Earlier this month, Ensim released a hotfix to upgrade the phplist PowerTool, a newsletter manager, from 2.7.2 to 2.10.4. Unfortunately the upgrade hotfix failed. A new hotfix has now been released to resolve the issue. The fix is available for phplist on Ensim 10.0.0, 10.1.0, 10.2.0.
If you are still using phplist 2.7.2, please consider updating your package. phplist 2.7.2 is very outdated. A number of security issues have been fixed since 2.7.2, including several Cross Site Scripting (XSS) and SQL injection vulnerabilities. You can read more about all the improvements since the 2.7 versions in the phplist release notes.
Please note that PowerTool updates do not update existing installations of the tool, they only make the updated tool available for new installations. Existing installations need to be updated individually.
Keeping add-on software such as this up-to-date is one of the easiest ways to improve security on your server. We regularly conduct incident investigations that lead us back to an exploit in an outdated forum, content manager or other add-on. Often incidents could have been avoided if add-ons had been kept up-to-date.
