github s1t5/mail-archiver 2606.2
on GitHub

5 hours ago

✨ New Features

  • M365 Tenant Import: You can now create accounts for all mailboxes in an M365 tenant in a single batch operation. Thanks to @tilwegener for this new feature!
  • Customizable OIDC Login Buttons: OIDC login buttons can now be configured with provider-specific labels. Thanks to @tilwegener for this new feature!

⚙️ Improvements

  • Fixed User Edit Mass Assignment: The user edit form now binds a dedicated view model, preventing attackers from overwriting protected fields such as IsAdmin, TwoFactorSecret, or OAuthRemoteUserId.
  • Updated GetM365Credentials Endpoint The GetM365Credentials now only returns the client ID and tenant ID.
  • Fixed XSS in Email Reply Button: Email metadata used by the reply button is now passed to JavaScript as properly escaped JSON instead of unencoded data-* attributes.
  • Hardened HTML Email Iframe Sandbox: Removed allow-same-origin from the email content iframe sandbox so that JavaScript in HTML emails cannot access the parent page.
  • Added Import File Extension Whitelist: MBox and EML uploads now validate file extensions; only .mbox, .eml, and .zip files are accepted.
Check out latest releases or
releases around s1t5/mail-archiver 2606.2

Don't miss a new mail-archiver release

NewReleases is sending notifications on new releases.

Get notifications