search

stalwartlabs / mail-server

Secure & Modern All-in-One Mail Server (IMAP, JMAP, POP3, SMTP)
https://stalw.art
3.53k stars 135 forks source link

[enhancement]: Updated security audit #560

Open udf2457 opened 5 days ago

udf2457 commented 5 days ago

Which feature or improvement would you like to request?

As far as I can tell, your first (and only ?) security audit occurred in October 2023.

In the intervening period, there have been substantial changes in the code, one major piece being the web console in April 2024.

I hope there are plans for a fresh security audit ? The web interface in particular is clearly something that significantly increases rather than reduces the attack surface.

Is your feature request related to a problem?

I'm having a problem with...

Code of Conduct

mdecimus commented 4 days ago

Although I agree that regular security audits are necessary, the introduction of the web console just added a few new API endpoints but no new services. Stalwart had an HTTP listener since its first release in order to support JMAP and the CLI tool which uses the REST API.