What's Changed
Features
- feat: |AI 识别| 未配置 Workers AI 绑定时,自动回退到内置正则提取验证码(支持中英日韩,并排除年份与
YYYYMMDD日期误判),让无 Workers AI 的自部署用户也能在 Telegram 推送与 Webhook 中拿到验证码 - feat: |Telegram| Telegram 新邮件推送与
/mails历史邮件查看支持展示 AI 提取结果,包含验证码、验证链接、服务链接、订阅链接等关键信息 - feat: |Webhook| 邮件 Webhook 模板支持填充 AI 提取结果占位符,包括
aiExtractType、aiExtractResult、aiExtractResultText - feat: |Frontend| 新增
DISABLE_SHOW_GITHUB_FOR_USER配置,可仅对普通用户隐藏 Header 的 GitHub/版本入口,admin 仍可见(issue #1041) - feat: |Frontend| 将邮箱地址凭证弹窗升级为“地址凭证与连接方式”,复用普通用户与 admin 创建邮箱结果弹窗;支持通过
ENABLE_AGENT_EMAIL_INFO展示 AI Agent 接入信息,并通过SMTP_IMAP_PROXY_CONFIG展示 SMTP/IMAP 客户端连接信息 - docs: |随机子域名| 在前端“启用随机子域名”提示与
subdomain/worker-vars文档(中英)中明确说明:要让name@<随机>.abc.com真正收到邮件,必须在基础域名 DNS 中为*子域添加通配 MX 记录,Email Routing 子域不继承父域配置(issue #1035)
Bug Fixes
- fix: |Admin| 管理员重置邮箱地址密码时改为前端 SHA-256 后提交,后端只接受并存储哈希值,避免该接口继续接收明文密码
- fix: |Address| 管理员邮箱地址列表与用户绑定地址列表不再返回已存储的地址密码哈希值,避免列表接口暴露敏感字段
- fix: |Address| 统一规范化配置域名、收件地址域名与前缀的空白和大小写,覆盖
DOMAINS、DEFAULT_DOMAINS、USER_ROLES.domains、随机子域名、转发规则、SMTP 与SEND_MAIL域名匹配,保留转发规则空域名 catch-all 行为,并明确空DEFAULT_DOMAINS/ 角色域名回退到DOMAINS的行为,避免大小写配置或入站收件域名导致创建、收件、转发或发信失败(issue #926) - fix: |AI 提取| 将 AI 邮件识别默认 Workers AI 模型切换为支持 JSON Mode 且未弃用的
@cf/meta/llama-3.1-8b-instruct-fast,并在文档中补充@cf/zai-org/glm-4.7-flash结构化输出兼容性提示(issue #1029) - fix: |CI| 将 GitHub Actions 与 e2e Docker 镜像统一升级到 Node.js 24,适配 Wrangler 4.90.0 的运行时要求
- fix: |Frontend| 修复 iOS Safari 点击输入框时因移动端表单控件字号过小导致页面自动放大的问题
更新或者部署网页不生效请如图勾选清理缓存
English
Features
- feat: |AI Extract| Fall back to a built-in regex verification-code extractor (English / Chinese / Japanese / Korean, with year and
YYYYMMDDdate rejection) when no Workers AI binding is configured, so self-hosted deployments without Workers AI still surface codes in Telegram pushes and webhooks - feat: |Telegram| Show AI extraction results in Telegram new-mail notifications and
/mailshistory views, including verification codes, auth links, service links, and subscription links - feat: |Webhook| Support AI extraction placeholders in mail webhook templates, including
aiExtractType,aiExtractResult, andaiExtractResultText - feat: |Frontend| Add
DISABLE_SHOW_GITHUB_FOR_USERto hide the Header GitHub/version entry from normal users while keeping it visible to admin users (issue #1041) - feat: |Frontend| Upgrade the address credential dialog to "Address Credentials & Connection Methods" and reuse it for both normal users and admin-created addresses; support showing AI Agent access via
ENABLE_AGENT_EMAIL_INFOand SMTP/IMAP client settings viaSMTP_IMAP_PROXY_CONFIG - docs: |Random Subdomain| Clarify in the "Use Random Subdomain" frontend tip and the
subdomain/worker-varsdocs (zh & en) that receiving mail onname@<random>.abc.comrequires a wildcard*MX record under the base domain in DNS, because Cloudflare Email Routing does not inherit the apex configuration onto subdomains (issue #1035)
Bug Fixes
- fix: |Admin| Hash address passwords in the frontend before admin reset requests, and make the backend accept and store only the hash instead of plaintext
- fix: |Address| Stop returning stored address password hashes from the admin address list and user bound-address list APIs to avoid exposing sensitive fields
- fix: |Address| Normalize whitespace and casing for configured domains, inbound recipient domains, and prefixes across
DOMAINS,DEFAULT_DOMAINS,USER_ROLES.domains, random subdomains, forwarding rules, SMTP, andSEND_MAILdomain matching, preserve blank-domain catch-all forwarding rules, and clarify that emptyDEFAULT_DOMAINS/ role domains fall back toDOMAINS, to avoid create, receive, forward, or send failures caused by mixed-case configuration or inbound recipient domains (issue #926) - fix: |AI Extract| Switch the default Workers AI model for AI email recognition to the JSON Mode-compatible, non-deprecated
@cf/meta/llama-3.1-8b-instruct-fast, and document structured-output compatibility guidance for@cf/zai-org/glm-4.7-flash(issue #1029) - fix: |CI| Upgrade GitHub Actions and e2e Docker images to Node.js 24 to satisfy Wrangler 4.90.0 runtime requirements
- fix: |Frontend| Prevent iOS Safari from auto-zooming the page when focusing mobile form controls with small font sizes
PRs
- Fix: domain name containing uppercase letters can't working by @hging in #928
- chore: prepare v1.9.0 by @dreamhunter2333 in #1017
- feat: improve address credential connections by @dreamhunter2333 in #1018
- docs: fix typo in title from 'Gihub' to 'GitHub' by @tar-xz in #1019
- ci: allow docs deploy without GitHub release by @Charlson852 in #1023
- chore: upgrade project dependencies by @dreamhunter2333 in #1030
- fix: update AI extract default model by @dreamhunter2333 in #1031
- chore: update SimpleWebAuthn dependencies by @dreamhunter2333 in #1032
- fix: prevent iOS input focus zoom by @dreamhunter2333 in #1033
- docs: clarify wildcard MX requirement for random subdomain by @dreamhunter2333 in #1036
- Security: XSS via v-html with user-controlled content by @tuanaiseo in #1038
- Show AI extraction results in Telegram notifications by @Wolf-L in #1042
- feat: hide GitHub links for normal users by @dreamhunter2333 in #1043
- fix: keep Telegram AI extract result on metadata errors by @dreamhunter2333 in #1045
- feat: add AI extract webhook placeholders by @dreamhunter2333 in #1046
- feat: regex fallback for verification code extraction without Workers AI by @Digidai in #1048
- chore: upgrade dependencies by @dreamhunter2333 in #1050
Full Changelog: v1.8.0...v1.9.0
Contributors
Digidai, hging, and 5 other contributors