Ralph Slooten
0fee30d3df
Enhance install script: Improve help output, error messages, and user feedback
2026-03-22 18:35:48 +13:00
Ralph Slooten
1200ad0506
Merge tag 'v1.29.4' into develop
...
Release v1.29.4
2026-03-22 17:56:59 +13:00
Ralph Slooten
c12c6458a3
Merge branch 'release/v1.29.4'
2026-03-22 17:56:53 +13:00
Ralph Slooten
16f0c1416d
Release v1.29.4
2026-03-22 17:56:53 +13:00
Ralph Slooten
0e3441aba9
Chore: Update node dependencies
2026-03-22 17:52:31 +13:00
Ralph Slooten
2dc2145db7
Chore: Update Go dependencies
2026-03-22 17:48:59 +13:00
Ralph Slooten
9c2359eee5
Feature: Add filter functionality to message headers tab
...
This implementation is based on, and resolves, #626
2026-03-22 17:40:54 +13:00
Ralph Slooten
7b22d6a5f9
Fix: Refactor webhook delay & rate limit logic to ignore endpoint response times & prevent hardcoded 1000 message limit when set to 0 ( #656 )
2026-03-16 22:29:45 +13:00
Ralph Slooten
fcd964501a
Merge tag 'v1.29.3' into develop
...
Release v1.29.3
2026-03-10 15:29:51 +13:00
Ralph Slooten
3a222dd147
Merge branch 'release/v1.29.3'
2026-03-10 15:29:47 +13:00
Ralph Slooten
857cf78984
Release v1.29.3
2026-03-10 15:29:45 +13:00
Ralph Slooten
6802e24e55
Chore: Update node dependencies
2026-03-10 15:21:02 +13:00
Ralph Slooten
deaab34cdd
Chore: Update Go dependencies
2026-03-10 15:18:59 +13:00
Ralph Slooten
ee9863289a
Chore: Refactor timezone handling in searchQueryBuilder
2026-03-10 12:07:52 +13:00
Ralph Slooten
70037e96f4
Chore: Update Content-Disposition header to use inline display and escape filename
2026-03-10 12:03:35 +13:00
Ralph Slooten
fc0b016549
Chore: Improve transaction handling in pruneMessages and fix loop continuation in InitDB
2026-03-10 11:53:36 +13:00
Ralph Slooten
140633718c
Chore: Limit subject length to 100 characters in browser notifications
2026-03-10 11:31:21 +13:00
Ralph Slooten
f40911c580
Security: Escape ContentID in HTML replacement to prevent regex injection
2026-03-10 11:27:47 +13:00
Ralph Slooten
3073ef9afe
Chore: Replace localStorage retrieval with a dedicated function for default release addresses
2026-03-10 11:20:33 +13:00
Ralph Slooten
804d49b7ca
Chore: Set margin & padding to HTML screenshot to prevent transparent top/left border
2026-03-10 11:09:28 +13:00
Ralph Slooten
7d29dff5e7
Security: Enhance HTML sanitization in screenshot generation
2026-03-10 10:24:40 +13:00
Ralph Slooten
bc8a737d4f
Chore: Simplify HTML decoding function in screenshot generation using DOMParser
2026-03-10 10:04:47 +13:00
Ralph Slooten
b99be839a0
Security: Enhance HTML sanitization in message view
2026-03-10 10:02:10 +13:00
Ralph Slooten
c1db706677
Update inline TLS verification docs for healthcheck and link checks
2026-03-09 12:44:39 +13:00
Ralph Slooten
ab3fc5ead7
Chore: Use local hostname for EHLO/HELO in SMTP communication
2026-03-09 12:38:34 +13:00
Ralph Slooten
a72d42c8d4
Chore: Set timeout for HTTP client in webhook Send function
2026-03-09 12:34:50 +13:00
Ralph Slooten
f8052e1d56
Security: Limit proxy requests to 50MB to prevent OOM attacks
2026-03-09 12:31:17 +13:00
Ralph Slooten
267bf8b639
Security: Enhance CORS origin handling to respect host:port distinctions
2026-03-09 12:30:56 +13:00
Ralph Slooten
51e327f259
Fix: Update SQL query to use tenant when using is:tagged filter
2026-03-09 11:37:40 +13:00
Ralph Slooten
bb6bdf629d
Chore: Refactor events websocket middleware
2026-03-09 11:20:45 +13:00
Ralph Slooten
a0a4ebb943
Chore: Refactor API send authentication logic
2026-03-09 11:08:19 +13:00
Ville Skyttä
ba00ea5a21
Chore: Switch to math/rand/v2
...
Insignificant as in tests only, but there's no particular reason not to.
2026-03-07 22:54:04 +13:00
Ville Skyttä
2afc52c6fe
Chore: Refactor code with go fix
...
Done with `go fix ./...` using go 1.26.0.
2026-03-03 16:03:28 +13:00
dependabot[bot]
5e9c522402
Chore: Bump minimatch from 10.2.2 to 10.2.4
...
Bumps [minimatch](https://github.com/isaacs/minimatch ) from 10.2.2 to 10.2.4.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md )
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.2...v10.2.4 )
---
updated-dependencies:
- dependency-name: minimatch
dependency-version: 10.2.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-02 22:46:16 +13:00
Ralph Slooten
7bb330a07a
Chore: Use last release + git hash in Docker edge versions
2026-03-02 22:38:38 +13:00
Ralph Slooten
ffb3067680
Merge tag 'v1.29.2' into develop
...
Release v1.29.2
2026-02-25 12:28:48 +13:00
Ralph Slooten
dc3e7e701f
Merge branch 'release/v1.29.2'
2026-02-25 12:28:45 +13:00
Ralph Slooten
f1d0bcda90
Release v1.29.2
2026-02-25 12:28:44 +13:00
Ralph Slooten
4f651e4f14
Chore: Update caniemail test database
2026-02-25 12:10:33 +13:00
Ralph Slooten
c3819ca26d
Chore: Update node dependencies
2026-02-25 12:09:34 +13:00
Ralph Slooten
4febeb1acd
Chore: Update Go dependencies
2026-02-25 12:07:32 +13:00
Ralph Slooten
10ad4df8cc
Security: Prevent Server-Side Request Forgery (SSRF) via Link Check API ([GHSA-mpf7-p9x7-96r3]( https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3 ))
...
By default all internal HTTP requests are now blocked, unless mailpit is started with the `--allow-internal-http-requests` flag (env `MP_ALLOW_INTERNAL_HTTP_REQUESTS=true`).
2026-02-24 14:22:02 +13:00
Ralph Slooten
632113fcc5
Fix: Include 8BITMIME in SMTPD EHLO response ( #648 )
2026-02-24 11:25:19 +13:00
Ralph Slooten
08ed46fc46
Use const instead of let
2026-02-21 22:43:51 +13:00
Ralph Slooten
6927c2b73b
Chore: Upgrade eslint JavaScript linting
2026-02-21 22:43:34 +13:00
Matthew Spahr
ac81da5ae0
Fix: Update install instructions when setting INSTALL_PATH
2026-02-17 20:51:14 +13:00
Ralph Slooten
f1d55e4e39
Release v1.29.1
2026-02-13 20:57:09 +13:00
Ralph Slooten
b622252411
Merge tag 'v1.29.1' into develop
...
Release v1.29.1
2026-02-13 20:47:03 +13:00
Ralph Slooten
5527379475
Merge branch 'release/v1.29.1'
2026-02-13 20:46:59 +13:00
Ralph Slooten
1d87f1164e
Chore: Update node dependencies
2026-02-13 20:44:34 +13:00
