Skip to content

v0.7.1: Vulnerability fix in mail address handling

Choose a tag to compare

View all tags
@wneessen wneessen released this 27 Sep 08:34
· 14 commits to main since this release
v0.7.1
42e92cf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Important

This release fixes a vulnerability. All users are encouraged to update to this release at their earliest convenience.

Welcome to go-mail v0.7.1!

This is a security release, which addresses a bug that causes insufficient address encoding when passing mail addresses to the SMTP client, which could lead to possible wrong address routing or even to ESMTP parameter smuggling.

The details of the bug are outlined in #495 and in the go-mail security advisory: GHSA-wpwj-69cm-q9c5
Github assigned the following CVE for this vulnerability: CVE-2025-59937

The vulnerability has been reported by xclow3n. Thank you very much for the detailed report and the thorough testing!

What's Changed

  • Fix vulnerability in mail address passing to the smtp client by @wneessen in #496

Full Changelog: v0.7.0...v0.7.1

Contributors

wneessen
Assets 2
Loading