eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-03-03 02:17:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,722 Commits 2 Branches 182 Tags
develop
Commit Graph

1722 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ralph Slooten
7d7ba88e9c Chore: Update Go dependencies 2026-01-18 12:22:46 +13:00
Ralph Slooten
973fc1f975 Merge branch 'feature/GHSA-6jxm-fv7w-rw5j' into develop 2026-01-18 12:00:09 +13:00
Ralph Slooten
1679a0aba5 Security: Prevent Server-Side Request Forgery (SSRF) via HTML Check API ([GHSA-6jxm-fv7w-rw5j](https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j)) 2026-01-18 11:58:24 +13:00
Ralph Slooten
4a4c149eed Formatting 2026-01-18 11:57:23 +13:00
Ralph Slooten
c01335f0e3 Merge branch 'feature/GHSA-54wq-72mp-cq7c' into develop 2026-01-18 11:53:11 +13:00
Ralph Slooten
181cb0714a Test: Add maximum email length validation tests - RFC5321 (section 4.5.3.1) 2026-01-18 11:51:23 +13:00
Ralph Slooten
00d52d5931 Fix: Validate maximum lengths of email addresses - RFC5321 (section 4.5.3.1) 2026-01-18 11:51:23 +13:00
Ralph Slooten
050da038af Test: Add SMTP tests for address compliancy (RFC 5322) and header injection 2026-01-18 11:51:23 +13:00
Ralph Slooten
36cc06c125 Security: Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection ([GHSA-54wq-72mp-cq7c](https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c)) 2026-01-18 11:50:33 +13:00
Ralph Slooten
2734efbc66 Test: Update tag tests with length limits and @ character 2026-01-17 11:22:19 +13:00
Ralph Slooten
7cda4a36f1 Chore: Allow @ character in message tags & set max length to 100 characters per tag 2026-01-17 11:12:45 +13:00
Ralph Slooten
45b3676e52 Fix: Auto-tagging using SMTP username using plain auth (#617) 2026-01-16 13:50:15 +13:00
BTC-Tim
d50347d667 Fix: Correctly detect macOS group in install.sh (#619) 2026-01-16 10:12:11 +13:00
Omar Kurt
c035139b54 Chore: Fix formatting and update reporting instructions in SECURITY.md (#614) 2026-01-11 10:24:58 +13:00
Ralph Slooten
3108d82e06 Fix: Correctly render default addresses in release modal after settings change (#594) 2026-01-10 22:19:18 +13:00
Ralph Slooten
648d5863da Merge tag 'v1.28.2' into develop 
Release v1.28.2
 2026-01-10 16:16:14 +13:00
Ralph Slooten
585ea1dc30 Merge branch 'release/v1.28.2' v1.28.2 2026-01-10 16:16:06 +13:00
Ralph Slooten
c66a06379a Release v1.28.2 2026-01-10 16:16:05 +13:00
Ralph Slooten
c5c9292863 More reliable handling for default release email editing 2026-01-10 15:56:19 +13:00
Ralph Slooten
6f1f4f34c9 Security: Prevent Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to message data [CVE-2026-22689](https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm) 2026-01-10 15:42:14 +13:00
Ralph Slooten
877a9159ce Delay bootstrap-tags init until after render 2026-01-08 16:23:24 +13:00
Ralph Slooten
c4582889ad Update default release address wording 2026-01-08 16:20:00 +13:00
Ralph Slooten
cd1cf695b9 Merge branch 'feature/default-release-address' into develop 2026-01-08 16:04:23 +13:00
Ralph Slooten
392904fd23 Chore: Avoid empty URL query parameter when returning to inbox from message view 2026-01-08 16:03:35 +13:00
Ralph Slooten
f0160c0e29 Feature: Allow default mail addresses to be set when releasing message (#594) 2026-01-08 16:03:35 +13:00
Ralph Slooten
f9024d1f77 Chore: Remove webkit warnings about missing template / render functions 2026-01-08 16:03:34 +13:00
Ralph Slooten
061f159293 Merge tag 'v1.28.1' into develop 
Release v1.28.1
 2026-01-06 15:38:14 +13:00
Ralph Slooten
e69a0d75c9 Merge branch 'release/v1.28.1' v1.28.1 2026-01-06 15:38:11 +13:00
Ralph Slooten
0847167694 Release v1.28.1 2026-01-06 15:38:11 +13:00
Ralph Slooten
6dd3587ec6 Move security commits to top of list 2026-01-06 15:35:49 +13:00
Ralph Slooten
2d1e38d4fd Chore: Update node dependencies 2026-01-06 15:34:20 +13:00
Ralph Slooten
153174f928 Chore: Update Go dependencies 2026-01-06 15:34:20 +13:00
Ralph Slooten
3b9b470c09 Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr) 
This fix prevents unrestricted network probing via the screenshot proxy by limiting requests to images, fonts and CSS links found within a message, and returns a generic HTTP error to the client when unsupported content types are requested, not found, or otherwise disallowed.

See CWE-918 Server-Side Request Forgery (SSRF)
 2026-01-06 15:33:50 +13:00
dependabot[bot]
dd99a4bcf0 Chore: Bump esbuild from 0.25.12 to 0.27.2 (#611) 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.25.12 to 0.27.2.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.12...v0.27.2)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.27.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:16:37 +13:00
dependabot[bot]
5bf2f2796b Chore: Bump actions/setup-node from 5 to 6 (#598) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:13:15 +13:00
dependabot[bot]
a469655f65 Chore: Bump actions/stale from 10.0.0 to 10.1.1 (#604) 
Bumps [actions/stale](https://github.com/actions/stale) from 10.0.0 to 10.1.1.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v10.0.0...v10.1.1)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:12:43 +13:00
dependabot[bot]
432fedeafa Chore: Bump actions/cache from 4 to 5 (#607) 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:12:15 +13:00
dependabot[bot]
37e4ff4139 Chore: Bump actions/checkout from 5 to 6 (#610) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 22:11:51 +13:00
Ralph Slooten
2808316dd2 Temporarily disable swagger validation due to persistent service issues 2025-12-22 17:12:35 +13:00
Ralph Slooten
43d759b0fc Update close-stale-issues workflow to include close-issue-reason 2025-12-22 16:45:44 +13:00
Ralph Slooten
264222d599 Test: Increase swagger test timeout 2025-12-20 17:07:36 +13:00
Ralph Slooten
5e4bdb78b8 Test: Add inline message tests 2025-12-20 16:45:57 +13:00
Ralph Slooten
fc9572156b Merge tag 'v1.28.0' into develop 
Release v1.28.0
 2025-11-26 17:44:28 +13:00
Ralph Slooten
d52a0d550f Merge branch 'release/v1.28.0' v1.28.0 2025-11-26 17:44:26 +13:00
Ralph Slooten
fcce621f18 Release v1.28.0 2025-11-26 17:44:26 +13:00
Ralph Slooten
f4cd19aac2 Merge branch 'feature/updates' into develop 2025-11-26 17:33:38 +13:00
Ralph Slooten
46ccf866b2 Chore: Update caniemail test database 2025-11-26 17:32:49 +13:00
Ralph Slooten
266611fda0 Chore: Update node dependencies 2025-11-26 17:32:18 +13:00
Ralph Slooten
fe3920e3c6 Chore: Update Go dependencies 2025-11-26 17:29:03 +13:00
Ralph Slooten
ac02802d62 Merge branch 'feature/relay-smtp-errors' into develop 2025-11-26 16:34:39 +13:00