v2.67.1

2.67.1 (2026-04-17)

Bug Fixes

• detect IMAP drift that landed during an in-progress sync (8fece8a)
• improve translation quality across 6 languages (d7d338e)
• pin undici to 7.25.0 for Node 20 compatibility (3fa80db)

v2.67.0

2.67.0 (2026-03-31)

Features

• handle MS Graph 'missed' lifecycle event for Outlook notification recovery (d55f48c)
• show human-readable missing scopes on OAuth scope error page (4ee2365)

Bug Fixes

• add IMAP fetch retry timeout and harden passkey registration (3a1b61b)
• close command client proactively after subconnection setup (02d3687)
• correct translation errors and remove EmailEngine branding from OAuth scope error (9284ddd)
• use STATUS instead of NOOP as keepalive for 163.com IMAP (3b3516f)

v2.66.0

2.66.0 (2026-03-29)

Features

• add audit logging for admin authentication events (0ea15d4)
• add passkey (WebAuthn) authentication for admin login (a39b362)
• always use persistent sessions and support remember-me for passkey login (6a6fc74)
• show curl example for service account OAuth2 apps (4ab5eda)

Bug Fixes

• broken Handlebars script tag, Okta session fall-through, login rate limiting, and passkey schema validation (01e5721)
• clear passkey credentials on CLI password reset and document remember-me behavior (35f7f00)
• do not prefill login username field (59835a8)
• harden passkey auth, IMAP sync error handling, and login form UX (c16b983)
• harden passkey authentication with validation, rate limits, and audit logging (75dd289)
• login page divider logic, select() log level, and missing trailing newlines (97ff93e)
• normalize copy across login and security pages (60e132a)
• normalize sign-in/sign-out copy to sentence case (1ccfb16)
• per-IP passkey rate limiting and credential ownership check (2455cbe)
• prevent message event loss during IMAP sync under heavy load (ceb139b)
• prevent open redirects via next parameter and require password for passkey registration (0e7f52a)
• prevent unhandled promise rejections during mailbox sync (e6174de)
• reject OAuth2 grants with missing Google granular consent scopes (3f277d1)
• remove password hash from error logs and update passkey description copy (d28dd16)
• remove unnecessary min-height from login form (f16940d)
• resolve OAuth2 provider for delegated Outlook accounts (f35c816)
• update client-side Handlebars to 4.7.9 and harden passkey input validation (882891c)
• upgrade handlebars to 4.7.9 to resolve prototype pollution vulnerability (452f5f5)

Performance Improvements

• optimize mailbox listing for accounts with many folders (a39e5f7)

v2.65.0

2.65.0 (2026-03-23)

Features

• add Outlook Service (client_credentials) provider for app-only Microsoft 365 access (#587) (5f906cd)

Bug Fixes

• fix export TTL expiration, cancellation cleanup, and expose truncated field (019c05c)
• include failed jobs in /v1/outbox response (b393676)
• switch pkg targets from node22 to node24 to fix Windows builds (12522a7)

v2.64.0

2.64.0 (2026-03-16)

Features

• add configurable Gmail Pub/Sub subscription TTL setting (ca33e7f)
• add Gmail Subscriptions tab to OAuth config page (3bd30bf)

