Skip to content

Mailpit

v1.27.2 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 10mo Communication & Email
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

email-testing go mailpit pop3-server smtp-relay smtp-server
+1 more
smtp-testing

Summary

AI summary

Updates Fix, Chore, and Feature across a mixed release.

Full changelog

Feature

  • Add ability to generate self-signed (snakeoil) certificates for UI, SMTP and POP3 (#539)

Chore

  • Allow sendmail to send to untrusted TLS server
  • Update eslint config, remove neostandard
  • Refactor JS functions and remove unused parameters
  • Update Go dependencies
  • Update node dependencies

Fix

  • Use MaxMessages to determine pruning (#536)
  • Support angle brackets for text/plain URLs with spaces (#535)
  • Do not check latest release for Prometheus statistics (#522)

Security

  • Prevent integer overflow conversion to uint64
  • Add ReadHeaderTimeout to Prometheus metrics server

Security Fixes

  • Prevent integer overflow conversion to uint64
  • Add ReadHeaderTimeout to Prometheus metrics server
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mailpit

Get notified when new releases ship.

Sign up free

About Mailpit

Email testing tool and API for developers

All releases →

Related context

Beta — feedback welcome: [email protected]