Vulnerability on file upload fixed when having admin access to AcyMailing pages. Any wrong file uploaded will be cleaned during the update
We strongly recommend to update AcyMailing as soon as possible, more information will be added in the related CVE
This is a patch release to address a security issue on the file upload custom field. We highly recommend to update to the v6.2.2 as soon as possible for websites matching all of the following conditions:
If your website doesn't match one of these conditions it is not concerned by the security issue, but we still recommend you to keep AcyMailing updated when a new version is available.
There aren't much modifications in this version, but it had to be released as the "Send settings" step of the campaigns edition workflow could be blocked in some cases when scheduling the campaign, saving as draft then returning on this step.
This version is mainly an improvements and maintenance release, mainly focusing on the editor and sent emails.
This is a security release meant to patch XSS vulnerabilities in AcyMailing, we advise our users to update it as soon as possible.
More generally, you should always keep your Joomla / WordPress version up-to-date, and of course the same goes for AcyMailing and all the other extensions and plugins you use on your website.
This is the first version of AcyMailing v6 series.
The main theme for this version is the GDPR, as the 25th of May 2018, the General Data Protection Regulation will be applied. In addition to the new options and modifications we added to AcyMailing, you will have to configure it correctly if you want to be GDPR compliant and we wrote an article that could help some of you for that 😉
On Thursday 22nd, one of our users reported a vulnerability in Excel (and other similar programs) that could be exploited through any CSV file opened
with it, including Acy user export files. The recommended solution to secure the CSV files is to prefix any value beginning with =, +, - or @ with a
As some users may directly use the exported CSV files in systems that don't automatically strip the tabs, we decided to add a new option on the export page to let you decide to disable this security if needed.
If you regularly open user export files and don't import them directly in other systems than AcyMailing, we strongly advise you to update and turn On this new option. It will be active by default on new installations.
More information here: https://vel.joomla.org/articles/2140-introducing-csv-injection
This minor version has been released to address an incompatibility with Joomla 3.8. It also contains some bug fixes
This is a quick release to fix an issue we introduced in our 4.7.0 version, if the user reset its password via Joomla, his subscription could be reset (if you display lists on your J! registration form).
Quick release to fix a compatibility issue which may produce a fatal error when using AcyMailing with your contact form.
AcyMailing is not compatible with PHP4 any more!
Please check your PHP version before updating to Acy 3.7.0
In order to stay compliant with the JED rules, JooMailing has been replaced by AcyMailing.
It's still exactly the same component and the update process will take care of everything.