Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Strict CRLF check in SMTP protocol #661

Closed
hafeoz opened this issue Jan 1, 2024 · 0 comments
Closed

Strict CRLF check in SMTP protocol #661

hafeoz opened this issue Jan 1, 2024 · 0 comments
Labels
bug Something isn't working. ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele

Comments

@hafeoz
Copy link

hafeoz commented Jan 1, 2024
edited
Loading

The go-smtp package has released a new version, where strict CRLF check is performed to mitigate an zero-day attack against SMTP known as SMTP Smuggling. I think Maddy should probably update the dependency and (probably) release a new version with the updated dependency.

  • maddy version: all?
@hafeoz hafeoz added the bug Something isn't working. label Jan 1, 2024
@McSinyx McSinyx mentioned this issue Jan 10, 2024
Closed
@foxcpp foxcpp closed this as completed in db0874c Jan 21, 2024
@foxcpp foxcpp reopened this Jan 21, 2024
@foxcpp foxcpp added the ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele label Jan 21, 2024
@hafeoz hafeoz closed this as completed Jan 26, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working. ready-for-release Feature is implemented and available for testing in dev branch. It will be included in the next rele
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump go-smtp to fix SMTP smuggling
2 participants
@foxcpp @hafeoz