1.7.3 (2026年06月04日)

Features

• Mail: Inline attachment preview — reliable MIME detection with inline PDF on desktop and mobile
• Mail: Preview composer attachments inline (click to open)
• Mail: Preview .eml (message/rfc822) attachments like an email
• Mail: Read receipts (MDN, RFC 8098)
• Mail: Editable, layout-preserving quote island when replying
• Mail: Surface the most severe SPF result and hide the "via" badge on spoofed mail
• Calendar: Per-viewer colors for shared calendars (#345)
• Filters: Extended filter rules — attachment field and multi-value conditions
• Settings: New built-in themes — Aurora Glass and Elastic
• Settings: Theme cards render as a mini mailbox mockup from theme colors, with light/dark variant chips
• Plugins: Localizable sandboxed plugins (manifest locales + api.i18n.t)
• Plugins: /api/translate proxy and email body exposed to plugins
• Admin: Toggle for search-engine indexing (robots)
• Admin: passwordHashFile in admin.json
• Admin: sessionSecretFile and oauthClientSecretFile for file-based secrets in JSON config
• PWA: Configurable install screenshots (per-domain)
• i18n: Hungarian locale support

Fixes

• Files: Store Files as real FileNode hierarchy, migrate legacy flat-named files on load, and list folders via FileNode/get so they are visible (#379)
• Files: Treat a blob-less FileNode as the only folder signal and migrate legacy dir-markers
• Mail: Empty Trash for shared and group folders (#387)
• Mail: Move mail from a shared group inbox to a personal inbox (#375)
• Mail: Preserve the HTML signature when sending a quick reply
• Mail: Stop body clipping under the fold when the email sets html/body height: 100%
• Mail: Drop single-letter R:/I: subject prefix tokens and deduplicate localized reply/forward prefixes
• Mail: No more 404 console spam for missing sender favicons
• Auth: Discover OIDC metadata server-side to avoid CORS failures (#382)
• Send: Route the Sent copy to the shared-mailbox account on per-identity send
• Routing: Honour basePath in the plugin sandbox, http.post proxy, and branding
• i18n: Localize the PWA install prompt, reply/forward quote header (incl. sender address), <html lang>, and per-locale <head> description; add missing settings.folders.role_memos key
• Themes: Plugin slot iframes inherit host font and color tokens
• Theme: Gate preview "open in new tab" on inline-safe MIME types
• Appearance: Move Themes settings into the Appearance category with a distinct tab icon; clicking the active theme is a no-op
• UI: Fix invisible dark-mode borders (border token collided with secondary)
• UI: Remove the 16px empty strip beside the collapsed sidebar
• UI: Align top bars to a uniform h-14 height and the account selector header to the search/reply toolbars
• UI: Close pane gaps by centering the resize handle on the seam
• Settings: Fix section gears permanently hijacking the active tab

1.7.2 (2026年05月28日)

Features

• Mail: Scheduled send and send delay (#322)
• Mail: Drag emails out to the file explorer as .eml
• Mail: Import emails from .zip archives
• Mail: "Move to Trash and mark as read" delete action (#323)
• Mail: Include group inboxes in the unified mailbox view (#328)
• Mail: Locale-aware date format in the email list with a preset picker (#331)
• Mail: Allow drag-and-drop into shared mailboxes
• Composer: Ctrl/Cmd+Enter sends the open draft
• Settings: New Downloads tab with template editor for .eml and attachment filenames
• Settings: Filename transform settings and an ASCII-only "date (from-to) subject" template
• Settings: Post-export action (keep / archive / trash)
• Settings: Template for multi-email .zip filenames
• Admin: Per-domain branding editor with overrides on /api/config, manifest, and PWA icon (#332)
• Admin: Policy-controlled push relay URL with optional user lock
• i18n: NEXT_PUBLIC_DEFAULT_LOCALE for fallback UI locale (#243)

