You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by Oliver Lietz <ap...@oliverlietz.de> on 2021/12/13 17:01:15 UTC
[ANN] Apache Sling Commons Messaging Mail 2.0.0 released
The Apache Sling team is pleased to announce the release of Apache Sling
Commons Messaging Mail 2.0.0
Commons Messaging Mail provides a simple layer on top of Jakarta Mail 2.0
including a message builder and a service to send mails via SMTPS.
This is the very first release of Apache Sling which is using the new Jakarta
namespace.
https://github.com/apache/sling-org-apache-sling-commons-messaging-mail
This release is available from https://sling.apache.org/downloads.cgi
Building from verified sources is recommended, but convenience binaries are
also available via Maven:
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.commons.messaging.mail</artifactId>
<version>2.0.0</version>
</dependency>
Release Notes:
- Switch to Jakarta Mail and Activation APIs
- Support for arrays and collections of addresses in MessageBuilder
- Improved Header parameters support
- Support for server identity check (checks are enabled by default)
- Dedicated Properties and Session per SimpleMessageBuilder instance
- Various updates and code checks
A security issue ("SMTPS server hostname not checked when making TLS
connection to SMTPS server") was reported by Michael Lescisin and accepted by
the project. The issue is tracked as CVE-2021-44549.
The SimpleMailService in Commons Messaging Mail 1.0 lacks an option to enable
server identity checks for the shared mail session.
A user could enable these checks nevertheless by accessing the session via the
message created by SimpleMessageBuilder and setting the property
mail.smtps.ssl.checkserveridentity to true.
- https://javaee.github.io/javamail/docs/SSLNOTES.txt
- https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html
- https://github.com/eclipse-ee4j/mail/issues/429
Enjoy!
-The Apache Sling team