Commit log

3f9afa0 docs: update feature screenshots (#1018)

Floatpane Bot created

bd85ddb ci: exclude preview tags (#1019)

Drew Smirnoff created

6ce2588 chore: use strings.Builder (#1016)

Mohamed Mahmoud created

a4c620b ci: exclude all prereleases (#1015)

Drew Smirnoff created

88e0cb5 ci: use @floatpanebot token (#1014)

Drew Smirnoff created

3aeea9d ci: use base repo (#1014)

Drew Smirnoff created

3e32431 ci: GH_TOKEN to use github.token (#1014)

Drew Smirnoff created

75b9cc6 ci: build prerelease (#1014)

Drew Smirnoff created

b523fb7 ci: add /build command (#1013)

Drew Smirnoff created

8ecde2d ci: use renovate github action (#1009)

Drew Smirnoff created

a4734a1 feat: split panes (#1006)

Click to expand commit body
Co-authored-by: Andriy Chernov <andriy@floatpane.com>
Co-authored-by: Lea <lea@floatpane.com>
Co-authored-by: Steve Evans <steve@floatpane.com>

Drew Smirnoff , Andriy Chernov , Lea , and Steve Evans created

c99d66d chore: update website (#858)

Drew Smirnoff created

6f8d0e0 chore: clean up gitattributes (#857)

Drew Smirnoff created

793e9a2 chore: remove stb_image from linguist (#856)

Click to expand commit body
## What?

<!-- Describe what this PR changes. Keep it concise — what code was
added, removed, or modified? -->

## Why?

<!-- Explain the motivation behind this change. What problem does it
solve, or what addition does it enable? Link related issues if
applicable. -->

Signed-off-by: drew <me@andrinoff.com>

Drew Smirnoff created

cbe3735 fix: remove html from linguist (#854)

Drew Smirnoff created

3070659 feat: mailto support and swift lib (#852)

Click to expand commit body
Co-authored-by: Lea <lea@floatpane.com>

Drew Smirnoff and Lea created

fd781ce feat: per-account email signatures (#847)

Click to expand commit body
Co-authored-by: drew <me@andrinoff.com>

Daniel Purnomo and drew created

2d9ee39 fix: unchecked error on ReadAll (#851)

Click to expand commit body
Co-authored-by: gittihub-jpg <rico@springer-mail.net>

Drew Smirnoff and gittihub-jpg created

5c7fec7 fix: change the language dynamically (#843)

Drew Smirnoff created

77f53a8 docs: add public and developer docs (#844)

Drew Smirnoff created

ce43417 feat: localization (#842)

Click to expand commit body
## What?

<!-- Describe what this PR changes. Keep it concise — what code was
added, removed, or modified? -->

Adds support for several languages, with easy-to-manage JSON format.

Includes a new library `github.com/floatpane/matcha/i18n` a self-written
library by us.

## Why?

<!-- Explain the motivation behind this change. What problem does it
solve, or what addition does it enable? Link related issues if
applicable. -->

Users would like support across their favorite languages.

---------

Signed-off-by: drew <me@andrinoff.com>
Co-authored-by: Lea <lea@floatpane.com>
Co-authored-by: Steve <steve@floatpane.com>
Co-authored-by: Andriy Chernov <andriy@floatpane.com>

Drew Smirnoff , Lea , Steve , and Andriy Chernov created

dda7a7c feat: add no-header flag to csv export (#841)

A-R-Narke created

b9b582c fix: add timeout to HTTP client (#835)

Daniel Purnomo created

61c24ed docs: update feature screenshots (#829)

Floatpane Bot created

74012a0 docs: update demo.gif (#828)

Floatpane Bot created

7f01c99 fix: encryption settings not working (#827)

Drew Smirnoff created

8c9af39 fix: load folders from cache (#826)

Drew Smirnoff created

630be6a fix: check io.ReadAll errors (#713) (#726)

Click to expand commit body
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>

Matt Van Horn and Matt Van Horn created

8d2aebd fix: limit filename length (#825)

Click to expand commit body
Co-authored-by: Daniel Purnomo <danielpurnomo100@gmail.com>

Drew Smirnoff and Daniel Purnomo created

462d670 fix: validate port range (#823)

Daniel Purnomo created

90e4de2 ci: add check for length (#824)

Drew Smirnoff created

e4026e2 ci: fix screenshots workflow (#822)

Drew Smirnoff created

8727d8f fix: use local time, and highlight dates (#749)

Drew Smirnoff created

8cfd372 fix: use atomic increment for image ID allocation to prevent race condition (#748)

Daniel Purnomo created

918fa9b chore(deps): update actions/github-script action to v9 (#745)

Click to expand commit body
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

renovate[bot] and renovate[bot] created

0369c9a fix: sanitize attachment filename to prevent path traversal (#743)

Click to expand commit body
What?

Added sanitizeFilename() function and applied it to the attachment download path in main.go. The function:

    Strips path components via filepath.Base()
    Replaces remaining path separators (/, \) and .. sequences with _
    Rejects hidden files (names starting with .) and empty names, falling back to "attachment"

Why?

Fixes #725
Fixes #642

Attachment filenames come from untrusted email headers. Without sanitization, a malicious filename like ../../../etc/passwd passed to filepath.Join(downloadsPath, candidate) could write files outside the Downloads directory. This is a path traversal vulnerability that could overwrite arbitrary user files.
Testing

    16 table-driven test cases covering Unix traversal, Windows traversal, hidden files, empty names, unicode, absolute paths, and chained traversal
    Additional test verifying no sanitized output ever contains path separators
    go build . — compiles clean
    All tests pass

Daniel Purnomo created

8ed36b9 ci: use regex to stop errors (#747)

Drew Smirnoff created

706be37 ci: add bot @floatpanebot (#746)

Drew Smirnoff created

e67e65e fix: enforce TLS 1.2 minimum version in IMAP and SMTP connections (#742)

Daniel Purnomo created

7fff665 fix(fetcher): replace fmt.Print with standard logger (#712)

Mohamed Mahmoud created

125208f feat(tui/login): add ctrl+v password visibility toggle (#685)

Click to expand commit body
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>

Matt Van Horn and Matt Van Horn created

c9da429 chore: refactor settings.go and improve UI (#683)

Drew Smirnoff created

13f8554 feat: daemon (#682)

Click to expand commit body
Co-authored-by: Steve Evans <steve@floatpane.com>
Co-authored-by: Lea <lea@floatpane.com>
Co-authored-by: Andriy <andriy@floatpane.com>

Drew Smirnoff , Steve Evans , Lea , and Andriy created

64dd05a docs: update demo.gif (#680)

github-actions[bot] created

3ef4ce9 chore: update flake.lock (#679)

github-actions[bot] created

4bbef7e feat: calendar events support (#678)

Drew Smirnoff created

29032fb Added Suggestions for Troubleshooting section in README.md (#677)

Danny Schönknecht created

6fc1eae fix: validate PGPKeySource field on config load (#676)

Matt Van Horn created

1cee418 fix: log keyring failures (#668)

Sai Asish Y created

a72f3bb fix: yubikey bounds-check (#666)

Sai Asish Y created