This release contains security fixes – you should upgrade as soon as possible.
phpList 3.4.3 includes new aggregated domain statistics, new options for embedded sign-up forms, a new REST API action, plus six additional features, and eight fixes.
Use the Automatic Updater to get it, or see the Download page for full installation and upgrade instructions.
Changes in this release
Security fixes:
- Add a check to confirm a list is not private before adding a subscriber to it from the “Subscribe” or “Update preferences” pages — thanks to Laura Chan of the University of Victoria for reporting, see the pull request
- Escape title value in “Edit subscribe page” to prevent attacks — see the pull request
New aggregated domain statistics
The domain statistics page includes a new table that lists domains with the highest number of bounces. Each domain links to a new page which shows aggregated performance statistics for each of those records, specifically: bounce rate and view rate. These high level statistics are therefore accessible for the first time, and are useful in diagnosing deliverability issues to particular important mail hosts. Patterns of remote, recipient mail hosts blocking or not delivering campaigns are now easier to identify.
REST API action: count list subscribers
A new action has been added to the new REST API allowing you to get the number of subscriber of a given list directly.
For this and other supported actions of the REST API please check the API Blueprint documentation here.
Features and usability improvements
- Added optional Sender ID header support and configuration, to allow phpList compliance with feedback loop services which use it (e.g. Gmail and Microsoft) – thanks to utagawal, see the pull request
- Added support for setting list membership and HTML preference via HTTP GET vars for remote subscriptions / ajax / form submissions and – thanks to @lwc, see the pull request
- Added data verification for $_GET[‘list’] and $_GET[‘htmlemail’] — thanks to @lwc, see the pull request
- Add a check for required PHP modules that are missing and display an error message with the missing PHP module names if there is any, check the the pull request for the list of modules
- Display ‘bounce date’ instead of ‘bounce processing time’ on the Subscriber Profile page in order to avoid confusing data related to the bounce
- Before moving updated files in place via the Automatic Updater, run a version compare check for the downloaded copy of phpList to ensure that the downloaded version is an upgrade not downgrade (e.g. for RC releases)
Fixes
- On the “Manage Templates” page fixed the incorrect URL for the ‘Edit’ button
- Fixed 500 Internal Server Error in web developer network when using PHP version 7.2.0 or higher, thanks to @leftpinkie for reporting the issue and submitting the fix, see the pull request
- Stop an SQL syntax warning being displayed when running the ‘Send’ page from the command line – thanks to @duncanc , see the pull request
- Sanitise the plugin Category so that it can be used as an HTML ID attribute value and successfully linked to — thanks to @duncanc, see the pull request
- Update
$GLOBALS['jQuery']
to avoid a 404 error in the error log — thanks to @veltsu for reporting the issue - Remove duplicate page title on “Verify Database Structure” page
Other:
- Update chapters linked on the Help Section of the Dashboard.
1. How to create a campaign
2. How to use statistics
Known issues
- Since the upgrade of jQuery and associated scripts in phpList 3.4.0, when using the Trevelin theme, the Language menu within the main navigation has incurred an intermittent problem whereby on some page loads the menu is not visible. Refreshing the page frequently returns the menu to operation, and using browser debugg tools to make the menu visible using CSS also makes it temporarily accessible so that the language can be changed. You can track progress of this issue on the associated mantis issue 19988.
Community-made
This release is the work of Duncan Cameron, Lior Weissbrod, Utagawal, and other Open Source community members who have submitted bug reports and valuable feedback, as well as phpList Ltd. developers. To get involved in phpList development, check out the developer resources pages.
Report any issues you find with phpList 4 core or REST API to the corresponding repo on GitHub. Please read the contribution guide on how to contribute to these modules.
Support
Need help upgrading your phpList server to the newest version? Ask the community at discuss.phplist.org. Professional support from community experts, as well as manuals, source code, and developer resources, can be found at phplist.org. Report all bugs to the bugtracker!
Want to focus on campaigns and forget hosting headaches? Sign up at phplist.com for an account with everything included. Send from 300 free messages to 30 million messages per month — simple.