github wneessen/go-mail v0.7.1
v0.7.1: Vulnerability fix in mail address handling
on GitHub

latest release: v0.7.2
3 months ago

Important

This release fixes a vulnerability. All users are encouraged to update to this release at their earliest convenience.

Welcome to go-mail v0.7.1!

This is a security release, which addresses a bug that causes insufficient address encoding when passing mail addresses to the SMTP client, which could lead to possible wrong address routing or even to ESMTP parameter smuggling.

The details of the bug are outlined in #495 and in the go-mail security advisory: GHSA-wpwj-69cm-q9c5
Github assigned the following CVE for this vulnerability: CVE-2025-59937

The vulnerability has been reported by xclow3n. Thank you very much for the detailed report and the thorough testing!

What's Changed

  • Fix vulnerability in mail address passing to the smtp client by @wneessen in #496

Full Changelog: v0.7.0...v0.7.1

Check out latest releases or
releases around wneessen/go-mail v0.7.1

Don't miss a new go-mail release

NewReleases is sending notifications on new releases.

Get notifications