eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-28 06:56:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,765 Commits 2 Branches 191 Tags
294faa4f10ebd0f11c6ec6ae00fb4b888c574d7a
Commit Graph

1765 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ralph Slooten
294faa4f10 Merge branch 'release/v1.29.5' v1.29.5 2026-03-29 17:47:11 +13:00
Ralph Slooten
25b9ebd90e Release v1.29.5 2026-03-29 17:47:10 +13:00
Ralph Slooten
87472746a9 Chore: Update node dependencies 2026-03-29 17:41:37 +13:00
Ralph Slooten
9dd1e99f52 Fixes for eslint validation 2026-03-29 17:40:43 +13:00
Ralph Slooten
fcca56625f Chore: Update Go dependencies 2026-03-29 17:38:59 +13:00
Ralph Slooten
3a4c7766e9 Feature: Add option to disable auto-VACUUMing of the SQLite database (#661) 2026-03-29 17:29:02 +13:00
Ralph Slooten
dc9b8d54b7 Security: Add sandbox attribute to message iframe for extra later of security (already protected via CSP headers) 
Note that this does not provide any additional security as such as the CSP headers do this, however it is another barrier when it comes to bypass attempts.
 2026-03-28 08:01:51 +13:00
Ralph Slooten
b8cc1bc415 Fix typo 2026-03-26 07:47:20 +13:00
Ralph Slooten
0fee30d3df Enhance install script: Improve help output, error messages, and user feedback 2026-03-22 18:35:48 +13:00
Ralph Slooten
1200ad0506 Merge tag 'v1.29.4' into develop 
Release v1.29.4
 2026-03-22 17:56:59 +13:00
Ralph Slooten
c12c6458a3 Merge branch 'release/v1.29.4' v1.29.4 2026-03-22 17:56:53 +13:00
Ralph Slooten
16f0c1416d Release v1.29.4 2026-03-22 17:56:53 +13:00
Ralph Slooten
0e3441aba9 Chore: Update node dependencies 2026-03-22 17:52:31 +13:00
Ralph Slooten
2dc2145db7 Chore: Update Go dependencies 2026-03-22 17:48:59 +13:00
Ralph Slooten
9c2359eee5 Feature: Add filter functionality to message headers tab 
This implementation is based on, and resolves, #626
 2026-03-22 17:40:54 +13:00
Ralph Slooten
7b22d6a5f9 Fix: Refactor webhook delay & rate limit logic to ignore endpoint response times & prevent hardcoded 1000 message limit when set to 0 (#656) 2026-03-16 22:29:45 +13:00
Ralph Slooten
fcd964501a Merge tag 'v1.29.3' into develop 
Release v1.29.3
 2026-03-10 15:29:51 +13:00
Ralph Slooten
3a222dd147 Merge branch 'release/v1.29.3' v1.29.3 2026-03-10 15:29:47 +13:00
Ralph Slooten
857cf78984 Release v1.29.3 2026-03-10 15:29:45 +13:00
Ralph Slooten
6802e24e55 Chore: Update node dependencies 2026-03-10 15:21:02 +13:00
Ralph Slooten
deaab34cdd Chore: Update Go dependencies 2026-03-10 15:18:59 +13:00
Ralph Slooten
ee9863289a Chore: Refactor timezone handling in searchQueryBuilder 2026-03-10 12:07:52 +13:00
Ralph Slooten
70037e96f4 Chore: Update Content-Disposition header to use inline display and escape filename 2026-03-10 12:03:35 +13:00
Ralph Slooten
fc0b016549 Chore: Improve transaction handling in pruneMessages and fix loop continuation in InitDB 2026-03-10 11:53:36 +13:00
Ralph Slooten
140633718c Chore: Limit subject length to 100 characters in browser notifications 2026-03-10 11:31:21 +13:00
Ralph Slooten
f40911c580 Security: Escape ContentID in HTML replacement to prevent regex injection 2026-03-10 11:27:47 +13:00