Fixes

• Mail: Editable HTML signature in new mail; clean state on every compose entry (#329)
• Mail: Report real upload progress with XHR progress events (#333)
• Mail: Restore blob: in object-src and frame-src CSP for PDF/HTML previews
• Mail: Match user-avatar treatment on quick reply
• Email viewer: Stop shattering table cells with word-break: break-word
• Composer: Scope Ctrl/Cmd+Enter send to the focused composer
• Composer: Stop closing the form when editing any field
• Pro: Keep the empty viewer pane visible in the split layout
• Pro: Prevent an empty main pane when reordering tabs across panes
• Mobile: Collapse focus mail layout to multi-line
• Mobile: Keep a gutter on bare-HTML and plain-text emails
• Calendar: Align continued multi-week events with the week's left edge
• Calendar: Show the end date in the event popover for multi-day events (#318)
• Calendar: Convert recurrenceRules to singular in batch create
• Calendar: Handle malformed event dates (#316)
• Files: Stop URL-encoding drag-out filenames and preserve Unicode letters
• Routing: Prefix remaining <img>, favicon, and WebDAV URLs with basePath (#319)
• Routing: Prefix hand-written URLs with basePath for subpath deployments
• Auth: OAUTH_ALLOW_PRIVATE_ENDPOINTS for split-DNS setups

i18n

• Add missing translation keys across 16 locales

1.7.1 (2026年05月22日)

Features

• Admin: Expose PWA branding fields in the admin Branding tab
• Pro: Hide empty-state placeholder and collapse the viewer pane in Pro mode so the mail list fills the space

Fixes

• Mail: Preserve inline images when replying (#163)
• Filters: Use the canonical INBOX mailbox in Sieve filter paths (#313)
• Mail: Resolve destination account id to the local namespace on cross-account mailbox drop

1.7.0 (2026年05月21日)

New: Pro mode (experimental)

Opt-in tabbed multi-pane interface for power users. Open multiple mail, calendar, contacts, and file views side-by-side, drag tabs to reorder or split panes at the edges, and work across all logged-in accounts in one shell, cross-account email moves, a unified inbox with search, account-split calendar/contacts/files sidebars, and a per-account "From" dropdown in the composer. Enable from Settings → Appearance; the proInterface preference is per-device and not synced.

Pro mode is experimental and we need your feedback to shape it. If something feels off, breaks, or is missing, please don't hesitate to open an issue or start a discussion on GitHub!

Breaking Changes

• Plugins: Plugins now run inside a null-origin iframe sandbox and talk to the host over a postMessage RPC bridge. The in-process plugin runtime is gone; the bundled in-tree plugins have been migrated. Third-party plugins built against the old in-process API need to be ported to the sandboxed runtime.
• Plugins: Server-managed bundles must be Ed25519-signed by the host and approved by an admin before they load. The host public key is served from /api/plugin-signing-pubkey and each bundle response carries the signature in the X-Bundle-Signature header. User-uploaded bundles still load unsigned, but managed marketplace and dev-folder bundles do not.
• Plugins: bundleHash is now a full SHA-256 over the bundle. Legacy short hashes are migrated on first load; any out-of-band tooling that pinned the old hash format needs to be updated.

Features

• Pro: Tabbed shell with drag-to-reorder, drag-to-edge to split, side-by-side panes, and pane-aware responsive layout with a scoped sidebar overlay
• Pro: Auto-redirect to the Pro shell when Pro mode is on; proInterface is kept per-device instead of syncing
• Pro: Multi-account mail sidebar with client routing and a per-account mailbox cache
• Pro: Unified mailbox always visible, with full-text search
• Pro: Cross-account email moves
• Pro: Multi-account calendar sidebar split into owned vs shared per account
• Pro: Multi-account contacts and a cross-account file picker
• Pro: Composer From dropdown grouped by account
• Plugins: Per-plugin admin approval workflow with Ed25519 bundle signing verified on load
• Plugins: Marketplace update flow for installed plugins and themes
• Setup: Allow the setup wizard over plain HTTP with a dismissable warning gate
• Setup: Warn when the JMAP URL points at a local-only host
• Account: List and reorder logged-in accounts from settings (#282)
• Mail: Mobile handoff page with JMAP authentication verification for cross-device OAuth
• Mail: Pluggable reply/forward quote header (#295)
• Calendar: Support multiple flexible event reminders (#170)
• Admin: Expose PWA, app identity, and extension directory keys in the JSON config (#312)
• Admin: Surface OAuth scope settings and wire up orphaned admin policy gates

