Skip to content

Mailpit

v1.29.1 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 3mo Communication & Email
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

email-testing go mailpit pop3-server smtp-relay smtp-server
+1 more
smtp-testing

Affected surfaces

deps

Summary

AI summary

Updates Chore, Fix, and Inbox across a mixed release.

Full changelog

This is a security release to resolve an upstream Go vulnerability (CVE-2025-68121).

Chore

  • Add CORS error logging and update error messages for failed CORS requests
  • Update Go dependencies
  • Update node dependencies

Fix

  • Enable "Mark all read" button (Inbox) when new message is received

Security Fixes

  • CVE-2025-68121 — upstream Go vulnerability resolved by updating Go dependencies
  • cve-2025-68121
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mailpit

Get notified when new releases ship.

Sign up free

About Mailpit

Email testing tool and API for developers

All releases →

Related context

Beta — feedback welcome: [email protected]