Ralph Slooten
e735904167
Chore: Update node dependencies
2026-02-01 15:40:59 +13:00
Ralph Slooten
94113222cc
Chore: Update Go dependencies
2026-02-01 15:37:40 +13:00
Ralph Slooten
5414695508
Test: Add message summary attachment checksum tests
2026-02-01 15:34:06 +13:00
Ralph Slooten
dd74d46880
Feature: Option to display/hide attachment information in message view in web UI including checksums, content type & disposition
...
Resolves #625
2026-02-01 15:34:06 +13:00
Ralph Slooten
0bfbb4cc5f
Feature: Include message attachment checksums (MD5, SHA1 & SHA254) in API message summary
2026-02-01 15:34:05 +13:00
Ralph Slooten
38c0c4fd47
Update webhook delay flag description
2026-02-01 15:34:05 +13:00
Roman Urbanovich
9391b075d0
Chore: Add support for webhook delay ( #627 )
2026-02-01 15:33:54 +13:00
Ralph Slooten
a87b2a9455
Update API CORS flag description
2026-02-01 15:33:53 +13:00
Ralph Slooten
8d18618e4a
Test: Add CORS tests
2026-02-01 15:33:53 +13:00
Ralph Slooten
a63bcd9bd3
Chore: Add support for multi-origin CORS settings and apply to events websocket ( #630 )
2026-02-01 15:33:53 +13:00
Ralph Slooten
ff47ba96b8
Release v1.28.4
2026-01-25 10:07:35 +13:00
Ralph Slooten
b9f36312d7
Fix: Avoid error on image type assertion in thumbnail generation
...
Use imaging.Clone to ensure the image is always *image.NRGBA, preventing panics when decoding non-NRGBA images (e.g., JPEGs as *image.YCbCr).
2026-01-25 10:05:39 +13:00
Ralph Slooten
291c449591
Chore: Update node dependencies
2026-01-25 10:05:38 +13:00
Ralph Slooten
d7a4a60536
Chore: Update Go dependencies
2026-01-25 10:05:38 +13:00
Ralph Slooten
464ff68c34
Fix: Prevent nested MAIL command during an active SMTP transaction ( #623 )
2026-01-25 10:05:28 +13:00
Ralph Slooten
9383c5876b
Fix: Ensure SMTP HELO/EHLO command is issued before MAIL FROM as per RFC 5321 ( #621 )
2026-01-23 17:27:13 +13:00
Ralph Slooten
a3616e52d9
Chore: Increase allowed SMTP email address length to 1024 chars & return clearer SMTP responses for failures ( #620 )
...
This goes against the RFC5321 recommendation, however enforcing the recommended limits is clearly causing issues with users, and it appears no investigated SMTP servers enforce the strict limits either.
2026-01-23 16:46:29 +13:00
Ralph Slooten
980e54c21f
Merge tag 'v1.28.3' into develop
...
Release v1.28.3
2026-01-18 21:36:02 +13:00
Ralph Slooten
eac491cd89
Merge branch 'release/v1.28.3'
2026-01-18 21:35:55 +13:00
Ralph Slooten
12076bca72
Release v1.28.3
2026-01-18 21:35:54 +13:00
Ralph Slooten
028ca1d715
Chore: Update node dependencies
2026-01-18 12:24:54 +13:00
Ralph Slooten
7d7ba88e9c
Chore: Update Go dependencies
2026-01-18 12:22:46 +13:00
Ralph Slooten
973fc1f975
Merge branch 'feature/GHSA-6jxm-fv7w-rw5j' into develop
2026-01-18 12:00:09 +13:00
Ralph Slooten
1679a0aba5
Security: Prevent Server-Side Request Forgery (SSRF) via HTML Check API ([GHSA-6jxm-fv7w-rw5j]( https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j ))
2026-01-18 11:58:24 +13:00
Ralph Slooten
4a4c149eed
Formatting
2026-01-18 11:57:23 +13:00
Ralph Slooten
c01335f0e3
Merge branch 'feature/GHSA-54wq-72mp-cq7c' into develop
2026-01-18 11:53:11 +13:00
Ralph Slooten
181cb0714a
Test: Add maximum email length validation tests - RFC5321 (section 4.5.3.1)
2026-01-18 11:51:23 +13:00
Ralph Slooten
00d52d5931
Fix: Validate maximum lengths of email addresses - RFC5321 (section 4.5.3.1)
2026-01-18 11:51:23 +13:00
Ralph Slooten
050da038af
Test: Add SMTP tests for address compliancy (RFC 5322) and header injection
2026-01-18 11:51:23 +13:00
Ralph Slooten
36cc06c125
Security: Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection ([GHSA-54wq-72mp-cq7c]( https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c ))
2026-01-18 11:50:33 +13:00
Ralph Slooten
2734efbc66
Test: Update tag tests with length limits and @ character
2026-01-17 11:22:19 +13:00
Ralph Slooten
7cda4a36f1
Chore: Allow @ character in message tags & set max length to 100 characters per tag
2026-01-17 11:12:45 +13:00
Ralph Slooten
45b3676e52
Fix: Auto-tagging using SMTP username using plain auth ( #617 )
2026-01-16 13:50:15 +13:00
BTC-Tim
d50347d667
Fix: Correctly detect macOS group in install.sh ( #619 )
2026-01-16 10:12:11 +13:00
Omar Kurt
c035139b54
Chore: Fix formatting and update reporting instructions in SECURITY.md ( #614 )
2026-01-11 10:24:58 +13:00
Ralph Slooten
3108d82e06
Fix: Correctly render default addresses in release modal after settings change ( #594 )
2026-01-10 22:19:18 +13:00
Ralph Slooten
648d5863da
Merge tag 'v1.28.2' into develop
...
Release v1.28.2
2026-01-10 16:16:14 +13:00
Ralph Slooten
585ea1dc30
Merge branch 'release/v1.28.2'
2026-01-10 16:16:06 +13:00
Ralph Slooten
c66a06379a
Release v1.28.2
2026-01-10 16:16:05 +13:00
Ralph Slooten
c5c9292863
More reliable handling for default release email editing
2026-01-10 15:56:19 +13:00
Ralph Slooten
6f1f4f34c9
Security: Prevent Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to message data [CVE-2026-22689]( https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm )
2026-01-10 15:42:14 +13:00
Ralph Slooten
877a9159ce
Delay bootstrap-tags init until after render
2026-01-08 16:23:24 +13:00
Ralph Slooten
c4582889ad
Update default release address wording
2026-01-08 16:20:00 +13:00
Ralph Slooten
cd1cf695b9
Merge branch 'feature/default-release-address' into develop
2026-01-08 16:04:23 +13:00
Ralph Slooten
392904fd23
Chore: Avoid empty URL query parameter when returning to inbox from message view
2026-01-08 16:03:35 +13:00
Ralph Slooten
f0160c0e29
Feature: Allow default mail addresses to be set when releasing message ( #594 )
2026-01-08 16:03:35 +13:00
Ralph Slooten
f9024d1f77
Chore: Remove webkit warnings about missing template / render functions
2026-01-08 16:03:34 +13:00
Ralph Slooten
061f159293
Merge tag 'v1.28.1' into develop
...
Release v1.28.1
2026-01-06 15:38:14 +13:00
Ralph Slooten
e69a0d75c9
Merge branch 'release/v1.28.1'
2026-01-06 15:38:11 +13:00
Ralph Slooten
0847167694
Release v1.28.1
2026-01-06 15:38:11 +13:00
