CyberPanel

Nemcio/CyberPanel

Fork 0

mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-03-10 06:10:14 +01:00

Commit Graph

Author	SHA1	Message	Date
usmannasir	28113d97a7	Security fixes for webmail and emailDelivery apps - Fix command injection in relay config: use shlex.quote() on all subprocess arguments passed to mailUtilities.py - Fix XSS in email reply/forward: html.escape() on From/To/Date/Subject headers before embedding in quoted HTML - Fix attachment filename traversal: use os.path.basename() and strip null bytes from attachment filenames - Fix Sieve script name injection: sanitize names to alphanumeric chars - Fix SSRF in image proxy: resolve hostname to IP and check against ipaddress.is_private/is_loopback/is_link_local/is_reserved - Remove internal error details from user-facing responses - Update Access Webmail link from /snappymail/ to /webmail/	2026-03-06 03:27:45 +05:00
usmannasir	abcd513937	Fix emailDelivery page rendering: use httpProc instead of plain render The page was missing sidebar menu, ACL data, and cosmetic config because home() used Django's plain render() instead of httpProc.render() which loads all context data needed by the base template.	2026-03-06 03:21:11 +05:00
usmannasir	1e00f6eff5	Add CyberMail Email Delivery integration - New emailDelivery Django app with full platform API integration - Account connection, domain management, SMTP credentials, relay config - Auto-configure SPF/DKIM/DMARC DNS records via PowerDNS - Postfix SMTP relay through CyberMail (configureRelayHost/removeRelayHost) - Real-time delivery logs, stats, and per-domain analytics - Single-page AngularJS dashboard with marketing landing page - Promotional banners on 6 email-related pages with dismiss cookie - Manual SQL table creation in upgrade.py for existing installs - Documentation: setup guide, technical reference, user guide	2026-03-06 00:19:53 +05:00

Author

SHA1

Message

Date

usmannasir

28113d97a7

Security fixes for webmail and emailDelivery apps

- Fix command injection in relay config: use shlex.quote() on all
  subprocess arguments passed to mailUtilities.py
- Fix XSS in email reply/forward: html.escape() on From/To/Date/Subject
  headers before embedding in quoted HTML
- Fix attachment filename traversal: use os.path.basename() and strip
  null bytes from attachment filenames
- Fix Sieve script name injection: sanitize names to alphanumeric chars
- Fix SSRF in image proxy: resolve hostname to IP and check against
  ipaddress.is_private/is_loopback/is_link_local/is_reserved
- Remove internal error details from user-facing responses
- Update Access Webmail link from /snappymail/ to /webmail/

2026-03-06 03:27:45 +05:00

usmannasir

abcd513937

Fix emailDelivery page rendering: use httpProc instead of plain render

The page was missing sidebar menu, ACL data, and cosmetic config because
home() used Django's plain render() instead of httpProc.render() which
loads all context data needed by the base template.

2026-03-06 03:21:11 +05:00

usmannasir

1e00f6eff5

Add CyberMail Email Delivery integration

- New emailDelivery Django app with full platform API integration
- Account connection, domain management, SMTP credentials, relay config
- Auto-configure SPF/DKIM/DMARC DNS records via PowerDNS
- Postfix SMTP relay through CyberMail (configureRelayHost/removeRelayHost)
- Real-time delivery logs, stats, and per-domain analytics
- Single-page AngularJS dashboard with marketing landing page
- Promotional banners on 6 email-related pages with dismiss cookie
- Manual SQL table creation in upgrade.py for existing installs
- Documentation: setup guide, technical reference, user guide

2026-03-06 00:19:53 +05:00

3 Commits