Skip to content

[PM-32450] Allow SMTP TLS CRL status retrieval failures#7271

Open
dereknance wants to merge 1 commit intomainfrom
pm-32450-fix-smtp-crl
Open

[PM-32450] Allow SMTP TLS CRL status retrieval failures#7271
dereknance wants to merge 1 commit intomainfrom
pm-32450-fix-smtp-crl

Conversation

@dereknance
Copy link
Contributor

@dereknance dereknance commented Mar 21, 2026
edited by atlassian bot
Loading

🎟️ Tracking

PM-32450

📔 Objective

When connecting to an SMTP server with TLS, do not close the connection when the certificate revocation list is irretrievable either because the network is offline, or the status is otherwise unknown.

@dereknance dereknance requested a review from a team as a code owner March 21, 2026 01:11
@dereknance dereknance requested a review from dani-garcia March 21, 2026 01:11
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 21, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link
Contributor

github-actions bot commented Mar 21, 2026

Logo
Checkmarx One – Scan Summary & Details646e799c-49a6-4ec0-af6d-b7e6345a9073

New Issues (2) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 HIGH CVE-2026-32933 Nuget-AutoMapper-12.0.1
detailsRecommended version: 15.1.1
Description: AutoMapper is vulnerable to a Denial-of-Service (DoS) attack. Versions prior to 15.1.1 and 16.x prior to 16.1.1, when mapping deeply nested object ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 MEDIUM SSL_Verification_Bypass /src/Core/Platform/Mail/Delivery/MailKitSmtpMailDeliveryService.cs: 81
details/src/Core/Platform/Mail/Delivery/MailKitSmtpMailDeliveryService.cs relies HTTPS requests, in . The ServerCertificateValidationCallback parameter,...
Attack Vector
Fixed Issues (2) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
HIGH Cxb9102459-6a3a Nuget-AutoMapper-12.0.1
MEDIUM SSL_Verification_Bypass /src/Core/Platform/Mail/Delivery/MailKitSmtpMailDeliveryService.cs: 84

@codecov
Copy link

codecov bot commented Mar 21, 2026

Codecov Report

❌ Patch coverage is 94.44444% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 57.72%. Comparing base (5f1cdd5) to head (abfd1e0).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
...rm/Mail/Delivery/MailKitSmtpMailDeliveryService.cs 94.44% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7271      +/-   ##
==========================================
- Coverage   61.84%   57.72%   -4.12%     
==========================================
  Files        2042     2042              
  Lines       89817    89830      +13     
  Branches     7985     7989       +4     
==========================================
- Hits        55548    51857    -3691     
- Misses      32329    36114    +3785     
+ Partials     1940     1859      -81

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dani-garcia dani-garcia Awaiting requested review from dani-garcia dani-garcia is a code owner automatically assigned from bitwarden/team-platform-dev

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dereknance