eric/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-06-27 22:46:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7cda4a36f1ff8993587697ae1decff4bfb9802b7
mailpit/server/handlers
History
Ralph Slooten 3b9b470c09 Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr) 
This fix prevents unrestricted network probing via the screenshot proxy by limiting requests to images, fonts and CSS links found within a message, and returns a generic HTTP error to the client when unsupported content types are requested, not found, or otherwise disallowed.

See CWE-918 Server-Side Request Forgery (SSRF)
2026-01-06 15:33:50 +13:00
..
k8healthz.go
Fix docblock comment
2023-09-06 16:14:54 +12:00
k8sready.go
Feature: Add readyz subcommand for Docker healthcheck (#270)
2024-03-31 00:06:25 +13:00
messages.go
Chore: Refactor error handling and resource management across multiple files (golangci-lint)
2025-06-22 15:25:21 +12:00
proxy.go
Security: Restrict screenshot proxy to only support asset links contained in messages [CVE-2026-21859](https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr)
2026-01-06 15:33:50 +13:00