Mitigation of CVE-2016-10045
Incident Report for
PHPMailer verison 5.2.21 is released which solves CVE-2016-10045. Affected Customers have been informed directly. -
Posted over 1 year ago. Dec 29, 2016 - 12:18 CET
This is a follow up of our mitigation action from DRUPAL-SA-PSA-2016-004 (

It looks like the first patch of the vulnerability CVE-2016-10033 was incomplete. We're investigation actions and waiting for the patch to become available upstream.
Please note that the patch is not available yet. We'll update this issue as soon as the patch is available.
More information can be found here:

As cannot mitigate this issue from an infrastructure level, we informed all our clients which have PHPmailer 5.2.19 or earlier installed to update their codebase and with that fix their issue.
If you did not receive such an information, our scripts did not find your website affected and there is probably nothing to do as of right now (even though strongly suggests to keep all websites up to date at any time).
Posted over 1 year ago. Dec 28, 2016 - 09:52 CET