Ralph Slooten
cd7661fd5b
Merge tag 'v1.30.3' into develop
...
Release v1.30.3
2026-06-27 21:28:14 +12:00
Ralph Slooten
6acf5b8f94
Merge branch 'release/v1.30.3'
2026-06-27 21:28:11 +12:00
Ralph Slooten
1289635f71
Release v1.30.3
2026-06-27 21:28:10 +12:00
Ralph Slooten
bf4b6e6515
Chore: Update node dependencies
2026-06-27 21:18:54 +12:00
Ralph Slooten
9d09cb1e28
Fix: Handle MaxBytesError in SendMessageHandler and return JSON error response
2026-06-27 21:16:30 +12:00
Ralph Slooten
acad7f4806
Chore: Update Go dependencies
2026-06-27 21:15:05 +12:00
Ralph Slooten
c57325e475
Feature: Add link check rate limiting and caching mechanism
2026-06-25 20:30:18 +12:00
Ralph Slooten
9dbb092447
Fix: Refactor Web UI configuration definitions in Swagger documentation
2026-06-19 21:51:55 +12:00
Ralph Slooten
7da82df24d
Fix: Update Swagger response definitions for MessageHeadersResponse ( #703 )
2026-06-19 21:45:42 +12:00
Ralph Slooten
c160224ad7
Fix: Correctly parse after/before datetimes with timestamp in search query ( #704 )
2026-06-17 16:12:46 +12:00
Ralph Slooten
238251e19b
Merge tag 'v1.30.2' into develop
...
Release v1.30.2
2026-06-17 15:36:50 +12:00
Ralph Slooten
0fb1c79f4b
Merge branch 'release/v1.30.2'
2026-06-17 15:36:48 +12:00
Ralph Slooten
bf37405472
Release v1.30.2
2026-06-17 15:36:48 +12:00
Ralph Slooten
f1c325c5c3
Fix formatting
2026-06-17 15:28:20 +12:00
Ralph Slooten
66f066bd97
Chore: Update node dependencies
2026-06-17 15:25:20 +12:00
Ralph Slooten
e6c92ff267
Chore: Update Go dependencies
2026-06-17 15:24:25 +12:00
Ralph Slooten
f2089b9366
Merge branch 'bugfix/GHSA-w4mc-hhc6-xp28' into develop
2026-06-17 15:23:25 +12:00
Ralph Slooten
ba27d695c2
Chore: Update Github Actions dependencies
2026-06-16 21:33:45 +12:00
Ralph Slooten
a88dadbbe1
Security: Fix incomplete SSRF protection in IsInternalIP() detection for IPv6 transition mechanisms (GHSA-w4mc-hhc6-xp28)
2026-06-14 08:09:59 +12:00
Ralph Slooten
fc83f4881a
Fix: Adjust header setting order in error response functions ( #699 )
2026-06-13 08:46:15 +12:00
Ralph Slooten
2db18f671f
Chore: Toggle websocket compression using HTTP compression setting
2026-06-12 20:33:59 +12:00
Ralph Slooten
8747cd81f9
Chore: Compress websocket messages once per broadcast to improve performance ( #695 )
2026-06-11 20:09:42 +12:00
Ralph Slooten
ddfeab89d9
Merge branch 'feature/readyz' into develop
2026-06-11 16:35:35 +12:00
Ralph Slooten
1e549eab06
Test: Add readyz tests
2026-06-11 16:32:14 +12:00
Lyapunov Vadim
deeab9b04c
Feature: Add wait support to readyz ( #697 )
2026-06-11 16:32:10 +12:00
Ralph Slooten
78fa3db33e
Don't print allowed CORS origins when there are none (empty)
2026-06-11 16:22:24 +12:00
Ralph Slooten
a68499fa4e
Don't print allowed CORS origins when there are none (empty)
2026-05-28 22:07:29 +12:00
Ralph Slooten
5c03d89109
Merge tag 'v1.30.1' into develop
...
