eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-27 22:46:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,825 Commits 2 Branches 191 Tags
e27d30bda7fd298f9fd4f8052c7360dcad2494c7
Commit Graph

1825 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ralph Slooten
e27d30bda7 Chore: Update Go dependencies 2026-05-14 16:37:56 +12:00
Ralph Slooten
cae0f638af Enhance sendmail functionality with message size limit and input validation 2026-05-14 16:36:27 +12:00
Ralph Slooten
786f263d32 Chore: Add message ingest max-message-size flag and refactor message handling 2026-05-14 16:24:58 +12:00
Ralph Slooten
8041eac509 Cleanup 2026-05-14 16:23:29 +12:00
Ralph Slooten
b7e4146dbf Chore: Add message dump max-message-size flag and refactor message handling 2026-05-14 16:23:21 +12:00
Ralph Slooten
5ec074208c Use httpClient for HTTP requests in loadIDs and saveMessages functions 2026-05-14 15:13:52 +12:00
Ralph Slooten
b82960928a Fix typo 2026-05-14 15:13:43 +12:00
Ralph Slooten
4ab532b9aa Security: Fix concurrent map read & write in proxy CSS rewriter (GHSA-w4vj-r5pg-3722) 2026-05-14 15:02:07 +12:00
Ralph Slooten
35079d182c Security: Fix for path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs (GHSA-qx5x-85p8-vg4j) 
This fix also adds HTTP data limits to prevent excessively large files being transmitted by an attacker-controlled server (fake Mailpit).
 2026-05-14 15:02:07 +12:00
Ralph Slooten
04c779994b Security: Block internal IP access by default in HTML check (GHSA-j3fj-qppj-fmmc) 
This addresses an incomplete fix for GHSA-6jxm-fv7w-rw5j which did not restrict access to internal IP addresses.
 2026-05-14 15:02:07 +12:00
Ralph Slooten
bcd1bc71ee Security: Include CGNAT (Carrier-Grade NAT) in internal IP checks (GHSA-j3fj-qppj-fmmc) 
CGNAT (Carrier-Grade NAT) is a technique used by ISPs to conserve IPv4 addresses. Instead of assigning a unique public IP to every customer, the ISP places many customers behind a shared NAT, then gives them all addresses from the reserved 100.64.0.0/10 range (RFC 6598) on their internal network.

This means traffic from multiple customers exits through a small pool of public IPs - a second layer of NAT on top of whatever NAT the customer's own router does (hence "double NAT").
 2026-05-14 15:01:36 +12:00
Ralph Slooten
136bdde953 Security: Set a default 50MB p/m limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes (GHSA-fpxj-m5q8-fphw) 
This is a configurable limit (in MB's) which can optionally be disabled by setting it to 0.
 2026-05-12 17:22:00 +12:00
Ralph Slooten
499a543963 Feature: New loading indicator, reduce flash during message transitions (#682) 2026-05-12 15:27:12 +12:00
Ralph Slooten
8b4c9d1267 Update AppAbout.vue: Enhance version notification display for stable and development builds 2026-05-10 10:41:38 +12:00
Ralph Slooten
1cabac31ad Update README.md: Adjust email processing rates and clarify email pruning methods 2026-05-10 10:24:29 +12:00
Ralph Slooten
da7b82378c Build: Tag Docker edge build with next patch versions 2026-05-09 17:55:03 +12:00
Ralph Slooten
0702241fa5 Fix test expectations and handle Strip function return values in html2text tests 2026-05-09 17:26:15 +12:00
Ralph Slooten
8d72191704 Prevent duplicate extraction calls in the extract function 2026-05-09 17:22:51 +12:00
Ralph Slooten
052afdf929 Rename variable for clarity in extract function 2026-05-09 17:22:07 +12:00
Ralph Slooten
