12 الالتزامات

المؤلف	SHA1	الرسالة	التاريخ
Adam Cooke	cad2aa6808	fix(messages): sandbox rendered email HTML as extra XSS defence ... The app-wide CSP already blocks inline script execution, but the HTML preview iframe for a stored email was same-origin and un-sandboxed, and the html_raw response had no per-action hardening. Add a sandbox on the iframe and tighten the CSP on html_raw to script-src 'none' with nosniff and no-referrer so the preview has defence in depth against a future CSP bypass or regression. Relates to GHSA-f6g9-8555-cw28.	2026-04-24 22:12:27 +01:00
Adam Cooke	d84152eb5d	feat: automatically remove queued messages with stale locks (#2872)	2024-03-12 11:37:29 +00:00
Adam Cooke	0163ac3d10	feat: new configuration system (and schema) (#2819)	2024-02-26 12:41:57 +00:00
Adam Cooke	ecd09a2445	chore: upgrade rails to 7.0 and other dependencies	2024-02-23 22:51:37 +00:00
Charlie Smurthwaite	1e3622c49a	Consistently treat tinyint(1) fields in message database as booleans (#2380) ... * Update mysql2 query call to cast booleans * Treat messages:held field as boolean * Treat messages:inspected field as boolean * Treat messages:spam field as boolean * Treat messages:threat field as boolean * Treat messages:bounce field as boolean * Treat messages:received_with_ssl field as boolean * Treat deliveries:sent_with_ssl field as boolean	2023-03-22 13:49:48 +00:00
Will Power	f56380e3b2	correct suppression expired check (#988)	2020-07-17 10:31:38 +01:00
Will Power	dcb2919cc6	Suppression list improvements (#867)	2019-11-22 17:28:11 +00:00
Charlie Smurthwaite	53475abf55	always allow emails to be redelivered	2017-12-05 10:54:47 +00:00
Adam Cooke	6f29bc8d3f	ensure all timestamps from the message DB go through a zone	2017-06-02 15:36:12 +01:00
Adam Cooke	96f190ae25	fixes style issue on error when no messages found	2017-05-30 15:16:01 +01:00
Adam Cooke	f6784238d3	a sad sad day in postal-land, no more puns.	2017-05-02 13:33:17 +01:00
Adam Cooke	2fdba0ceb5	initial commit from appmail	2017-04-19 13:07:25 +01:00