PHPFormMail 1.07.1 Released

(1 minute read)

1.07.1 is primarily a bug fix release.

The main bug that was fixed involved a security vulnerability for version 1.07.0 (only that version) that would allow the script to be an open relay if the webmaster had CHECK_REFERER set to false (and only if it was set to false) and did not use the $recipient_array. If you use 1.07.0 and CHECK_REFERER is set to false and you don’t use the $recipient_array you should upgrade immediately. All other configurations should not be affected by this vulnerability but upgrading to the latest version is always recommended.

There’s more info in the announcement and you can download it here.