- February 12, 2024Action Required
Updated Mailchimp Transactional client librariesTransactional
We've published an updated package for the PHP client library that is compatible with PHP 8.2.
We've also published an updated package for the Node.js client library that uses the latest version of Axios to address a security vulnerability.
Older versions of the PHP client library caused errors when used with PHP 8.2.
A vulnerability was found in versions 0.8.1 through 1.5.1 of Axios, which unintentionally exposed the
XSRF-TOKENthat was stored in cookies by including it in the
X-XSRF-TOKENHTTP header for all requests to any host. This allowed malicious actors possible access to sensitive data. To address this issue, we have updated the Node.js client library to use the latest version of Axios.