mailcow-dockerized

v2026-05 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 22d Communication & Email

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

acme clamav docker dovecot groupware imap

+9 more

mail mailcow mailserver olefy postfix rspamd servercow smtp sogo

ReleasePort's take

Moderate signal

editorial:auto 13d

The May 2026 release of mailcow‑dockerized patches a security issue in Postfix's postscreen_access.cidr configuration and adds HTML escaping to the sieve filter edit view and queue manager UI.

Why it matters: Patch immediately if you use Postfix postscreen; upgrade now to mitigate the identified vulnerability affecting that configuration.

Summary

AI summary

Fixes a security-related issue by escaping HTML in the sieve filter edit view and queue manager.

Changes in this release

Type	Severity	Summary	CVE
Security	High	Fixes a security-related issue (CVE to be published). Fixes a security-related issue (CVE to be published). Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Security	Medium	Fixes security-related issue in Postfix postscreen_access.cidr configuration. Fixes security-related issue in Postfix postscreen_access.cidr configuration. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Escapes HTML in sieve filter edit view and queue manager UI. Escapes HTML in sieve filter edit view and queue manager UI. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Updates translations from Weblate for multiple language files. Updates translations from Weblate for multiple language files. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

What's Changed

This is a small but important update that fixes a security-related issue.
We strongly recommend updating to this version.
The associated CVE identifier will be published at a later time.

[Postfix] update postscreen_access.cidr by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/7177
[Postfix] update postscreen_access.cidr by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/7209
Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/7190
Translations update from Weblate by @milkmaker in https://github.com/mailcow/mailcow-dockerized/pull/7218
[Web] escape HTML in sieve filter edit view and queue manager by @FreddleSpl0it in https://github.com/mailcow/mailcow-dockerized/pull/7220

Full Changelog: https://github.com/mailcow/mailcow-dockerized/compare/2026-03b...2026-05

Security Fixes

Escape HTML in sieve filter edit view and queue manager — mitigates a security-related issue (CVE identifier to be published later).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track mailcow-dockerized

Get notified when new releases ship.

About mailcow-dockerized

mailcow: dockerized - + =

All releases →