Skip to content

Mailpit

v1.30.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 6d Communication & Email
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

email-testing go mailpit pop3-server smtp-relay smtp-server
+1 more
smtp-testing

Affected surfaces

deps

Summary

AI summary

GHSA-28pq-6qxg-wg5r security hardening and configuration updates

Full changelog

Security

  • Extend request body size cap to all JSON API endpoints (GHSA-28pq-6qxg-wg5r)
  • Pin Github Actions workflow versions using full commit SHA
  • Do not use npm cache to prevent cache poisoning
  • Disable GitHub Actions credential persistence for checkout steps

Chore

  • Enhance schema application logging (#688)
  • Change log level to Info for database vacuuming message (#688)
  • Update Github Action workflows
  • Update Go dependencies
  • Update node dependencies
  • Update caniemail test database

Security Fixes

  • dep: GHSA-28pq-6qxg-wg5r – extend request body size cap to all JSON API endpoints
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mailpit

Get notified when new releases ship.

Sign up free

About Mailpit

Email testing tool and API for developers

All releases →

Related context

Beta — feedback welcome: [email protected]