Skip to content

v0.6.0: S/MIME, Auto-discovery, Quicksend and more

Compare
Choose a tag to compare
@wneessen wneessen released this 09 Jan 15:25
· 28 commits to main since this release
fb1abbd

Welcome to go-mail v0.6.0! This release brings some cool new features. We hope you enjoy!

S/MIME signing support

The PRs #298 and #406 add S/MIME signing support to go-mail. We support RSA and ECDSA keys for the time being. Two new methods have been added to the Msg type: Msg.SignWithKeypair which allows message signing by providing seperate crypto.PrivateKey and x509.Certificate parts and Msg.SignWithTLSCertificate which allows to sign messages by providing a corresponding tls.Certificate. Please keep in mind that this is a completely new feature and while we did thorough testing there might be some edge cases that haven't been checked so far. Feedback for this feature is welcome. If you run into issues, please open a Github issue accordingly. This feature has been contributed by @theexiile1305 and has been extended by myself. Big thanks a lot to @theexiile1305 for their contribution!

SMTP authentication auto-discovery

PRs #373 and #374 implement a new SMTP auth mechanism to automatically discover and select the strongest supported SMTP authentication type. This feature simplifies the authentication process for users and enhances security by prioritizing stronger mechanisms based on server capabilities.

Quicksend

PR #378 introduces the QuickSend function for sending emails quickly with TLS and optional SMTP authentication. This feature is similar to the SendMail method of the net/smtp package, but makes use of all go-mail Client and Msg features, including error checking and validations. In essence this new method will create a new client that connects to the server at addr, switches to TLS if possible, authenticates with the optional AuthData provided in auth and create a new simple Msg with the provided subject string and message bytes as body. The message will be sent using from as sender address and will be delivered to every address in rcpts. QuickSend will always send as text/plain ContentType. For the SMTP authentication, if auth is not nil and AuthData.Auth is set to true, it will try to autodiscover the best SMTP authentication mechanism supported by the server. If auth is set to true but autodiscover is not able to find a suitable authentication mechanism or if the authentication fails, the mail delivery will fail completely.

Support for io/fs.FS attachments/embeds

The PR #376 adds support for generic file systems that satisfy the fs.FS interface. Since embed.FS is such a file system, the embed.FS has been refactored to make use of the more generic fs.FS code. It also introduces two new methods Msg.AttachFromIOFS and Msg.EmbedFromIOFS.

More robust concurrency-/thread-safety

Goroutines are easy, but concurrency is hard, and since we added concurrency just with the latest release, some issues were to be expected. With #386 a concurrency issues was fixed when a user would use DialAndSend or DialAndSendWithContext in concurrent goroutines instead of using a single Client and then just using Send within the goroutines. With PR #386 the overall concurrency-safety is made more reliable.

Improved filename sanitization in MIME headers

PR #388 introduced proper filename sanitization for attachments and embedded files. It will repace invalid characters with underscore _ characters before encoding them. This prevents control (like new lines) and special characters like backslash or quotes from causing issues in MIME headers and file systems. As a side effect this prevents newline characters from introducing a potential vulnerability by using filenames with newlines characters in it. We also make sure that the Content-Description header is properly encoded now.

Unix domain socket support

PR #408 adds support for connecting to unix domain sockets instead of a TCP connection. This can be easily established by prefixing the hostname with unix://. This feature has been requested by the Forgejo project. Thanks to them for their input on this.

More test overhauling

Following the test suite overhaul of the 0.5.2 release, with #361 the test suite for the go-mail SMTP client has also been completely rewritten for better coverage as well.

What's Changed

CI/CD maintenance changes

New Contributors

Full Changelog: v0.5.2...v0.6.0