ghaymah_dev/postal
1
0
نسخ 0
مراية لـ https://github.com/postalserver/postal.git تم المزامنة 2026-05-31 04:35:42 +00:00
الشفرة المشكلات Packages المشاريع الإصدارات الويكي النشاط
648 الالتزامات 8 الفروع 30 العلامات
924352403553dcfcc569876ca76c219493fac9d6
رسم بياني للالتزام

648 الالتزامات

هذا الفرع
هذا الفرع
جميع الفروع
المؤلف SHA1 الرسالة التاريخ
Adam Cooke
9243524035 refactor(helpers): escape interpolated values in select options 
The endpoint and domain option helpers interpolated model attributes
straight into an HTML string before marking the whole buffer html_safe.
Wrap the interpolations in h() so untrusted attributes can't break out
of the surrounding tag.

Also stop the helpers glob in rails_helper from eagerly requiring
_spec.rb files so helper specs can live under spec/helpers/, and add a
small application helper spec covering the escape behaviour.
 2026-04-24 22:55:46 +01:00
Adam Cooke
dca7f90b90 refactor(tracking): remove unused src image proxy 
The /img/<server>/<message> endpoint accepted a src=<url> query
parameter and proxied the body of that URL back to the caller. Nothing
in the codebase ever produces a src= parameter — the parser only
inserts a plain tracking pixel and rewrites href links — so this branch
is dead code inherited from the original AppMail import.

Drop the src branch: requests with src now return 400. The no-src path
that serves the tracking pixel and records loads is unchanged, and a
spec covers both the pixel-serving path and the removed branch.
 2026-04-24 22:24:18 +01:00
Adam Cooke
cad2aa6808 fix(messages): sandbox rendered email HTML as extra XSS defence 
The app-wide CSP already blocks inline script execution, but the HTML
preview iframe for a stored email was same-origin and un-sandboxed, and
the html_raw response had no per-action hardening. Add a sandbox on the
iframe and tighten the CSP on html_raw to script-src 'none' with
nosniff and no-referrer so the preview has defence in depth against a
future CSP bypass or regression.

Relates to GHSA-f6g9-8555-cw28.
 2026-04-24 22:12:27 +01:00
Adam Cooke
b611d577af chore: ignore node modules and yarn.lock 2026-04-24 21:34:57 +01:00
github-actions[bot]
d532922ff7 chore(main): release 3.3.5 (#3208) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.3.5 		2026-02-01 14:55:42 +00:00
Adam Cooke
11419f9914 fix(deliveries): escape delivery details to prevent HTML injection 2026-02-01 14:48:54 +00:00
Melle Douwsma
b7e5232e07 fix: typo in process logging (#3212) 
Signed-off-by: Melle Douwsma <melledouwsma@users.noreply.github.com>
 2025-10-03 09:41:20 +01:00
Johan Kok
e00098b800 fix: update url for v2 config (#3225) 
This minor update resolves #3048

