- SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to
msgHTML()
is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls tomsgHTML()
without a$basedir
will not import images with relative URLs, and relative URLs containing..
will be ignored. - Add simple contact form example
- Emoji in test content