Test of release 3.7.0 - RCs

[michield]

Things we need to check on the new 3.7.0 release.

• [x] #1086 avoid unsubscribes with jo=1 and HEAD requests
• [x] #1085 #1081 ckeditor4 plugin
• [x] #1085 updater plugin (may be tricky to test)
• [ ] #1084 login check on IPv6
• [ ] #1071 ckeditor5
• [ ] #1064 saml login
• [x] #1063 bounce processing with imap
• [ ] REST API

[phpListDockerBot]

This issue has been mentioned on phpList Discuss. There might be relevant details there:

https://discuss.phplist.org/t/3-7-0-release-candidate-ready-to-test/10292/1

[michield]

#1088 ckeditor updated to the latest 769209a580c069958f0399e468992966a71c01b2 saml2 plugin added

[michield]

• TESTING #1063 bounce processing with imap plugin

• configured a bounce mailbox

• ran "phplist -pprocessbounces"

• it fetched the mails from the bounce mailbox

• removed php-imap from the docker container (apt remove php-imap)

• sent another test mail to the bounce address

• ran "phplist -pprocessbounces"

• it still managed to fetch the mails from the mailbox

I consider that a PASS.

[michield]

TESTING #1085 updater plugin (may be tricky to test)

• Edit vi /var/www/phpList3/public_html/lists/admin/init.php
• change define("VERSION","whatever it is"); to define("VERSION","3.6.15");
• enabled updater plugin
• run update of code
• it updated to 3.6.16

I consider that a PASS

[michield]

While on 3.6.16 (from the previous test)

TESTING #1082 avoid unsubscribes with jo=1 and HEAD requests

• add a subscriber [email protected]
• run curl request for HEAD of this user (using their uniqid)

curl -I http://localhost/lists/?p=unsubscribe\&uid=4288f42934903f5000f08dfe738aea11\&jo=1
HTTP/1.1 200 OK
Date: Thu, 26 Jun 2025 21:56:47 GMT
Server: Apache/2.4.62
Set-Cookie: phpListSession=b4011670t6n7bplb8dtt71jol4; path=/; HttpOnly; SameSite=Strict
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: http://localhost
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8

• notice the user is marked blacklisted and unsubscribed (proof of the issue)
• update to the original version (restart the docker stack)
• create subscriber [email protected] again
• run curl request HEAD for this user

curl -I http://localhost/lists/?p=unsubscribe\&uid=2aac365be7a628aac7b83acac1a8094a\&jo=1
HTTP/1.1 200 OK
Date: Thu, 26 Jun 2025 22:03:23 GMT
Server: Apache/2.4.62
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=UTF-8

• notice the user is not unsubscribed (issue fixed).
• notice it is not logged anywhere (opportunity for improvement)

I consider this a PASS

[michield]

• ckeditor5 needs at least the "source" button added
• ckeditor5 on my local system adds a /s/ to the URL of an image that is uploaded

FAIL

[michield]

• saml plugin wasn't included

FAIL

[michield]

• Common plugin reports version https://github.com/bramley/phplist-plugin-common/releases/tag/3.34.2
• CKeditor plugin reports version https://github.com/bramley/phplist-plugin-ckeditor/releases/tag/2.8.2

PASS

[gregoa]

(Sorry for the late reply, I didn't use phplist again until today.)

TESTING #1082

I reverted index.php to the original version (i.e. dropped my local workaround) and then applied #1086. And then I sent out a new newsletter and crossed my fingers 🤞

Result: no unsubscriptions so far after ~150 emails (among them lots of microsoft-handled ones). I guess that counts as a PASS.

Thanks for fixing this problem!