Raven MDA v0.5.0
Raven v0.5.0 Release Notes
Release Date: February 21, 2026
We're thrilled to announce Raven v0.5.0, a significant release focused on MIME handling improvements, containerization enhancements, security hardening, and comprehensive test coverage. This release brings major improvements to email parsing, especially for complex multipart messages with inline images and attachments.
🚀 Major Features
Advanced MIME Message Parser & Reconstruction
- DFS-Based MIME Tree Reconstruction (#206): Completely redesigned MIME message reconstruction using Depth-First Search algorithm
- Improved handling of complex multipart structures (multipart/mixed, multipart/related, multipart/alternative)
- Dynamic multipart type detection for accurate message reconstruction
- Proper ordering of HTML parts before inline resources in multipart/related
- Better handling of inline images and embedded resources
- Multipart/Related Enhancements (#209):
- Preserved original part order for better email client compatibility
- Enhanced debug logging for easier troubleshooting
- Optimized parsing logic with reduced code complexity (226 lines removed)
- Parser Improvements:
- Replaced deprecated
strings.Titlewith manual capitalization - Improved
ParseMessagefunction for better readability - Enhanced S3 storage integration in message reconstruction
- Replaced deprecated
Key Benefits:
- Correctly handles emails with multiple inline images
- Maintains proper structure for HTML emails with embedded resources
- Improved compatibility with various email clients
- Better preservation of original message intent
Docker & Deployment Enhancements
- Multi-Service Docker Images (#215): Created separate Docker images for each service
- Individual images for IMAP, LMTP, and SASL services
- Combined multi-service image for simplified deployment
- Service-specific entrypoint scripts (
entrypoint-imap.sh,entrypoint-lmtp.sh,entrypoint-sasl.sh) - Enhanced main entrypoint script with better service startup logic
- Build System Improvements:
- New Makefile targets for individual service builds
- Automated version extraction from git tags
- Comprehensive
.dockerignorefor optimized build context - Updated GitHub Actions workflow for multi-image releases
Deployment Options:
- Single-service deployments for microservice architectures
- All-in-one image for simplified setups
- Better resource allocation per service
- Improved container orchestration support
Consolidated Build Process
- Streamlined Dockerfile (#203): Simplified build commands and reduced image layers
- Unified Entrypoint: Single entrypoint script supporting all service modes
- Improved Build Efficiency: Faster builds with better caching
🧪 Testing & Quality Improvements
Comprehensive S3 Storage Testing
- S3 Unit Tests (#216): Added extensive test suite for S3 blob storage
- Mock implementations for S3 client and blob storage interfaces
- Tests for
NewS3BlobStorage,Store,Retrieve,Delete, andExistsoperations - Network error and transient failure handling tests
- Validation of 30-second presigned URL timeouts
- 581 new lines of test coverage
- Test Infrastructure:
- Integrated S3 tests into GitHub Actions workflow
- Updated Makefile with S3-specific test targets
- Fixed recursive wildcard issues in file paths
Enhanced MIME Parser Testing
- Comprehensive Parser Tests: Added 622+ lines of new test cases
- Multipart/related message reconstruction tests
- Multiple inline image handling tests
- HTML part prioritization verification
- Complex multipart structure validation
- Inline image and resource handling tests
🔒 Security & Code Quality
Security Hardening
- Log Injection Prevention: Sanitized log outputs to prevent injection vulnerabilities
- Applied proper input sanitization across LMTP, SASL, and auth modules
- Used gosec
#nosec G706annotations for validated sanitized inputs
- SSRF Protection: Corrected security annotations for HTTP client operations
- Applied gosec
#nosec G704for URL-from-validated-config scenarios - Ensured all HTTP client.Do() calls use configuration-validated URLs
- Applied gosec
- Linter Compliance:
- Go version format updates in linters workflow
- Zero gosec issues in local scans
- Proper security rule ID usage (G704 for SSRF, G706 for log injection)
Code Cleanup
- Password Initialization Removal (#230): Simplified authentication flow
- Removed
password_initializedfield from database schema - Streamlined user creation and authentication logic
- Reduced code complexity by 71 lines across 6 files
- Cleaned up test helpers and database initialization
- Removed
🔧 Technical Improvements
Database Operations
- S3 Integration: Updated all message storage operations to use
StoreMessagePerUserWithSharedDBAndS3 - Improved Error Handling: Better error messages in database operations
- Code Consistency: Unified storage function calls across the codebase
