nodemailer 8.0.3 → 8.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/lib/smtp-connection/index.js +4 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# CHANGELOG
|
|
2
2
|
|
|
3
|
+
## [8.0.4](https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4) (2026-03-25)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Bug Fixes
|
|
7
|
+
|
|
8
|
+
* sanitize envelope size to prevent SMTP command injection ([2d7b971](https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651))
|
|
9
|
+
|
|
3
10
|
## [8.0.3](https://github.com/nodemailer/nodemailer/compare/v8.0.2...v8.0.3) (2026-03-18)
|
|
4
11
|
|
|
5
12
|
|
|
@@ -1159,7 +1159,10 @@ class SMTPConnection extends EventEmitter {
|
|
|
1159
1159
|
}
|
|
1160
1160
|
|
|
1161
1161
|
if (this._envelope.size && this._supportedExtensions.includes('SIZE')) {
|
|
1162
|
-
|
|
1162
|
+
const sizeValue = Number(this._envelope.size) || 0;
|
|
1163
|
+
if (sizeValue > 0) {
|
|
1164
|
+
args.push('SIZE=' + sizeValue);
|
|
1165
|
+
}
|
|
1163
1166
|
}
|
|
1164
1167
|
|
|
1165
1168
|
// If the server supports DSN and the envelope includes an DSN prop
|