[ANN] Apache Sling Commons Messaging Mail 2.0.0 released

[Oliver Lietz <ap...@oliverlietz.de>]

The Apache Sling team is pleased to announce the release of Apache Sling 
Commons Messaging Mail 2.0.0

Commons Messaging Mail provides a simple layer on top of Jakarta Mail 2.0 
including a message builder and a service to send mails via SMTPS.

This is the very first release of Apache Sling which is using the new Jakarta 
namespace.

https://github.com/apache/sling-org-apache-sling-commons-messaging-mail

This release is available from https://sling.apache.org/downloads.cgi

Building from verified sources is recommended, but convenience binaries are
also available via Maven:

<dependency>
  <groupId>org.apache.sling</groupId>
  <artifactId>org.apache.sling.commons.messaging.mail</artifactId>
  <version>2.0.0</version>
</dependency>
 
Release Notes:

- Switch to Jakarta Mail and Activation APIs
- Support for arrays and collections of addresses in MessageBuilder
- Improved Header parameters support
- Support for server identity check (checks are enabled by default)
- Dedicated Properties and Session per SimpleMessageBuilder instance
- Various updates and code checks


A security issue ("SMTPS server hostname not checked when making TLS 
connection to SMTPS server") was reported by Michael Lescisin and accepted by 
the project. The issue is tracked as CVE-2021-44549.

The SimpleMailService in Commons Messaging Mail 1.0 lacks an option to enable 
server identity checks for the shared mail session.
A user could enable these checks nevertheless by accessing the session via the 
message created by SimpleMessageBuilder and setting the property 
mail.smtps.ssl.checkserveridentity to true.

- https://javaee.github.io/javamail/docs/SSLNOTES.txt
- https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
- https://github.com/eclipse-ee4j/mail/issues/429

Enjoy!

-The Apache Sling team