eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-28 15:06:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,759 Commits 2 Branches 191 Tags
dc9b8d54b7cef497c58ddac11ebf7fd23d659b16
Commit Graph

51 Commits

Author SHA1 Message Date
Ralph Slooten
dc9b8d54b7 Security: Add sandbox attribute to message iframe for extra later of security (already protected via CSP headers) 
Note that this does not provide any additional security as such as the CSP headers do this, however it is another barrier when it comes to bypass attempts.
 2026-03-28 08:01:51 +13:00
Ralph Slooten
9c2359eee5 Feature: Add filter functionality to message headers tab 
This implementation is based on, and resolves, #626
 2026-03-22 17:40:54 +13:00
Ralph Slooten
804d49b7ca Chore: Set margin & padding to HTML screenshot to prevent transparent top/left border 2026-03-10 11:09:28 +13:00
Ralph Slooten
7d29dff5e7 Security: Enhance HTML sanitization in screenshot generation 2026-03-10 10:24:40 +13:00
Ralph Slooten
bc8a737d4f Chore: Simplify HTML decoding function in screenshot generation using DOMParser 2026-03-10 10:04:47 +13:00
Ralph Slooten
b99be839a0 Security: Enhance HTML sanitization in message view 2026-03-10 10:02:10 +13:00
Ralph Slooten
e6fd638067 Detect if copy to clipboard is supported 2026-02-01 16:09:49 +13:00
Ralph Slooten
9b4ec97483 Minor UI tweaks 2026-02-01 15:44:13 +13:00
Ralph Slooten
dd74d46880 Feature: Option to display/hide attachment information in message view in web UI including checksums, content type & disposition 
Resolves #625
 2026-02-01 15:34:06 +13:00
Ralph Slooten
7cda4a36f1 Chore: Allow @ character in message tags & set max length to 100 characters per tag 2026-01-17 11:12:45 +13:00
Ralph Slooten
f0160c0e29 Feature: Allow default mail addresses to be set when releasing message (#594) 2026-01-08 16:03:35 +13:00
Ralph Slooten
3b9b470c09 Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr) 
This fix prevents unrestricted network probing via the screenshot proxy by limiting requests to images, fonts and CSS links found within a message, and returns a generic HTTP error to the client when unsupported content types are requested, not found, or otherwise disallowed.