c1fbbffded Refactor html2text.Strip to return an error and handle it in storage and tools packages 2026-05-09 17:21:36 +12:00
Ralph Slooten
6e2c42d2bc Improve error handling in autoForwardMessage and ensure proper client closure in createForwardingSMTPClient 2026-05-09 17:16:52 +12:00
Ralph Slooten
da8eb3ece8 Fix: Validate SMTP XCLIENT args before processing 2026-05-09 17:13:22 +12:00
Ralph Slooten
4502cdc358 Handle error in writePump when sending ping messages 2026-05-09 17:06:14 +12:00
Ralph Slooten
fbb63c89dd Chore: Simplify writePump by using WriteMessage and remove unnecessary newline handling 2026-05-09 17:05:22 +12:00
Ralph Slooten
71bd44bbb5 Chore: Ensure websocket connection is closed on client unregistration 2026-05-09 17:02:48 +12:00
Ralph Slooten
b997fff7eb Chore: Refactor Hub to use atomic clientCount for safe concurrent client tracking 2026-05-09 17:01:47 +12:00
Ralph Slooten
034a480a39 Chore: Refactor addMessageTag function to remove mutex and ensure safe concurrent inserts 2026-05-09 16:48:05 +12:00
Ralph Slooten
f575b53854 Chore: Refactor pruneMessages function to eliminate duplicate ID checks using a map 2026-05-09 16:43:40 +12:00
Ralph Slooten
d469aac87c Chore: Optimize MarkRead and MarkUnread functions to reduce database calls and improve performance 2026-05-09 16:40:27 +12:00
Ralph Slooten
e4c3442e39 Chore: Enhance SetMessageTags function to improve tag handling and batch deletions 2026-05-09 16:35:21 +12:00
Ralph Slooten
f11fc1ffe0 Chore: Optimize tag retrieval by batching message IDs in List and Search functions 2026-05-09 16:27:58 +12:00
Ralph Slooten
40c5936f79 Chore: Refactor MarkRead and MarkUnread functions to only broadcast changes of modified messages 2026-05-09 16:13:05 +12:00
Ralph Slooten
8bc966e618 Chore: Refactor Prometheus metrics implementation and remove unused dependencies 2026-05-06 16:28:43 +12:00
Ralph Slooten
ec2a0851ab Build: Update CI actions to use npm ci 2026-05-06 15:41:01 +12:00
Ralph Slooten
4bdbeebcc0 Chore: Bump axios version to v1.16.0 2026-05-06 15:34:49 +12:00
Ralph Slooten
10430f7dce Chore: Improve iframe height adjustment with optional chaining 2026-05-05 17:41:17 +12:00
Ralph Slooten
878c68bb49 Chore: Replace lithammer/shortuuid with custom shortuuid implementation and update tests 2026-05-05 17:09:55 +12:00
Ralph Slooten
86b0cf8557 Chore: Remove go-telnet dependency and implement TCP/Unix socket handling for SMTP 2026-05-05 16:48:33 +12:00
Ralph Slooten
123ec9a354 Chore: Remove logrus dependency and implement slog-based logging 2026-05-05 16:48:33 +12:00
Ralph Slooten
3b2423bdf1 Chore: Remove gorilla/mux dependency and replace with stdlib routing 2026-05-05 16:47:51 +12:00
Ralph Slooten
f0777c7e63 Release v1.29.7 2026-04-16 17:56:00 +12:00
Ralph Slooten
91a4b81c80 Chore: Update node dependencies 2026-04-16 17:26:57 +12:00
Ralph Slooten
943e3394f9 Chore: Update Go dependencies 2026-04-16 17:24:20 +12:00
Ralph Slooten
e84027d39e Change dependabot frequency to biannually 2026-04-16 17:16:24 +12:00
Ralph Slooten
fe9c34f828 Chore: Bump axios version to 1.15.0 2026-04-13 08:18:52 +12:00
Ralph Slooten
9ba51d0ab2 Chore: Bump vue-router from 4.6.4 to 5.0.4 2026-04-05 22:24:51 +12:00
Ralph Slooten
c4dbdc79b0 Rename task 2026-04-05 22:06:50 +12:00
Ralph Slooten
f7fdbb9df9 Merge tag 'v1.29.6' into develop 
Release v1.29.6
 2026-04-05 22:00:36 +12:00
Ralph Slooten
78d4503a9e Merge branch 'release/v1.29.6' v1.29.6 2026-04-05 22:00:33 +12:00
Ralph Slooten
f9b723aab5 Release v1.29.6 2026-04-05 22:00:32 +12:00