Skip to content

Releases: bscott/pm-cli

pm-cli v0.2.5

27 Apr 16:02
@bscott bscott
v0.2.5
b9666ae
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
pm-cli v0.2.5 Latest
Latest

Security release

This release ships a set of security hardening fixes surfaced by a broad audit of the codebase. No new features.

Fixes

  • HIGH — SMTP header injection. Subject, In-Reply-To, References, and recipient lists derived from received emails could carry CR/LF and inject arbitrary headers (e.g., Bcc:) when replying or forwarding. Subject in particular bypassed RFC 2047 encoding when the value was pure ASCII. Header values now go through a CR/LF stripper before reaching the SMTP DATA stream, and envelope addresses are rejected outright if they contain CR/LF.
  • MEDIUM — TLS misconfiguration. IMAP and SMTP clients use InsecureSkipVerify because Proton Bridge presents a self-signed cert on localhost. The localhost trust assumption is now enforced — Connect() and Send() refuse to dial anything that is not a loopback address, so a tampered config or --config redirect can no longer ship the Bridge password to a remote host.
  • MEDIUM — Latent shell injection in mail watch --exec. The exec template is passed to sh -c. Currently safe (only a numeric SeqNum is interpolated for {}), but extending substitution to email-derived data would be RCE. Email metadata is now exposed via environment variables (PM_MSG_SEQ, PM_MSG_UID, PM_MSG_FROM, PM_MSG_SUBJECT) so users have a safe path forward without string substitution.
  • MEDIUM — ANSI/OSC escape injection in terminal output. Email Subject, From, body, attachment filename, and content type were printed verbatim to stdout in mail list/read/search/watch/thread. Attacker-controlled emails can embed escape sequences to obscure output, spoof terminal hyperlinks (OSC 8), or manipulate the terminal clipboard (OSC 52). All email-derived text-mode prints now go through a control-character filter; JSON output is unchanged.

New

  • internal/safetext package: SanitizeHeaderValue and SanitizeForTerminal helpers, with tests.
  • mail watch --exec exposes PM_MSG_SEQ, PM_MSG_UID, PM_MSG_FROM, PM_MSG_SUBJECT to the executed command. Documented in docs/commands.md.

Upgrade notes

If you rely on a non-loopback IMAP/SMTP host (e.g. an SSH-tunnel that resolves to something other than 127.0.0.1/::1/localhost), pm-cli will now refuse to connect. Update your config to use the loopback address of the tunneled port.

PR: #7

Assets 2
Loading

pm-cli v0.2.4

29 Mar 19:15
@bscott bscott
v0.2.4
36de1a6

Choose a tag to compare

View all tags
pm-cli v0.2.4

Security Patch

  • Fix path traversal in attachment download (CWE-22) — MIME attachment filenames are now sanitized with filepath.Base() before writing to disk, preventing malicious filenames like ../../.ssh/authorized_keys from writing outside the current directory.

Full Changelog: v0.2.3...v0.2.4

Loading

pm-cli v0.2.3

28 Feb 19:51
@bscott bscott
v0.2.3
2de2ef0

Choose a tag to compare

View all tags
pm-cli v0.2.3

What's new

  • Fix mail read --unread to update unread state using fetched UID, avoiding stale sequence-number targeting.
  • Normalize output flags after unread mutation so JSON/text output stays consistent (\\Seen removed).
  • Add CI checks via GitHub Actions (gofmt, go vet, go test).

Verification

  • go test ./...
Loading

pm-cli v0.2.2

28 Feb 19:51
@bscott bscott
v0.2.2
d8a712c

Choose a tag to compare

View all tags
pm-cli v0.2.2

What's new

  • Add uid:<uid> selectors across mail commands for more stable message targeting
  • Add mail read --unread to support classify/read workflows without leaving messages marked seen
  • Add mail archive shortcut command
  • Improve message identity visibility (Message-ID, UID/Seq context) in output/help/docs

Fixes and improvements

  • Clarifies sequence number vs UID behavior in docs and command help
  • Adds coverage for selector parsing and updated CLI behavior

Verification

  • go test ./...
Loading

v0.2.1

27 Feb 03:36
@bscott bscott
v0.2.1
3ba80c6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.2.1

Bug Fix

  • Fix nil pointer dereference in NewContext when no config file exists and no --config flag is provided. Previously ctx.Config was left nil, causing a panic on any command run without prior config init. Defaults are now always assigned when no config is loaded.
  • Explicit --config with an invalid path now returns an error instead of silently falling back to defaults.
Loading

v0.2.0

22 Feb 17:01
@bscott bscott
v0.2.0
390c25e

Choose a tag to compare

View all tags
v0.2.0

What's Changed

Bug Fixes

  • Fix SMTP STARTTLS flow — Use STARTTLS instead of implicit TLS for Proton Bridge compatibility (#1)
  • Restore doctor dial timeout — SMTP diagnostics no longer stall on unreachable hosts (#1)
  • IPv6-safe addressing — Use net.JoinHostPort in IMAP/SMTP connection paths (#1)

Features

  • --mailbox flag for mail read — Read messages from any folder without changing global config (#2)

Improvements

  • Doctor short-circuits SMTP auth check when port is unreachable
  • Missing --attachments and --html flags added to help schema

Full Changelog: v0.1.0...v0.2.0

Loading