reopen 429343 severity 429343 important thanks Hi,
> Moodle is not affected by this bug. Moodle's usage of the PHPMailer > functions is safe wrt to this bug. That's good news, which means there's no need for security advisories. However... > No upload needed to fix this. here I do not agree. The vulnerable code is still present, and I think it's unwise to be shipping code that's known to be vulnerable. The problem might resurface when someone (upstream, downstream) changes Moodle, or when someone takes the code to use it in a different project. The fix is trivial. Please apply it (or better: make sure upstream applies it), or remove the code altogether. thanks, Thijs
pgpeQ7EaVkAO7.pgp
Description: PGP signature