Release v1.30.1
2026-05-28 22:00:36 +12:00
Ralph Slooten
16a8f9632c
Merge branch 'release/v1.30.1'
2026-05-28 22:00:31 +12:00
Ralph Slooten
84821d13f9
Release v1.30.1
2026-05-28 22:00:30 +12:00
Ralph Slooten
ed26e0a879
Chore: Update caniemail test database
2026-05-28 21:58:51 +12:00
Ralph Slooten
7ddf44822e
Chore: Update node dependencies
2026-05-28 21:58:28 +12:00
Ralph Slooten
baf06b0499
Chore: Update Go dependencies
2026-05-28 21:55:04 +12:00
Ralph Slooten
2ce675cc10
Security: Disable GitHub Actions credential persistence for checkout steps
2026-05-28 21:41:18 +12:00
Ralph Slooten
c1c98442df
Security: Do not use npm cache to prevent cache poisoning
2026-05-28 21:36:01 +12:00
Ralph Slooten
3fb1b5e59c
Chore: Update Github Action workflows
2026-05-28 21:28:47 +12:00
Ralph Slooten
83a183157d
Security: Pin Github Actions workflow versions using full commit SHA
2026-05-28 19:55:08 +12:00
Ralph Slooten
5754c821d3
Security: Extend request body size cap to all JSON API endpoints (GHSA-28pq-6qxg-wg5r)
...
The fix for GHSA-fpxj-m5q8-fphw only capped POST /api/v1/send.
Four sibling endpoints (SetReadStatus, DeleteMessages, SetMessageTags,
ReleaseMessage) decoded json.NewDecoder(r.Body) with no size limit,
allowing an unauthenticated attacker to drive unbounded memory growth
via a large IDs array.
Apply a 5 MB cap in middleWareFunc so all current and future API
handlers inherit it automatically. POST /api/v1/send is exempt via a
bodyLimitKey context value set in sendAPIAuthMiddleware, preserving
its existing config.MaxMessageSize (default 50 MB) limit.
Also fix TestAPIv1SendMaxMessageSize, which was broken by a Go 1.26
change: json.Decoder now wraps reader errors in *json.SyntaxError
rather than returning *http.MaxBytesError directly, causing the
errors.As check to miss it and return 400 instead of 413. Reading
the body with io.ReadAll before decoding surfaces the raw error,
restoring correct 413 behaviour on Go 1.25 and 1.26.
2026-05-28 19:41:32 +12:00
Ralph Slooten
fdf3cde030
Explicitly ignore errors on search text extraction
2026-05-26 16:47:55 +12:00
Ralph Slooten
24f898ac67
Chore: Change log level to Info for database vacuuming message ( #688 )
2026-05-26 16:46:42 +12:00
Ralph Slooten
93d2222d62
Chore: Enhance schema application logging ( #688 )
2026-05-24 11:40:39 +12:00
Ralph Slooten
67a7ca83ff
Update comments for clarity
...
Resolves #687
2026-05-20 18:01:11 +12:00
Olle Jonsson
4e150d81e4
Fix the Build & release badge ( #685 )
2026-05-18 20:26:54 +12:00
Ralph Slooten
2cc5168e97
Merge tag 'v1.30.0' into develop
...
Release v1.30.0
2026-05-14 16:59:31 +12:00
Ralph Slooten
af8756a32c
Merge branch 'release/v1.30.0'
2026-05-14 16:59:29 +12:00
Ralph Slooten
a9058f40db
Release v1.30.0
2026-05-14 16:59:29 +12:00
Ralph Slooten
3b65ee936a
Chore: Update caniemail test database
2026-05-14 16:40:11 +12:00
Ralph Slooten
bb81b62357
Chore: Update node dependencies
2026-05-14 16:38:54 +12:00
Ralph Slooten
e27d30bda7
Chore: Update Go dependencies
2026-05-14 16:37:56 +12:00
Ralph Slooten
cae0f638af
Enhance sendmail functionality with message size limit and input validation
2026-05-14 16:36:27 +12:00
