More are revealed when you view the list of SVN commits, as generated by the version control system.

new stable version 2.10.19

- 6 August 2012 - GMT

We've released a new stable version. This version fixes a few small bugs and some security issues. Download

To upgrade, do the following:

1. keep your config.php file somewhere safe (you can find your config.php file in the config folder)

2. make a backup of your database. (recommended, but not essential)

3. overwrite your existing code with the new code. You will primarily want to copy the "lists" folder and all files in it.

4. copy the config.php file back (to the "lists/config/" folder)

5. go to your phpList admin main page with your web browser and login

6. click the "Upgrade" link, which will now be there

7. You're all done



new stable version 2.10.18

- 21 March 2012 - GMT

We've released a new stable version. This version fixes a few small bugs and a security issue that was found. Download



new stable version 2.10.17

- 21 September 2011 - GMT

Quite soon after the previous stable release, another one. We missed a few issues that Secunia had found, which we felt was better to address sooner rather than later.

The security issues that were dealt with require having login details to your phpList installation. Therefore they are not exploitable by unknown outsiders, which makes the threat a little less. Nevertheless we advice everyone to upgrade to the latest stable version. In general that's a good idea with any software you use.


new stable version 2.10.16

- 14 September 2011 - GMT

We've released a new stable version. This version fixes some security issues found by Secunia. We appreciate their cooperation in resolving the issues. Everyone running the stable version is advised to upgrade to the latest version.

Go to the download page

new stable version, 2.10.14

- 11 May 2011 - GMT


We've released a new stable version of phpList, 2.10.14

This version fixes several bugs and a security vulnerability. Everyone running the 2.10 versions or before is strongly advised to upgrade to this version.

Changes in this version can be found in the changelog page , as generated by Mantis.

Many thanks to all involved, for reporting the issues, and helping to resolve them.

new stable version, 2.10.13

- 10 February 2011 - GMT


We have released a new stable version of phpList, version 2.10.13. This version is a further update on security, removing a few potential security vulnerabilities and further hardening the application against malicious attacks.

We have not heard of any instances where these vulnerabilities have been exploited, and we hope it stays that way.



new development version, 2.11.6

- 27 January 2011 - GMT


We're very pleased to announce the release of a new development version of phpList. To get your copy, go to the Sourceforge Download page .

Main changes in this version: UTF-8 support.

This version can also handle sending your campaigns with the Amazon SES service.

Our hosted newsletter service already runs on this version, but to declare the download version stable, we want to add some finishing touches first, particularly in the UI and internationalisation side of the application.

As always with development versions, it's for the bold and brave. Be careful, backup often and report issues you find in our bugtracker .


new development version, 2.11.5

- 7 July 2010 - GMT

We are delighted to announce the release of a new development version of phpList.This version is not yet ready for general use, but is for the courageous amongst you to try out and play with.

Before we are able to consider this version stable, quite some testing will need to be done. For example, we haven't really tested upgrade to this version from the latest stable. If you want to help out, please play with it, and report your findings in mantis , marking the issue for version 2.11.5

This version has quite a large amount of changes. Below we are giving a summary of what has changed, but in fact loads more changes have been made. The most important change to keep in mind that phpList will no longer work with PHP4.



WebReference has published an article on how to setup, manage and even hack phpList. This mostly applies to phpList when you download it to your own server. Our phpList Hosted service has phpList all installed and configured.

"Find out how to set up -- and when necessary, hack -- phpList on your
server to get the most out of this popular email campaign manager."


new stable version, 2.10.12

- 23 April 2010 - GMT

Quite soon after the previous release, we are pleased to announce the release of a new stable version. The most important fix is the import of users using a CSV file, which broke in the previous version.


new stable version, 2.10.11

- 9 April 2010 - GMT

We are pleased to announce the release of a new stable version. This version fixes a range of bugs reported by the community. We would like to thank all the persons involved in their great support to provide patches for problems found.


phpList and Joomla

- 14 May 2009 - GMT

Joomla users may be interested in a subscription service provided by Dioscouri. We haven't tried it, but the screenshots look very good. For more information check out their website .


new stable version, 2.10.10

- 5 May 2009 - GMT

HI there,

This release is aimed at hardening the security in phpList. Several changes have been made to eliminate potential attack vectors.
It also includes:

  • Some bug fixes
  • Internationalization additions
  • Re-enable image upload in fckeditor
  • Improves mime encoding to avoid attachment corruption

It is mainly a minor release, but we wanted to make this fixes available.
For more information please visit the mantis changelog page.

