n24q02m/better-email-mcp

v1.17.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Data & Storage

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agents ai-coding claude claude-code cursor docker

+7 more

email imap mcp mcp-server model-context-protocol smtp typescript

Affected surfaces

auth

Summary

AI summary

Mitigate XSS vulnerability in HTTP relay authentication form.

Full changelog

v1.17.0 (2026-03-31)

Bug Fixes

Send relay complete message after OAuth device code flow (#267, cbf7fb7)
deps: Update non-major dependencies (#257, c41e2e2)
security: Mitigate XSS vulnerability in HTTP relay authentication form (#264, a667c62)
test: Make OAuth2 browser test platform-aware (#265, 443e004)

Continuous Integration

Fix Qodo vertex_ai config and VERTEXAI_LOCATION (707dd0b)
cd: Add plugin marketplace sync on stable release (d0c2940)

Performance Improvements

Add case-insensitive fast-paths to html snippet extraction (#263, ea7375c)

Testing

Improve coverage to 96.47% statements (+62 tests) (#266, 5732af8)

Detailed Changes: v1.17.0-beta.2...v1.17.0

Security Fixes

Mitigate XSS vulnerability in HTTP relay authentication form ([#264](https://github.com/n24q02m/better-email-mcp/pull/264))

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track n24q02m/better-email-mcp

Get notified when new releases ship.

About n24q02m/better-email-mcp

IMAP/SMTP email MCP server with App Passwords (no OAuth2). Auto-discovers Gmail, Outlook, Yahoo, iCloud. 5 composite tools: search, read, send, reply, forward. Multi-account support.

All releases →