Ralph Slooten
3073ef9afe Chore: Replace localStorage retrieval with a dedicated function for default release addresses 2026-03-10 11:20:33 +13:00
Ralph Slooten
804d49b7ca Chore: Set margin & padding to HTML screenshot to prevent transparent top/left border 2026-03-10 11:09:28 +13:00
Ralph Slooten
7d29dff5e7 Security: Enhance HTML sanitization in screenshot generation 2026-03-10 10:24:40 +13:00
Ralph Slooten
bc8a737d4f Chore: Simplify HTML decoding function in screenshot generation using DOMParser 2026-03-10 10:04:47 +13:00
Ralph Slooten
b99be839a0 Security: Enhance HTML sanitization in message view 2026-03-10 10:02:10 +13:00
Ralph Slooten
c1db706677 Update inline TLS verification docs for healthcheck and link checks 2026-03-09 12:44:39 +13:00
Ralph Slooten
ab3fc5ead7 Chore: Use local hostname for EHLO/HELO in SMTP communication 2026-03-09 12:38:34 +13:00
Ralph Slooten
a72d42c8d4 Chore: Set timeout for HTTP client in webhook Send function 2026-03-09 12:34:50 +13:00
Ralph Slooten
f8052e1d56 Security: Limit proxy requests to 50MB to prevent OOM attacks 2026-03-09 12:31:17 +13:00
Ralph Slooten
267bf8b639 Security: Enhance CORS origin handling to respect host:port distinctions 2026-03-09 12:30:56 +13:00
Ralph Slooten
51e327f259 Fix: Update SQL query to use tenant when using is:tagged filter 2026-03-09 11:37:40 +13:00
Ralph Slooten
bb6bdf629d Chore: Refactor events websocket middleware 2026-03-09 11:20:45 +13:00
Ralph Slooten
a0a4ebb943 Chore: Refactor API send authentication logic 2026-03-09 11:08:19 +13:00
Ville Skyttä
ba00ea5a21 Chore: Switch to math/rand/v2 
Insignificant as in tests only, but there's no particular reason not to.
 2026-03-07 22:54:04 +13:00
Ville Skyttä
2afc52c6fe Chore: Refactor code with go fix 
Done with `go fix ./...` using go 1.26.0.
 2026-03-03 16:03:28 +13:00
dependabot[bot]
5e9c522402 Chore: Bump minimatch from 10.2.2 to 10.2.4 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 10.2.2 to 10.2.4.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.2...v10.2.4)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 10.2.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-02 22:46:16 +13:00
Ralph Slooten
7bb330a07a Chore: Use last release + git hash in Docker edge versions 2026-03-02 22:38:38 +13:00
Ralph Slooten
ffb3067680 Merge tag 'v1.29.2' into develop 
Release v1.29.2
 2026-02-25 12:28:48 +13:00
Ralph Slooten
dc3e7e701f Merge branch 'release/v1.29.2' v1.29.2 2026-02-25 12:28:45 +13:00
Ralph Slooten
f1d0bcda90 Release v1.29.2 2026-02-25 12:28:44 +13:00
Ralph Slooten
4f651e4f14 Chore: Update caniemail test database 2026-02-25 12:10:33 +13:00
Ralph Slooten
c3819ca26d Chore: Update node dependencies 2026-02-25 12:09:34 +13:00
Ralph Slooten
4febeb1acd Chore: Update Go dependencies 2026-02-25 12:07:32 +13:00
Ralph Slooten
10ad4df8cc Security: Prevent Server-Side Request Forgery (SSRF) via Link Check API ([GHSA-mpf7-p9x7-96r3](https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3)) 
By default all internal HTTP requests are now blocked, unless mailpit is started with the `--allow-internal-http-requests` flag (env  `MP_ALLOW_INTERNAL_HTTP_REQUESTS=true`).
 2026-02-24 14:22:02 +13:00