Ralph Slooten 10ad4df8cc Security: Prevent Server-Side Request Forgery (SSRF) via Link Check API ([GHSA-mpf7-p9x7-96r3](https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3)) ...

By default all internal HTTP requests are now blocked, unless mailpit is started with the `--allow-internal-http-requests` flag (env  `MP_ALLOW_INTERNAL_HTTP_REQUESTS=true`).

2026-02-24 14:22:02 +13:00

..

argsparser.go

Chore: Move utils/* packages to internal/*

2023-09-25 19:29:02 +13:00

fs.go

Chore: Refactor error handling and resource management across multiple files (golangci-lint)

2025-06-22 15:25:21 +12:00

headers.go

Chore: Minor speed & memory improvements when storing messages

2025-03-01 22:51:21 +13:00

html.go

Feature: Add optional query parameter for HTML message iframe embedding (#434)

2025-02-05 15:25:15 +13:00

listunsubscribeparser.go

Chore: Refactor error handling and resource management across multiple files (golangci-lint)

2025-06-22 15:25:21 +12:00

net.go

Security: Prevent Server-Side Request Forgery (SSRF) via Link Check API ([GHSA-mpf7-p9x7-96r3](https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3))

2026-02-24 14:22:02 +13:00

snippets.go

Fix: Prevent splitting multi-byte characters in message snippets (#404)

2024-12-10 18:12:35 +13:00

tags.go

Chore: Allow @ character in message tags & set max length to 100 characters per tag

2026-01-17 11:12:45 +13:00

tools_test.go

Test: Update tag tests with length limits and @ character

2026-01-17 11:22:19 +13:00

unixsocket.go

Feature: Experimental Unix socket support for HTTPD & SMTPD (#373)

2024-10-24 23:12:34 +13:00

utils.go

Security: Prevent integer overflow conversion to uint64

2025-07-25 20:33:27 +12:00