See CWE-918 Server-Side Request Forgery (SSRF)
 2026-01-06 15:33:50 +13:00
Ralph Slooten
cce21854b9 Chore: Refactor JS functions and remove unused parameters 2025-07-24 17:27:11 +12:00
Ralph Slooten
75504c7bba Fix: Support angle brackets for text/plain URLs with spaces (#535) 2025-07-18 23:43:05 +12:00
Ralph Slooten
2d1fb7cf14 Chore: Allow unknown href link protocols in HTML view such as myapp:// (#532) 2025-07-01 08:01:09 +12:00
Ralph Slooten
3fff79e29f Chore: Apply linting to all JavaScript/Vue files with eslint & prettier 2025-06-20 23:26:06 +12:00
Ralph Slooten
4b5ce0afed Feature: Store username with messages, auto-tag, and UI display (#521) 2025-06-18 16:41:04 +12:00
Ralph Slooten
fed20de522 Feature: Add relay config to preserve (keep) original Message-IDs when relaying messages (#515) 2025-06-07 11:38:25 +12:00
Ralph Slooten
a1c2690c44 Use text-muted instead of text-secondary 2025-05-18 10:31:39 +12:00
Ralph Slooten
9a1f3a6bb5 Chore: Replace PrismJS with highlight.js for HTML syntax highlighting 2025-03-05 17:14:06 +13:00
Ralph Slooten
e2fab49873 Update relay modal wording 2025-01-26 09:48:05 +13:00
Ralph Slooten
a95bc3d29f Feature: Option to override the From email address in SMTP relay configuration (#414) 2025-01-26 00:22:57 +13:00
Ralph Slooten
f08a959545 Bugfix: Fix external CSS stylesheet loading in HTML preview (#388) 2024-11-17 17:49:15 +13:00
Ralph Slooten
1afd138cc5 Chore: Minor UI tweaks 2024-11-16 15:21:45 +13:00
Ralph Slooten
47c6062b1c Chore: Separate attachments and inline images in download nav and badges (#379) 2024-10-26 23:14:55 +13:00
Ralph Slooten
54a72e8e1e Chore: Improve link detection in the HTML preview 2024-09-05 17:46:02 +12:00
Ralph Slooten
dc1a16ed5c Chore: Upgrade vue-css-donut-chart & related charts 2024-09-01 22:08:18 +12:00
Ralph Slooten
81e98d1376 Various UI tweaks 2024-08-06 17:38:42 +12:00
Ralph Slooten
6baf13b25b Fix: Prevent potential JavaScript errors caused by race condition 2024-08-04 17:10:28 +12:00
Ralph Slooten
a1cb0af639 Feature(UI): List messages in side nav when viewing message for easy navigation (#336) 2024-08-04 17:04:14 +12:00
Ralph Slooten
a078c318e8 Fix(Security): Prevent bypass of Contend Security Policy using stored XSS, and sanitize preview HTML data (DOMPurify) 
This closes a security hole whereby a bad actor with SMTP access can bypass the CSP headers with a series of specially crafted HTML messages. A special thanks to @bmodotdev for responsibly disclosing the vulnerability and proving information and an initial fix.
 2024-07-26 22:02:14 +12:00
Ralph Slooten
6947c2a621 Feature: Add optional relay recipient blocklist (#333) 2024-07-14 15:04:36 +12:00
Ralph Slooten
33e367d706 Chore: Refactor JavaScript, use arrow functions instead of "self" aliasing 2024-06-22 13:27:00 +12:00
Ralph Slooten
ed4618a1f3 Feature: iCalendar (ICS) viewer (#298) 2024-05-18 23:42:06 +12:00
Ralph Slooten
c81ea54c87 Remove redundant references to beta testing 2024-05-05 15:50:56 +12:00
Ralph Slooten
f424856685 Chore: JSON key case-consistency for posted API data (backwards-compatible) 2024-05-04 11:05:07 +12:00
Ralph Slooten
845fe840d4 Chore: Move Link check & HTML check features out of beta 2024-04-13 00:29:23 +12:00
Ralph Slooten
faded05e47 Feature: Add UI settings screen 2024-04-13 00:25:04 +12:00
Ralph Slooten
94b4618420 Fix: Prevent conditional JS error when global mailbox tag list is modified via auto/plus-address tagging while viewing a message 2024-04-05 16:48:27 +13:00
Ralph Slooten
a324d817b3 Feature: Allow setting SMTP relay configuration values via environment variables (#262) 2024-03-12 17:10:13 +13:00
Ralph Slooten
23b1261cf9 Chore: Tag names now allow . and must be a minimum of 1 character 2024-03-02 22:51:30 +13:00
Ralph Slooten
0261f87faf Remove unused imports 2024-01-20 23:06:02 +13:00
Ralph Slooten
98a15e5918 Feature: Display List-Unsubscribe & List-Unsubscribe-Post header info with syntax validation (#236) 2024-01-20 23:05:28 +13:00
Ralph Slooten
128796d4ca Fix: Display multiple whitespace characters in message subject & recipient names (#238) 2024-01-20 12:29:28 +13:00
Ralph Slooten
9cda71f21a Feature: Add optional SpamAssassin integration to display scores (#233) 2024-01-20 12:07:49 +13:00
Ralph Slooten
d013158ac3 Fix: Prevent JavaScript error if message is missing From header (#209) 2023-11-19 15:09:54 +13:00
Ralph Slooten
4e2d4d6365 Fix: HTML message preview background color when switching themes in Chrome 
Fixes  #182
 2023-10-05 17:38:26 +13:00
Ralph Slooten
e902806ea2 UI: Add option to delete a message after release 
See #169
 2023-09-28 16:05:44 +13:00
Ralph Slooten
f54a2187ac UI: Link email addresses in message summary to search 2023-09-23 11:48:06 +12:00
Ralph Slooten
063eab2c6a UI: Better support for mobile screen sizes 2023-09-23 09:31:02 +12:00