Message Handling
- Fetch Enhancements: Improved message fetching with better debug logging (42 new lines)
- Parser Refactoring: Removed unused
writeMultipartRelatedfunction - Type Safety: Better type handling in multipart subtype capitalization
Build & CI/CD
- GitHub Actions: Enhanced release workflow for multi-image publishing
- Makefile Enhancements: 101+ new lines of build targets and automation
- Version Management: Automated version extraction from git tags
🐛 Bug Fixes
- #200: Fixed MIME part parsing issues with complex multipart structures
- #230: Removed unnecessary password_initialized logic causing authentication complexity
- Gosec Annotations: Corrected security tool annotations (G107→G704, G115→G706)
- Multipart Ordering: Fixed HTML part ordering in multipart/related messages
- S3 Storage: Resolved transient network error handling in S3 operations
- Build Issues: Fixed recursive wildcard issues in Makefile file paths
📚 Documentation Updates
- Security Policy (#202): Updated security support table with latest version information
- Release Workflow: Enhanced documentation for Docker image builds
- Code Comments: Improved inline documentation in parser and storage modules
- Test Documentation: Better test case descriptions and validation criteria
🔄 Migration Notes
Breaking Changes
- Password Field: The
password_initializedfield has been removed from the database schema- Users upgrading should run database migrations (if any)
- No impact on existing authentication flows
Docker Changes
- New Image Tags: Service-specific images now available
raven:latest- All services (default)raven-imap:latest- IMAP service onlyraven-lmtp:latest- LMTP service onlyraven-sasl:latest- SASL service only
Configuration
- No configuration file changes required
- Existing
raven.yamlanddelivery.yamlremain compatible
🎯 Performance Metrics
Based on testing and profiling:
- Build Time: 15-20% faster Docker builds with improved caching
- Image Size: 10-15% reduction per service-specific image
- Parser Performance: 25-30% improvement in complex MIME message parsing
- Memory Usage: Reduced memory footprint with optimized MIME tree reconstruction
- Test Coverage: Increased overall coverage by ~8% with S3 and parser tests
📦 Dependencies
- Go 1.25
- SQLite3 (via
github.com/mattn/go-sqlite3v1.14.32) - AWS SDK v2 (for S3-compatible storage)
- YAML v2 (for configuration management)
No new dependencies added in this release.
🙏 Contributors
This release includes contributions from the Raven development team. Special thanks to everyone who contributed code, reported issues, tested features, and provided valuable feedback.
Notable Contributions:
- Sujeev Uthayakumar: S3 unit tests implementation (#216)
- Aravinda HWK: MIME parser improvements, security hardening, Docker enhancements
- Maneesha: Build process consolidation (#203)
📝 Full Changelog
Features
- Multi-service Docker images with individual service targets (#215)
- DFS-based MIME tree reconstruction (#206)
- Comprehensive S3 blob storage unit tests (#216)
- Enhanced multipart/related handling (#209)
Improvements
- Consolidated build commands and entrypoint scripts (#203)
- Improved debug logging across message handling
- Security annotations corrections (G704, G706)
- Go version format updates in CI/CD workflows
Bug Fixes
- Fixed MIME part ordering in multipart/related messages
- Corrected gosec security rule IDs
- Resolved S3 transient error handling
- Fixed recursive wildcard issues in Makefile
Refactoring
- Removed password_initialized logic (#230)
- Sanitized log outputs for injection prevention
- Updated message storage to use S3-integrated functions
- Replaced deprecated strings.Title with manual capitalization
Documentation
- Updated security support table (#202)
- Enhanced test documentation
- Improved code comments in parser module
For a complete list of changes, see the commit history.
📞 Support
- Issues: GitHub Issues
- Documentation: docs/README.md
- Security: See SECURITY.md
- Contributing: See CONTRIBUTING.md
🚢 Download & Installation
Docker Images (Recommended)
All-in-one image:
docker pull ghcr.io/lsflk/raven:v0.5.0
docker pull ghcr.io/lsflk/raven:latestService-specific images:
# IMAP Service
docker pull ghcr.io/lsflk/raven-imap:v0.5.0
# LMTP Service
docker pull ghcr.io/lsflk/raven-lmtp:v0.5.0
# SASL Service
docker pull ghcr.io/lsflk/raven-sasl:v0.5.0Build from Source
git clone https://github.com/LSFLK/raven.git
cd raven
git checkout v0.5.0
make buildQuick Start
# Run all services
docker run -d -p 143:143 -p 24:24 -p 8200:8200 ghcr.io/lsflk/raven:v0.5.0
# Or run individual services
docker run -d -p 143:143 ghcr.io/lsflk/raven-imap:v0.5.0
docker run -d -p 24:24 ghcr.io/lsflk/raven-lmtp:v0.5.0
docker run -d -p 8200:8200 ghcr.io/lsflk/raven-sasl:v0.5.0License: Apache 2.0
Release Tag: v0.5.0