Security

• Plugins: Pin parent origin in the iframe bridge to block cross-frame postMessage
• Plugins: Ignore plugin-supplied target in ui.openExternalUrl to block host-frame hijack
• Plugins: Validate plugin/theme id in marketplace install to block path traversal
• Plugins: Prevent plugin config from leaking to non-admin users
• Admin: Gate admin routes against cross-origin CSRF
• Auth: Bind Stalwart auth context to the credential, not the cookie-claimed username
• Auth: Validate OAuth discovery endpoints against SSRF
• Mail: Tighten HTML sanitization at plain-text email, signature, and i18n render sites
• Mail: Block script-bearing MIME types from inline attachment preview
• Mail: Escape print-window fields and re-sanitize body to block XSS
• S/MIME: Stop persisting passphrases in sessionStorage
• API: Correct regex for valid API POST path validation

Fixes

• Mail: Serialize draft autosave with send to stop replies stalling in Drafts (#303)
• Mail: Omit empty cc/bcc from Email/set so the server does not emit a bare Cc: header (#301)
• Mobile: Allow adding contacts from the mail recipient popover (#306)
• Mobile: Prevent dual-scroll and use full width for mail content
• Mobile: OAuth handoff flow
• Calendar: Scope iCal subscriptions per JMAP account; fix refresh and clear
• Calendar: iCal subscription refresh, rollback, and URL normalization
• Calendar: Show avatars in the calendar/address book sharing menu
• Contacts: Normalize malformed contact photo data URIs (#307)
• Identity: Clear identity signature fields when emptied
• Identity: Show size cap on identity signature fields
• Identity: Allow table-based layouts in the HTML signature sanitizer
• Plugins: Load globals.css and Geist font in the plugin sandbox iframe
• Plugins: Sync plugin slot iframe height with reported content height
• Plugins: Use plugin slot offer snapshots for useSyncExternalStore
• Plugins: Trust the directory version on marketplace install and update
• Filters: Prevent duplication of Bulwark rules with literal braces in values
• Setup: Defer setup wizard HTTP detection to avoid hydration mismatch
• Routing: Anchor unmatched URLs into main so 404 renders
• Routing: Respect server-resolved locale on first visit (#309)
• Routing: Split app into (main)/(sandbox) route groups so the plugin iframe hydrates properly
• Files: Stop parent directory navigation from jumping to root
• Build: Stop pulling node:dns into the client bundle via OAuth discovery
• UI: Toggle recipient popover when clicking the name again
• UI: Remove white halo around photo avatars

i18n

• Add missing translation keys across 16 locales

1.6.7 (2026年05月17日)

Features

• Contacts: vCard 4.0 parsing and generation support
• Admin: Master-user impersonation route with app-top-banner plugin slot rendered on every authenticated page
• Admin: Allow admin password overwrite during setup recovery
• Setup: HTTPS requirement warning in the setup wizard
• Mobile: Show details toggle and expandable panel for sender info

Performance

• Calendar: Speed up calendar invitation banner load

Security

• Mail: Sandbox thread email HTML in srcDoc iframe with a CSP <meta> tag
• Admin: Redact sensitive config secrets from the admin API response
• Admin: Make impersonation cookies session-only

