mailpit

mirror of https://github.com/axllent/mailpit.git synced 2026-06-28 06:56:06 +00:00

Files

Ralph Slooten 3b9b470c09 Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr )

This fix prevents unrestricted network probing via the screenshot proxy by limiting requests to images, fonts and CSS links found within a message, and returns a generic HTTP error to the client when unsupported content types are requested, not found, or otherwise disallowed.

See CWE-918 Server-Side Request Forgery (SSRF)

2026-01-06 15:33:50 +13:00

message

Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr )

2026-01-06 15:33:50 +13:00

AjaxLoader.vue

Chore: Apply linting to all JavaScript/Vue files with eslint & prettier

2025-06-20 23:26:06 +12:00

AppAbout.vue

Chore: Apply linting to all JavaScript/Vue files with eslint & prettier

2025-06-20 23:26:06 +12:00

AppBadge.vue

Chore: Apply linting to all JavaScript/Vue files with eslint & prettier