A critical vulnerability has been discovered in PHPmailer, a thirdparty component used by Typesetter CMS.
The current version 5.2.14 which is implemented in Typesetter CMS should be updated IMMEDIATELY to 5.2.21
… other way to be notified of security issues which should be addressed in between Typesetter upgrades?
Although we had 2 such cases in 2016, they are fortunaltely very rare with Typesetter.
So, to answer your question, there is yet no official channel for that purpose.
If Josh would add a 'Security' forum chapter, anyone could follw it. Should be considered IMO.
For the time being, you could subscribe to my blog feed on my Typesetter Addons page -> http://typesetter-addons.grafikrausz.at/Blog_Feed
While this blog is meant to announce new addon versions, I do also post security issues there (of course I can only report things I'm aware of).
if these files have be added and are now part of the latest full Typesetter 5.0.3 installation zip download?
No. Thomas issued a pull request on GitHub but it has not been merged yet.
You will have to fix every new installation manually until Typesetter 5.0.4 (or whatever version) will be released.
Thanks for bringing this up! I got a security message from Gentoo (the linux distro I use) about this vulnerability, but I didn't realize phpmailer is part of Typesetter. Worth noting as well is that at least one Typesetter addon "Special Contact Form" also includes phpmailer.
It would be a good idea for anyone to search for these four files on their webserver, if running multiple sites, multiple software, etc.
Find out more about our Provider Spotlight