Fixes

• Auth: Read OAUTH_SCOPES at runtime instead of build time
• Auth: Use a relative Location header in redirects
• Auth: Adopt orphan session cookie on first SPA load
• Mail: Per-account push subscriptions so multi-account notifications work (#298)
• Mail: Close attachment preview when clicking outside the content area
• Mail: Pin quick reply to the bottom for short emails
• Mail: Show "no body content" instead of an infinite skeleton for bodyless emails
• Mail: Show contact popup when clicking the sender name in the email header
• Mail: Prevent long addresses from overflowing email details columns (#297)
• Mobile: Align quick reply with the mobile bottom toolbar
• Mobile: Respect safe-area insets on mobile bottom bars
• Mobile: Pad safe-area-inset-top
• UI: Apply dark background to the email content wrapper in dark mode
• UI: Improve dark mode background colors in the email viewer
• UI: Add viewport export with initialScale: 1
• UI: Strip the Stalwart master-user % suffix from the displayed account
• Plugins: Warn and block install when the app version is below the plugin's minAppVersion
• Plugins: Register app-top-banner in plugin-store SLOT_NAMES
• Plugins: Carry configSchema + settingsSchema through marketplace install
• Build: Add outputFileTracingExcludes to reduce Turbopack memory tracing

i18n

• Add missing translation keys across 16 locales

1.6.6 (2026年05月15日)

Features

• Mail: Sync onboarding completion state across devices so the welcome flow only runs once per account (#285)
• Mail: Distinct icons for Shared, Important, Memos, Scheduled, and Snoozed folders (#288)
• Compose: Raise HTML identity signature length cap to 50,000 characters
• Compose: Allow <img> tags in HTML identity signatures for inline logos and banners

Fixes

• Files: Hide Files settings entry and sidebar nav when the filesEnabled policy is off (#291)
• Admin: Honor the cookieSameSite admin config override instead of always defaulting (#284)
• UI: Standardize punctuation in tooltips and inline comments across locales

i18n

• Add Danish localization
• Clean up Danish locale wiring and sort the language picker alphabetically (#286)

1.6.5 (2026年05月13日)

Features

• Protocol: Register as the system handler for mailto: and webcal: links from a new protocol handler settings page
• Protocol: Account picker for protocol links when multiple accounts are connected
• Protocol: Import-or-subscribe choice for detected webcal calendars
• Protocol: Reuse the open PWA/session for mailto: links instead of always opening a new tab
• UI: Route account avatars through the shared Avatar component for consistent fallbacks (#278)

Fixes

• Calendar: Support HTTP basic auth in iCal subscription URLs (#275)
• Admin: Honor admin-uploaded favicon in root metadata (#274)
• Admin: Honor NEXT_PUBLIC_BASE_PATH in admin sidebar nav links (#271)
• UI: Broaden body font stack so Thai (and other non-Latin scripts) render correctly in subjects, sender names, and other chrome (#265)

1.6.4 (2026年05月11日)

New: Web Setup Wizard

First-launch web setup wizard. New installs no longer need to hand-edit .env.local - point a browser at the container and the wizard probes the JMAP server(s), configures OAuth/OIDC, generates the session secret, accepts branding uploads, and provisions the initial admin password. Admin storage is now split into ADMIN_CONFIG_DIR (operator-authored, mountable read-only after setup) and ADMIN_STATE_DIR (runtime audit log and login timestamps); the legacy ADMIN_DATA_DIR keeps working for existing installs.

Features

• Setup: Web setup wizard with multi-step flow: Server, Auth, Security, Logging, Branding, Review, Admin
• Setup: Admin config/state directory split with optional ADMIN_CONFIG_READONLY for immutable deployments (#226)
• Setup: File uploads on the wizard branding step
• Setup: Redesigned review step with grouped summary and an advanced toggle for the full config
• Setup: Require explicit confirmation when JMAP probe finds no session
• Mail: Drag attachments out of the viewer to the local file system (#267)
• Mail: Reading Pane at Bottom mail layout (#262)
• Mail: Configurable signature position – above or below quoted text (#266)
• Mail: Signature position is now searchable from the email behavior settings
• Mail: Show avatar in Focused list for compact density and above
• Mail: Align Focused list preview with other layout previews
• Compose: From-header override in the composer with catch-all auto-reply, replies to an alias on a domain you own pre-fill the alias as the sender even when it isn't a configured identity (#246)