Upgrading your current version

  • Unpack the new packaged version into a new "lists" directory.
  • Try it out.
  • Backup the database (this might not be needed if you are upgrading from 2.10.9)
  • Then update it as mention on the admin page (there is a link once you update).
  • Once you feel confortable you can move the old code into a new directory and rename this new one with the old name.

Once that is ready the new version is available for the public into the URL you were using.

Please go to the forum if you have questions.



phpList Team

security update version 2.10.9

- 29 January 2009 - GMT

We've released version 2.10.9 that fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access.

Everyone using any version up to this one is advised to upgrade as soon as possible. Any clients hosted by Tincan have already been patched or upgraded.



security update, version 2.10.8

- 9 December 2008 - GMT

Recently a vulnerability was found that allows unauthorized access to files locally on the server that phpList is hosted on. We have released version 2.10.8 to fix this issue. Everyone using a version prior to this version is strongly recommended to upgrade.

We want to thank Paul Myatt for reporting this vulnerability and handling the issue in a responsible manner.


new stable release, 2.10.7

- 27 October 2008 - GMT

We've released a new stable version of phpList. This version is a security update, that fixes a vulnerability that was found in the FCKeditor that is shipped with phpList. We strongly advise everyone to upgrade to this release.


new stable release, 2.10.5

- 3 September 2007 - GMT

We have just released a new stable version: 2.10.5. For more information, check out the releasenotes . To get it, go to the download page.

version 2.11.3

- 28 February 2007 - GMT
We've released a new development version. Some new exciting things have been added, like a bandwidth calculation of the mailout, and clever click track links in the emails.

You can download it from Sourceforge and you can read more about it in the Release Notes

new development version 2.11.2

- 3 January 2007 - GMT
a new development version of phplist has been released. This is not a version of the software that normal users should use. It is the future of phplist, but not just yet for everyone. If you want to have a play with it, go over and download it. Feedback always appreciated in Mantis Read more...

version 2.10.4 is out

- 28 December 2006 - GMT
happy new year everyone. Version 2.10.4 of phplist has now been released. This version fixes several bugs, and adds one feature, an anti spam method to stop spammers adding invalid users to the system. Also, the FCKeditor has been updated to version 2.3.2.

CVS version back online

- 14 December 2006 - GMT
You can now follow the latest developments of phplist, by checking out the CVS Version of the demo.

Please note, in the demos, changes are reset every hour.

phplist drops below 10.000 on Alexa

- 1 December 2006 - GMT
It was likely to happen soon, as the daily and weekly averages were often below 10.000 but it has now actually happened. The Alexa Ranking of phplist is below 10k.

Ok, as already discussed on Slashdot the figures should be taken with a pinch of salt, but we're excited about it anyway.


phplist in Japanese

- 18 November 2006 - GMT
If you are, or can read and use, Japanese, you will probably want to check out the new Phplist Japanese project on SourceForge.

It even has it's own phplist website on

As I have no idea what it says, I presume it will be helpful. for those who can read it.
As gradually Nobel Prize Winners are announced, you can sign up to get the latest news from the Nobel Committee at their website. And it is powered by phplist!

version 2.10.3 is out

- 7 October 2006 - GMT
I've just released version 2.10.3.

This version is mostly a bugfix and security fix update. It's highly recommended to upgrade your systems.

Get it from the download page, and some more information at

Featured site on Wikkawiki

- 6 September 2006 - GMT
phplist is listed as a featured site on
You may have to reload that page a few times to make phplist appear, as it seems to be running from some random content system. I hope their servers can handle the demand.

We use this Wiki engine for our documentation section. Read more...


- 9 August 2006 - GMT
We've added some screenshots to the site, so you can have an idea of what phplist looks like, but you can always try the DEMO as well, of course.

New Website for phplist!

- 14 July 2006 - GMT

Welcome to the all new phplist dot com!

We hope you enjoy it, and that it serves the phplist community better! Now you can quickly and easily find and navigate between the online documentation wiki, the forums, issue tracker, and other general information.


Security Announcement

- 11 April 2006 - GMT
A new security issue has been discovered in phplist.

Not all installations are vulnerable, but you are vulnerable if:

- you have "register_globals" ON in your PHP settings
- you use PHP 4 that is older than version 4.4.1
- or you use PHP 5 that is older than version 5.1.0 Read more...

Security Announcement

- 5 November 2003 - GMT
Recently two vulnerabilities have been found in older versions of PHPlist. Everyone is urgently advised to upgrade to the latest release.
Affected Versions: any version before 2.6.4