eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-28 06:56:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'v1.28.3' into develop

Browse Source 
Release v1.28.3
This commit is contained in:
Ralph Slooten
2026-01-18 21:36:02 +13:00
parent 028ca1d715 eac491cd89
commit 980e54c21f
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
CHANGELOG.md
View File

@@ -2,6 +2,30 @@
Notable changes to Mailpit will be documented in this file.
## [v1.28.3]
### Security
- Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection ([GHSA-54wq-72mp-cq7c](https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c))
- Prevent Server-Side Request Forgery (SSRF) via HTML Check API ([GHSA-6jxm-fv7w-rw5j](https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j))
### Chore
- Fix formatting and update reporting instructions in SECURITY.md ([#614](https://github.com/axllent/mailpit/issues/614))
- Allow `@` character in message tags & set max length to 100 characters per tag
- Update Go dependencies
- Update node dependencies
### Fix
- Correctly render default addresses in release modal after settings change ([#594](https://github.com/axllent/mailpit/issues/594))
- Correctly detect macOS group in install.sh ([#619](https://github.com/axllent/mailpit/issues/619))
- Auto-tagging using SMTP username using plain auth ([#617](https://github.com/axllent/mailpit/issues/617))
- Validate maximum lengths of email addresses - RFC5321 (section 4.5.3.1)
### Test
- Update tag tests with length limits and `@` character
- Add SMTP tests for address compliancy (RFC 5322) and header injection
- Add maximum email length validation tests - RFC5321 (section 4.5.3.1)
## [v1.28.2]
### Security