[PR #1560] [MERGED] fix(deps): update module github.com/wneessen/go-mail to v0.7.1 #1570

New Issue

GiteaMirror · 2025-11-01T21:23:01-05:00

GiteaMirror commented

2025-11-01 21:23:01 -05:00

📋 Pull Request Information

Original PR: https://github.com/go-vikunja/vikunja/pull/1560
Author: @renovate[bot]
Created: 9/28/2025
Status: ✅ Merged
Merged: 9/28/2025
Merged by: @kolaente

Base: main ← Head: renovate/github.com-wneessen-go-mail-0.x

📝 Commits (1)

11b0877 fix(deps): update module github.com/wneessen/go-mail to v0.7.1

📊 Changes

2 files changed (+3 additions, -1 deletions)

View changed files

📝 go.mod (+1 -1)
📝 go.sum (+2 -0)

📄 Description

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/wneessen/go-mail	`v0.7.0` -> `v0.7.1`

Release Notes

wneessen/go-mail (github.com/wneessen/go-mail)

`v0.7.1`: : Vulnerability fix in mail address handling

Compare Source

[!IMPORTANT]
This release fixes a vulnerability. All users are encouraged to update to this release at their earliest convenience.

Welcome to go-mail v0.7.1!

This is a security release, which addresses a bug that causes insufficient address encoding when passing mail addresses to the SMTP client, which could lead to possible wrong address routing or even to ESMTP parameter smuggling.

The details of the bug are outlined in #495 and in the go-mail security advisory: GHSA-wpwj-69cm-q9c5
Github assigned the following CVE for this vulnerability: CVE-2025-59937

The vulnerability has been reported by xclow3n. Thank you very much for the detailed report and the thorough testing!

What's Changed

Fix vulnerability in mail address passing to the smtp client by @wneessen in #496

Full Changelog: https://github.com/wneessen/go-mail/compare/v0.7.0...v0.7.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-vikunja/vikunja/pull/1560 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 9/28/2025 **Status:** ✅ Merged **Merged:** 9/28/2025 **Merged by:** [@kolaente](https://github.com/kolaente) **Base:** `main` ← **Head:** `renovate/github.com-wneessen-go-mail-0.x` --- ### 📝 Commits (1) - [`11b0877`](https://github.com/go-vikunja/vikunja/commit/11b0877a78cb70ac9cd2d0127aba8b3a40e7f006) fix(deps): update module github.com/wneessen/go-mail to v0.7.1 ### 📊 Changes **2 files changed** (+3 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -1) 📝 `go.sum` (+2 -0) </details> ### 📄 Description Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [github.com/wneessen/go-mail](https://redirect.github.com/wneessen/go-mail) | `v0.7.0` -> `v0.7.1` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fwneessen%2fgo-mail/v0.7.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fwneessen%2fgo-mail/v0.7.0/v0.7.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>wneessen/go-mail (github.com/wneessen/go-mail)</summary> ### [`v0.7.1`](https://redirect.github.com/wneessen/go-mail/releases/tag/v0.7.1): : Vulnerability fix in mail address handling [Compare Source](https://redirect.github.com/wneessen/go-mail/compare/v0.7.0...v0.7.1) > \[!IMPORTANT] > This release fixes a vulnerability. All users are encouraged to update to this release at their earliest convenience. Welcome to go-mail v0.7.1! This is a security release, which addresses a bug that causes insufficient address encoding when passing mail addresses to the SMTP client, which could lead to possible wrong address routing or even to ESMTP parameter smuggling. The details of the bug are outlined in [#495](https://redirect.github.com/wneessen/go-mail/issues/495) and in the go-mail security advisory: [GHSA-wpwj-69cm-q9c5](https://redirect.github.com/wneessen/go-mail/security/advisories/GHSA-wpwj-69cm-q9c5) Github assigned the following CVE for this vulnerability: [CVE-2025-59937](https://nvd.nist.gov/vuln/detail/CVE-2025-59937) The vulnerability has been reported by [xclow3n](https://redirect.github.com/xclow3n). Thank you very much for the detailed report and the thorough testing! #### What's Changed - Fix vulnerability in mail address passing to the smtp client by [@wneessen](https://redirect.github.com/wneessen) in [#496](https://redirect.github.com/wneessen/go-mail/pull/496) **Full Changelog**: <https://github.com/wneessen/go-mail/compare/v0.7.0...v0.7.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/go-vikunja/vikunja).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-01 21:23:01 -05:00

GiteaMirror closed this issue

2025-11-01 21:23:01 -05:00

GiteaMirror referenced this issue

2025-11-01 21:23:13 -05:00

[PR #1570] [CLOSED] chore(deps): update postgres:17 docker digest to 43ae6be - autoclosed #1580

GiteaMirror referenced this issue

2026-03-22 14:46:12 -05:00

[PR #1570] [CLOSED] chore(deps): update postgres:17 docker digest to 43ae6be - autoclosed #3505

GiteaMirror referenced this issue

2026-04-16 13:24:36 -05:00

[PR #1570] [CLOSED] chore(deps): update postgres:17 docker digest to 43ae6be - autoclosed #5046

GiteaMirror referenced this issue

2026-04-20 17:47:31 -05:00

[PR #1570] [CLOSED] chore(deps): update postgres:17 docker digest to 43ae6be - autoclosed #7630

GiteaMirror referenced this issue

2026-04-23 08:55:06 -05:00

[PR #1570] [CLOSED] chore(deps): update postgres:17 docker digest to 43ae6be - autoclosed #9346

Sign in to join this conversation.

Branches Tags

main

dependabot/npm_and_yarn/frontend/js-cookie-3.0.7

claude/analyze-beans-project-9VxoS

renovate/dev-dependencies

fix-list-sort-resets

feat-huma-api-v2-migration

feat-v2-foundation

spike-huma-openapi3

claude/investigate-swagger3-support-nyyUa

feat-list-view-buckets

ci-mysql-8-test

codex/analyze-codebase-for-email-task-feature

feat-project-templates

csv-import-feature

claude/email-reply-comments-wpdcQ

fix-oidc-pkce-support

fix/overview-subtasks-expand

feat/bucket-select-task-detail

feat-soft-delete-projects

claude/review-bot-design-plan-cf5C3

claude/project-scoped-api-tokens-KTqR3

claude/explore-openclaw-integration-KQEzg

claude/project-scoped-api-tokens-yv5KS

fix-duplicate-close-button

feat-list-view-sorting

feat/official-vite-sentry-plugin

feat/highlight-overdue-tasks

feat/add-enter-key-form-submission-handling

feat/TipTap-nits

feat/update-caldavtimetotimestamp-parsing

feat-phosphor-icons

wip-plans

claude/investigate-issue-2173-llKme

fix-description-text-drag

feat-custom-keyboard-shortcuts

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

playwright-migration

fix-kanban-repeating-wip

copilot/fix-1498

feature/replace-axios

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vikunja#1570

[PR #1560] [MERGED] fix(deps): update module github.com/wneessen/go-mail to v0.7.1 #1570

📋 Pull Request Information

📝 Commits (1)

📊 Changes

📄 Description

Release Notes

v0.7.1: : Vulnerability fix in mail address handling

What's Changed

Configuration

`v0.7.1`: : Vulnerability fix in mail address handling