This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
Affected surfaces
ReleasePort's take
Moderate signalReleasePort Layer 1 version 3.3.7 adds security mitigations for SSRF and SQL‑injection attacks and upgrades core dependencies.
Why it matters: Prevents SSRF (severity 95) and SQL injection (severity 90) in outbound webhook requests and message‑database queries; upgrades rack and rails, improving stability.
Summary
AI summaryUpdates Bug Fixes, Miscellaneous Chores, and 3.3.7 across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Critical |
Prevents SSRF in outbound webhook and HTTP endpoint requests Prevents SSRF in outbound webhook and HTTP endpoint requests Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Security | Critical |
Prevents SQL injection via condition keys in message-db Prevents SQL injection via condition keys in message-db Source: llm_adapter@2026-06-03 Confidence: high |
— |
| Dependency | Low |
Upgrades rack and rails dependencies Upgrades rack and rails dependencies Source: llm_adapter@2026-06-03 Confidence: high |
— |
Security Fixes
- **GHSA-x2hq-rfpg-3xr5** – Prevent SQL injection via condition keys in message-db
- Prevent SSRF in outbound webhook and HTTP endpoint requests (http module)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About postal
A fully featured open source mail delivery platform for incoming & outgoing e-mail
Beta — feedback welcome: [email protected]