Skip to content

Release history

postal releases

A fully featured open source mail delivery platform for incoming & outgoing e-mail

Back to tool Latest release

All releases

3 shown

Upgrade now
3.3.7 Security relevant
RCE / SSRF Dependencies

SSRF prevention + SQL injection fix

Open
3.3.6 Security relevant
Security fixes
  • Sandbox rendered email HTML as extra XSS defence
  • Escape interpolated values in select options
  • Tighten return_to validation
Full changelog

3.3.6 (2026-04-28)

Bug Fixes

  • messages: sandbox rendered email HTML as extra XSS defence (cad2aa6)

Miscellaneous Chores

  • ignore node modules and yarn.lock (b611d57)

Code Refactoring

  • auth: tighten return_to validation (84f4e20)
  • helpers: escape interpolated values in select options (9243524)
  • tracking: remove unused src image proxy (dca7f90)
View release on GitHub
3.3.5 Security relevant
Security fixes
  • Fixed HTML injection vulnerability in delivery details display
Notable features
  • Rails 7.1 and Ruby 3.4 support
View release on GitHub

Beta — feedback welcome: [email protected]