PHPMailer Pro Changelog
v2026.6.6.2 - 17 Jun 2026
- PHPMailer Pro now requires PHP Version 8.2.0 or greater
(previous versions deprecated and may pose security risks)
- fixed an error from the development process where the SMTP connect process
was transposed ... result was that in a database situation where individual
customized emails were sent out (one at a time), only the first would succeed
with no error messages generated for 2nd and on.
v2026.6.6.0 - June 06 2026
- now supports base64 encoded images in <img tags
- $mail(); equivalent to $mail->send(SMTP);
which is also equivalent to $mail->send();
from adding a magic method (--invoke())
- removed two lines of code that were unused variable declarations
- fixed default smtp hostname
- modified line endings and spacing in email header and body to
accommodate servers that have wavered from RFC spec ("\r\n" to "\n)
- fixed IsExploitPath, now will force a critical stop if an exploit
is found
- fixed header CRLF (switched to LF)
- simplified mime type detection
- added duplicate image (attachments, inline) checker
will not upload if duplicate
- added ability to have an inline image that displays in HTML body,
and a second copy that can be downloaded (by click) as an attachment
(second copy is optional)
- type declarations added to all properties
- modified domain name check, checkdnsrr not working for sub domains
v2024.1.2.3 - 18 Feb 2024
- fixed an issue with the Sendmail functionality where some errant
code is breaking message output ... three lines of code had to be
removed - those are:
if ($to!='') {
fwrite($bk[0], "To: " . $to . self::CRLF);
}
- in version 1.1.0 those appear at lines 1770 to 1772
- in version 2024.1.2.1 those appear at lines 1516 to 1518
(remove all three lines) to fix issue - fixed in v2024.1.2.3
- type declarations added to all properties
v2024.1.2.1 - 10 Feb 2024
* VERSION NOTE: the year will now precede the version number
* note skipped versioning above 1.1.0 ... ended up sending out a
development version, numbered 1.2.0 and needed to make a distinction
from the release version (there was an error in 1.2.0)
- PHPMailer Pro adds 'IMAP' (send only) as transport
- PHPMailer Pro no longer supports PHP mail() tranport
- PHPMailer Pro no longer creates a Text message from the HTML version
that is the responsibility of the sender, if text message is
empty, it will be created as empty
- SetTypeHTML() is now deprecated and will be removed from a future
release (it is no longer used from this version on)
- IsSMTP is deprecated and removed
- UseSMTP is deprecated and removed
- added ability to select a transport method by way of the Send()
method ... ie. $mail->Send('sendmail');
- default remains 'smtp'
- order is 'smtp', 'sendmail', 'imap'
- if smtp not available, sends via sendmail
- if sendmail not available, sends via imap
- added ability to include full email to user's own Sent mailbox
- requires adding
- $mail->imapHost, $mail->imapUsername, $mail->imapPassword
- and setting $mail->imapAddToSent to true;
(although this seems redundant, it will be used at later date)
v1.1.0 - 26 December 2023
- namespace has changed from codeworxtech to codeworxtech\PHPMailerPro
due to conflict with calls from other classes
- modified functions to process/parse email addresses
(patterned after PHP built in command, but with more abilities)
- modified email headers
- notable additions to aid in proof of delivery and tracing
added X-Sender-Date (date/time/timezone)
added X-Originating-IP (sender IP address)
- added mimeMail as public method to facilitiate accessing entire
message for post processing (ie. using with imap_append)
note: available after send operation
- from this version on, PHPMailer2 will also be known as PHPMailer Pro
v1.0.0 - 28 November 2023, first production ready release
- see release notes from v1rc2
v1rc2 - not released, extensive testing undertaken
* NOTE MAJOR CHANGE: default transport is now SMTP (un-authenticated)
- modified IsShellSafe code to add a check where several hosts
disabled one of the checks, allows for two checks (one failsafe)
- modified the send code, after testing on multiple hosts, the
original code was disabled in the php.ini of about half the hosts
- remove all references to escapeshellcmd and escapeshellarg - both
were not necessary as used, and disabled as security risks on
many hosts
- changed the path traversal exploit code so that it would allow for
single period and double period as valid paths. Now checks that
path traversal does not go past the document root.
- changed exploits functions: decode prior to evaluations
- changed exploits functions: "normalize" slashes to server default
- added property 'rootPath' used in path traversal and allows for
user modification (for example, to go up one level from root)
v1rc1 - 01 May 2022
[Notes: This is a fairly significant update.
A critical review of all the properties and methods show that some
were left over from working around the limitations of older
versions of PHP. Many updates, some removed entirely, some changed
to modern equivalents. While this is still a 'b' version
(indicating beta) I am using it in a production environment. Use
cautiously and test.]
- all strings are now in Language variables
(and launched a new language file editor at https://phpmailer2.com/lang/)
- removed duplicate "Message-Id" in header
- change in message header structure
- change in message body boundaries and wrappers
- change in encoding (removed method Base64EncodeWrapMB and replaced
with MS_Mb_Encode)
- change in handling header multibyte strings with a new method
"Is_Multibyte" to determine if the string contains multibyte
character(s) before applying encoding
- change in handling multibyte Subject lines with a new method that
encodes and correctly splits long subject lines.
- new feature added to handle iCalendar messages complete with RSVP
button handling
- method "EncodeHeader" deprecated and deleted (replaced)
- method "EncodeString" deprecated and deleted (replaced)
- method "EncodeFile" deprecated and deleted (replaced)
- method "EncodeQ" deprecated and deleted (replaced)
v0.7b - 20 March 2022 initial public release