eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-28 06:56:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,736 Commits 2 Branches 191 Tags
bc8a737d4f64b7fdebdeabbcb5939d443206b2e8
Commit Graph

3 Commits

Author SHA1 Message Date
Ralph Slooten
bc8a737d4f Chore: Simplify HTML decoding function in screenshot generation using DOMParser 2026-03-10 10:04:47 +13:00
Ralph Slooten
3b9b470c09 Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr) 
This fix prevents unrestricted network probing via the screenshot proxy by limiting requests to images, fonts and CSS links found within a message, and returns a generic HTTP error to the client when unsupported content types are requested, not found, or otherwise disallowed.

See CWE-918 Server-Side Request Forgery (SSRF)
 2026-01-06 15:33:50 +13:00
Ralph Slooten
3fff79e29f Chore: Apply linting to all JavaScript/Vue files with eslint & prettier 2025-06-20 23:26:06 +12:00