Sure? I have downloaded 3.5.5 and if I open the file phpmailer.php from /vendor/phpmailer/phpmailer/src/PHPMailer.php … I see in the comments header Version 5.5 (!)
…
/**
PHPMailer - PHP email creation and transport class.
Ok - I have checked the code base of the current version against the version that comes with Kirby 3.5.5 and you’re right. It’s the newest one. The 5.5 was the PHP version, my mistake. Sorry!
I understand your concerns. Please don’t worry, security issues in dependencies are automatically reported. In addition, we always check manually before each new release.
Thank you again for reporting. If you think there is a security issue next time, please follow these steps: