This release includes two important security fixes, so upgrading is strongly recommended.
Two security vulnerabilities affecting publicly exposed (SMTP) instances of Mailpit have been fixed in this release. Details are provided below.
Many thanks to the security researcher who responsibly disclosed these issues and helped improve Mailpit's security.
Security
- Enforce command line length limits in SMTP and POP3 handlers (GHSA-w878-pj84-3j5v)
- Reject oversized image dimensions in thumbnail handler before full decode (GHSA-75mr-qw9x-3r39)
Chore
- Refactor browser storage settings for consistency (#715)
- Update Go dependencies
- Update node dependencies
- Update caniemail test database
- Update Github Action requirements
Fix
- Exclude supported clients in HTML check results (#716)