This release contains security fixes – you should upgrade as soon as possible.

phpList 3.4.0 is a significant update that incorporates many changes. These include jQuery security updates for phpList 3, a new campaign template, and the introduction of the new REST API powered by phpList 4.

Use the Automatic Updater to get it, or see the Download page for full installation and upgrade instructions.

Changes in this release

Security

jQuery for phpList 3 admin pages has been upgraded to version 3.3.1. This update addresses two upstream vulnerabilities from 2018. Thanks to forum user Kathleen Garland for reporting. Change permissions of the /plugins directory to 755 to improve security and fix compatibility with suPHP — thanks to Duncan for reporting.

New REST API

The new REST API is included for the first time which, when enabled, allows other software systems to interact with phpList in a variety of ways, such as managing subscribers, lists, and campaigns. The API currently supports a limited number of actions which are increasing over time. it is disabled by default. For system requirements and usage information see the new chapter of the phpList manual: API and Integrations.

A simple example of a REST API client can be accessed here.

New stock campaign template

A new stock campaign template is available in this release. It is based on the ‘Really Simple Free Responsive HTML Email Template’ by Lee Munroe, adapted by forum user Angel Gonzalez for phpList. A new stock template selection system provides access to the new template, accessible from the ‘Campaign Templates’ page.

Usability Improvements

The Automatic Updater is out of beta and update notifications have replaced the previous notification system. Two settings allow management of update notifications: All update notifications can be turned off in the config.php file If update notifications are switched on, then Release Candidate update notifications can be switched off via the ‘Settings’ page — see the pull request The setting ‘check_new_version’ for controlling update polling frequency has been depreciated – the interval is now 3 days Bounces to system messages are now associated with the subscriber they belong to for the first time. This means you can view all bounces relating to a subscriber, regardless of the kind of message that caused it, in one place within the Subscriber’s profile page — see the pull request Lists now honor the list order configured on the ‘Edit a subscribe page’ page even when public list categories are used — thanks to Duncan, see the pull request

Fixes

Made use of CONTACT placeholder case-insensitive. Removed extraneous space from CONTACT placeholder links which broke some URLs– thanks to Duncan, see the pull request. Improved wording and fixed typo in the transactional email containing personalised preferences links requested by subscribers.

Community-made

This release is the work of Duncan Cameron, Angel Gonzalez, Kathleen Garland and other Open Source community members who have submitted bug reports and valuable feedback, as well as phpList Ltd. developers. To get involved in phpList development, check out the developer resources pages.

Report any issues you find with phpList 4 core or REST API to the corresponding repo on GitHub. Please read the contribution guide on how to contribute to these modules.

Support

Need help upgrading your phpList server to the newest version? Ask the community at discuss.phplist.org. Professional support from community experts, as well as manuals, source code, and developer resources, can be found at phplist.org. Report all bugs to the bugtracker!

Want to focus on campaigns and forget hosting headaches? Sign up at phplist.com for an account with everything included. Send from 300 free messages to 30 million messages per month — simple.