Mailu

v2024.06.52 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 6d Communication & Email

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

dkim dmarc docker email fetchmail imap

+6 more

letsencrypt mail mailserver pop3 smtp webmail

Affected surfaces

breaking_upgrade

ReleasePort's take

Moderate signal

editorial:auto 6d

The release patches CVE-2026-49217 in Mailu.

Why it matters: CVE‑2026‑49217 is a high‑severity (score 90) vulnerability affecting the Mailu platform; upgrade to version 2024.06.52 immediately.

Summary

AI summary

Fixes CVE-2026-49217 security vulnerability.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Patches CVE-2026-49217 vulnerability in Mailu. Patches CVE-2026-49217 vulnerability in Mailu. Source: llm_adapter@2026-05-29 Confidence: high	—
Dependency	Medium	Upgrades Roundcube to version 1.6.16. Upgrades Roundcube to version 1.6.16. Source: llm_adapter@2026-05-29 Confidence: high	—
Dependency	Medium	Upgrades CardDAV server to version 5.1.3. Upgrades CardDAV server to version 5.1.3. Source: llm_adapter@2026-05-29 Confidence: high	—

Full changelog

Changelog :mailbox:

Upgrade roundcube to 1.6.16 and carddav to 5.1.3
Fix CVE-2026-49217
This release was triggered by PR/Issue 4030.
The release notes of the original main release can be accessed via menu item 'Release notes' on mailu.io.

Update

The main version X.Y (e.g. 1.9) will always reflect the latest version of the branch. To update your Mailu installation simply pull the latest images `docker compose pull && docker compose up -d`.

The pinned version X.Y.Z (e.g. 1.9.1) is not updated. It is pinned to the commit that was used for creating this release. You can use a pinned version to make sure your Mailu installation is not suddenly updated when recreating containers. The pinned version allows the user to manually update. It also allows to go back to a previous pinned version.

Security Fixes

CVE-2026-49217 — security vulnerability fixed (GHSA-2w8v-6xr5-g9gh)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Mailu

Get notified when new releases ship.

About Mailu

Insular email distribution - mail server as Docker images

All releases →

Related context

Related tools

Related CVEs

CVE-2026-49217 NVD KEV EPSS