Signed-off-by: Johan Kok <johankok@users.noreply.github.com>
 2025-10-03 09:40:22 +01:00
Adam Cooke
d00d978872 chore: upgrade resolv to 0.6.2 2025-10-02 14:39:27 +01:00
Adam Cooke
c78000ca8f chore: remove version from docker-compose.yml 2025-10-02 14:38:42 +01:00
Adam Cooke
c03c44b442 chore(deps): upgrade puma, net-imap and other deps 2025-10-01 18:13:36 +01:00
Adam Cooke
86de372382 chore(dockerfile): reduce container size 2025-10-01 18:12:26 +01:00
Adam Cooke
7c47422c86 fix(health_server): use rackup handler instead of rack handler 2025-10-01 18:12:26 +01:00
Arthur Lutz
f5325c49ff docs(process.rb): add help about time unit used by metric (#3339) 
Signed-off-by: Arthur Lutz <arthur.lutz@zenika.com>
 2025-10-01 17:31:13 +01:00
Adam Cooke
f193b8e77f chore: upgrade uri gem to 1.0.3 2025-10-01 16:47:59 +01:00
Adam Cooke
ab6d4430ba chore: upgrade to rails 7.1 and ruby 3.4 (#3457) 2025-10-01 16:42:39 +01:00
Matthieu Barthel
9c5f96ae90 fix: oidc scopes are invalid when concatenated (#3332) 2025-05-08 07:51:46 +01:00
Som23Git
fd3c7ccdf6 fix: typo in the credentials page 2024-10-31 17:53:20 +00:00
github-actions[bot]
da90e75036 chore(main): release 3.3.4 (#3014) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.3.4 		2024-06-20 14:39:58 +01:00
Adam Cooke
2b0919c145 fix: raise NotImplementedError when no call method on a scheduled task 2024-06-20 14:27:20 +01:00
Adam Cooke
3a33e53d84 fix: fix issue running message pruning task 2024-06-20 14:27:20 +01:00
Adam Cooke
4fa88acea0 fix: fix postal version command 2024-06-20 14:27:18 +01:00
github-actions[bot]
d510499190 chore(main): release 3.3.3 (#2933) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.3.3 		2024-04-18 14:42:30 +01:00
Adam Cooke
39f704c256 fix(legacy-api): allow _expansions to be provided as true to return all expansions 
closes #2932
 2024-04-18 14:38:44 +01:00
github-actions[bot]
c12f30e300 chore(main): release 3.3.2 (#2892) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.3.2 		2024-03-22 10:40:20 +00:00
Adam Cooke
5a2f31ed77 doc: fix doc for Postal.version 2024-03-21 14:58:11 +00:00
Adam Cooke
07c6b317f2 refactor(versioning): improve how current version and branch is determined and set 
Refactor `Postal.version`` and `Postal.branch` and remove `Postal::VERSION`.
 2024-03-21 14:55:14 +00:00
github-actions[bot]
a3fab36da2 chore(main): release 3.3.1 (#2890) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.3.1 		2024-03-21 12:54:43 +00:00
Adam Cooke
3a56ec8a74 fix(smtp-sender): ensure relays without a host are excluded 2024-03-21 12:33:34 +00:00
Adam Cooke
b3264b9427 fix(smtp-sender): fixes SMTPSender.smtp_relays 2024-03-21 12:27:54 +00:00
Adam Cooke
6ef388577e Merge pull request #2891 from postalserver/export-branch-to-image 2024-03-20 14:34:28 +00:00
Adam Cooke
18236171eb chore(ui): display branch in footer if present 2024-03-20 14:30:32 +00:00
Adam Cooke
bee509832e chore(container): add the branch name to the container 2024-03-20 14:28:44 +00:00
Adam Cooke
4d9654dac4 refactor: remove moonrope but maintain legacy API actions (#2889) 2024-03-19 20:21:04 +00:00
Adam Cooke
adaf2b0750 chore(github-actions): don't run for dependabot or release-please PRs and fetch whole repo 2024-03-19 16:54:18 +00:00
Adam Cooke
64bc7dcf7c chore(github-actions): include a version string on branch-*/latest images 2024-03-19 16:42:21 +00:00
Adam Cooke
d65bbe0579 chore(github-actions): don't generate commit- tags 2024-03-19 10:27:15 +00:00
github-actions[bot]
eded789c37 chore(main): release 3.3.0 (#2887) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.3.0 		2024-03-18 17:59:05 +00:00
Adam Cooke
ea542a0694 feat(worker): scale connection pool with worker threads 
This will automatically increase the DB connection pool size if the number of threads needed in a worker is less than the maximum pool size configured.
 2024-03-18 08:12:42 +00:00
Adam Cooke
7e2acccd1e feat(worker): allow number of threads to be configured 
This allows for more threads to be run. Care needs to be taken to ensure that database connection pool size is appropriate for this.
 2024-03-17 18:41:26 +00:00
Adam Cooke
ee8d829a85 feat(prometheus): add postal_message_queue_latency metric 2024-03-17 09:29:22 +00:00
Adam Cooke
4fcb9e9a2e fix(message-dequeuer): ability to disable batching 2024-03-16 15:31:46 +00:00
Adam Cooke
45dd8aaac5 chore(config-docs): update proxy protocol to mention v1 2024-03-16 15:31:14 +00:00
Adam Cooke
364eba6c5f chore(config-docs): update docs for latest oidc defaults 2024-03-16 15:30:50 +00:00
github-actions[bot]
6a1ff56fe2 chore(main): release 3.2.2 (#2878) 
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
3.2.2 		2024-03-14 22:03:58 +00:00
Adam Cooke
be456523dd fix: don't use authentication on org & server deletion 2024-03-14 14:14:59 +00:00
Adam Cooke
3d208d632f test: add tests for the legacy API 2024-03-13 22:40:41 +00:00
Adam Cooke
1c67f72209 chore: hide further config messages 2024-03-13 19:08:59 +00:00
Adam Cooke
aa76aae232 chore: suppress config location on default-dkim-record 2024-03-13 19:06:37 +00:00
Adam Cooke
f760cdb5a1 chore: allow config location message to be suppressed 2024-03-13 19:06:25 +00:00