n24q02m/better-email-mcp

v1.23.3 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Data & Storage

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai-agents ai-coding claude claude-code cursor docker

+7 more

email imap mcp mcp-server model-context-protocol smtp typescript

Affected surfaces

auth

Summary

AI summary

Isolate remote‑relay credentials per JWT subject to prevent public URL leaks.

Full changelog

v1.23.3 (2026-04-21)

Bug Fixes

Improve credential form a11y (focus-visible + h2/h3 semantics + aria-busy) (378f410)
Isolate remote-relay credentials per JWT sub (prevents public-URL leak) (5355c34)
Remove AI traces (.jules / superpowers content — belongs in private n24q02m/.superpower repo) (002ec18)
Stdio fallback renders multi-account credential form (UI parity) (6e099c1)
Stdio fallback spawns local HTTP, never hits remote URL (ecaf207)
Use notifyComplete helper to avoid relay DELETE race (018630e)
deps: Bump mcp-core to 1.4.3 (7c8df7b)
deps: Lock file maintenance (eventsource-parser 3.0.7->3.0.8) (3b21de4)

Detailed Changes: v1.23.2...v1.23.3

Security Fixes

Isolate remote‑relay credentials per JWT sub — prevents public URL leak

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track n24q02m/better-email-mcp

Get notified when new releases ship.

About n24q02m/better-email-mcp

IMAP/SMTP email MCP server with App Passwords (no OAuth2). Auto-discovers Gmail, Outlook, Yahoo, iCloud. 5 composite tools: search, read, send, reply, forward. Multi-account support.

All releases →

n24q02m/better-email-mcp

Summary

v1.23.3 (2026-04-21)

Bug Fixes

Security Fixes

Related context

Related tools