Bug Fixes

• add .catch() to fire-and-forget setMeta and track error fingerprints (672a03e)
• add lock to del() to prevent race with ensurePubsub, fix pubSubApp cleanup (27f2bdd)
• always notify webhook workers when Pub/Sub app config changes (e9f276a)
• auto-recover expired Gmail Pub/Sub subscriptions and expose status via API (7961ceb)
• avoid redundant Redis call and concurrent backfill races in Pub/Sub setup (05b02af)
• broaden Pub/Sub notification condition in oauth-routes.js (cbe1380)
• clean up Pub/Sub Redis keys on deletion, refresh stale instances, and localize UI labels (3b35fa1)
• clear stale pubSubFlag after restart and consolidate backfill push (f67961f)
• correct pubSubApp property name in del() and add cleanup tests (016ae0a)
• correct typo in Pub/Sub schema version log message (2cc8e08)
• eliminate redundant Redis ops in Pub/Sub pull loop and backfill (c8ebe39)
• fix lifecycle event races, lock TTL, and stale clearExisting in MS Graph subscriptions (3f3cbac)
• fix missing renewal retry, clock-skew gap, and incomplete pipeline error check (8a8b5b6)
• fix off-by-one retry cap and simplify MS Graph subscription code (aa9afbc)
• fix Pub/Sub deletion race, add 429 handling, batch ACKs, and lock ensurePubsub (744c354)
• fix retry boundary, lock races, and dropped lifecycle events in MS Graph subscriptions (d62741d)
• fix silent 401/403 error suppression, floating promise, and recovery loop in Pub/Sub (406211c)
• fix stale subscription state blocking recovery and retry count persisting across reconnects (60b77d5)
• fix subscription loss on subscriptionRemoved, lifecycle webhook timeout, and retry gaps (62988ab)
• guard fire-and-forget setMeta calls and add Pub/Sub graceful shutdown (45f7b64)
• guard releaseLock against undefined, add 429 handling to Pub/Sub deletion (d67ebe1)
• handle TimeoutError from AbortSignal.timeout in Pub/Sub pull loop (c0e3036)
• harden MS Graph subscription lifecycle, locking, cleanup, and error recovery (8210056)
• harden Pub/Sub deletion, IAM policy, and worker timeout cleanup (0be7c3e)
• harden Pub/Sub pull loop resilience and fix projectId typo (8124328)
• harden Pub/Sub pull loop, message ACK, list pairing, and shutdown cleanup (9e9775f)
• harden Pub/Sub pull loop, worker coordination, and OAuth app lifecycle (529b705)
• harden Pub/Sub shutdown, loop scheduling, and abort lifecycle (71b3ab4)
• harden Pub/Sub shutdown, transient error handling, and input validation (cfc6e0b)
• localize error page strings using translation helper (609ebb9)
• move pubsub status from unauthenticated /health to GET /v1/pubsub/status (f6597ad)
• prevent oscillating recovery loop for Pub/Sub apps missing googleProjectId (8bdbc39)
• reduce Pub/Sub recovery log noise and respect backoff delay (63cd78f)
• remove dead circuit breaker code from IMAP and webhooks workers (da9295b)
• remove Pub/Sub circuit breaker, fix 401/403 recovery handling (b7017f3)
• reorder OAuth app deletion to prevent pull-loop gap, add startLoop tests (129f96c)
• replace custom Redis locks with ioredfour in Outlook subscription code (019eaa1)
• resolve lint errors, fix TTL null guard, and extract Pub/Sub constants (4949431)
• resolve livelock, timeout, and state corruption in MS Graph subscription lifecycle (745334e)
• retry transient errors during Pub/Sub resource deletion and log dropped messages (b9d9de5)
• show OAuth apps with failed Pub/Sub setup in subscriptions list (14124cd)
• stop Pub/Sub instances on OAuth2 app deletion and harden lifecycle (bc0ff75)
• surface TTL reconciliation failures to operators via ttlWarning meta flag (6e5d5c5)
• update imapflow to 1.2.15 to fix unhandled rejection crashes (494a3f8)

v2.63.4

2.63.4 (2026-03-09)

Bug Fixes

• guard null imapClient dereferences during async operations (671bcee)
• prevent null dereference crash in getImapConnection during connection drops (6a356fd)
• throw instead of silent return in select() null guard, revert redundant optional chaining (cb7db50)
• update tests for getCurrentListing null guard changes (a644f9c)

v2.63.3

2.63.3 (2026-03-05)

Bug Fixes

• handle undici HeadersTimeoutError as transient in Pub/Sub and OAuth2 paths (8b3b698)
• prevent IMAP worker crash on ImapFlow unhandled rejection during IDLE recovery (86ebb02)
• prevent transient network errors during OAuth2 token refresh from being misclassified as auth failures (38fa212)
• retry transient network errors in Gmail and Outlook API request functions (08ea0da)
• treat DNS errors as transient in Google Pub/Sub polling loop (ec33673)

v2.63.2

2.63.2 (2026-03-03)

Bug Fixes

• harden static file route with path confinement and pkg-only guard (19cd5f6)
• prevent EISDIR crash on static subdirectory requests in pkg (4d5ef81)
• prevent infinite loop and add retry backoff in account assignment (f8b9e53)

v2.63.1

2.63.1 (2026-02-26)

Bug Fixes

• handle non-numeric error codes from Microsoft Graph in OAuth callback (#580) (89fd9f7)
• prevent EISDIR crash on /static directory requests (5b9c2db)
• remove dead redirectToSlash option from static directory handler (f90339a)
• validate fallback status codes in resolveOAuthErrorStatus (d2b49e3)

v2.63.0

2.63.0 (2026-02-19)

Features

• flag nested message/rfc822 attachments with encodedInMessage property (7e51024)

Bug Fixes

• prevent permanently lost accounts after worker crashes (3deabb5)