Performance

• Mail: Prefetch initial email data on login
• Auth: Parallelize login round-trips and drop redundant JMAP re-verify

Fixes

• Auth: Skip upstream JMAP reverify for trusted URLs (#237)
• Auth: Show account identity in the switcher header instead of the sending alias
• Compose: Fall back to the primary identity signature on reply
• Setup: Drop redundant first-login banner about removing ADMIN_PASSWORD (#222)
• UI: Consistent notice cards for server probe results

i18n

• Add missing translation keys across 15 locales

1.6.3 (2026年05月08日)

Features

• Mail: Lift 5-account cap on HTTP/2
• Mail: Import .eml files via folder right-click menu

Fixes

• Mail: Trim leading whitespace from email list preview
• Mail: Fall back when only the truncation indicator remains in email preview
• Mail: Hide files/contacts nav items when JMAP server lacks support
• Viewer: Preserve emoji colors in dark mode
• Viewer: Prevent white-on-white in dark mode for nested bgcolor containers
• Viewer: Render plain-text-only emails as text, not HTML
• Viewer: Render HTML-only emails and redesign external content prompt
• Viewer: Pad Word/Outlook HTML email rendering
• Compose: Redesign quick reply to match sender/banner layout
• Compose: Disable StarterKit's bundled link/underline to avoid duplicate extensions
• Sharing: Request shareWith explicitly so calendar/address book shares survive a re-login (#257)
• UI: Strip leading punctuation when computing avatar initials
• Mobile: Hide email hover actions

i18n

• Add missing translation keys across 15 locales

1.6.2 (2026年05月06日)

Features

• Plugins: Hot-reload and dev-folder loading for live plugin development
• Plugins: On-demand src/ bundling via esbuild
• Plugins: New http:fetch permission and httpOrigins manifest field
• Plugins: onBeforeEmailSend hook with fromEmail exposed on OutgoingEmail
• Plugins: Project EmailReadView for the email-banner slot and expose auth results
• Plugins: Ingest icon, banner, and screenshots from the source repo
• Plugins: Restrict plugin and theme install/uninstall to the admin dashboard
• Mail: Multi-server JMAP support
• Settings: Fulltext search across the settings sidebar
• Settings: Sub-result rows with highlight in settings search
• Settings: Surface plugin settings as search sub-results
• Settings: Remove experimental tags from themes, plugins, and sender favicons
• Viewer: Redesigned external-mail banner above attachments
• Calendar: Calendar invitation banner expands on row click
• Calendar: Calendar invitation banner is now collapsible

Fixes

• Admin: Collapse admin panel into a single tabbed page
• Plugins: Inline plugin configure panel to avoid dev-mode hang
• Plugins: Resolve PLUGIN_DEV_DIR plugins in admin config route
• Plugins: Add missing body type assertion in createPluginAPI fetch options
• Plugins: Propagate settingsSchema
• Settings: Highlight plugin and theme cards in search results
• Settings: Open plugin card on first click of a setting sub-result
• Settings: Drop ghost sub-results from account and language search
• Settings: Improve search highlight styling
• Viewer: Show notification banners above attachments
• Viewer: Rework S/MIME banner to match calendar invitation
• Viewer: Close PDF preview on Escape before email viewer
• Viewer: Render PDF previews via <object> with blob: in object-src CSP (#253)
• Calendar: Align invitation icon with sender avatar column
• Calendar: Fix invitation picker clipping (#250)
• Auth: Read activeAccountId from authStore in account selectors
• UI: Adjust toast item border radius and progress bar styles
• UI: Remove fly-in animation from context menu submenus
• i18n: Add missing Czech flag icon

i18n

• Add missing translation keys across 15 locales