I received a warning from my hosting provider about code injection vulnerability in PHPMailer: /libraries/vendor/phpmailer/phpmailer/class.phpmailer.php
I have the latest Joomla v3.9.26, checked the file "class.phpmailer.php" and it's the same as the original file from the Joomla installation. Found this about PHPMailer vulnerability:
Now, I am wondering what to do to fix this and satisfy my hosting provider? From the code, I see Joomla uses PHPMailer v5.2.28, while the current version on GitHub is v6.4.1: https://github.com/PHPMailer/PHPMailer/No action required for Joomla users, the updated library will be included in the next scheduled release and additional mechanisms exist in Joomla core to prevent triggering the vulnerability. Users of the PHPMailer library separate from Joomla are advised to upgrade to 5.2.20 or newer ASAP.
Please help.
Thanks,
Milos