✨ New Features
- M365 Tenant Import: You can now create accounts for all mailboxes in an M365 tenant in a single batch operation. Thanks to @tilwegener for this new feature!
- Customizable OIDC Login Buttons: OIDC login buttons can now be configured with provider-specific labels. Thanks to @tilwegener for this new feature!
⚙️ Improvements
- Fixed User Edit Mass Assignment: The user edit form now binds a dedicated view model, preventing attackers from overwriting protected fields such as
IsAdmin,TwoFactorSecret, orOAuthRemoteUserId. - Updated GetM365Credentials Endpoint The
GetM365Credentialsnow only returns the client ID and tenant ID. - Fixed XSS in Email Reply Button: Email metadata used by the reply button is now passed to JavaScript as properly escaped JSON instead of unencoded
data-*attributes. - Hardened HTML Email Iframe Sandbox: Removed
allow-same-originfrom the email content iframe sandbox so that JavaScript in HTML emails cannot access the parent page. - Added Import File Extension Whitelist: MBox and EML uploads now validate file extensions; only
.mbox,.eml, and.zipfiles are accepted.
Contributors
tilwegener