Release v0.2.5 · ruby/net-imap

Important

0.2.5 is the final release for the 0.2.x release series. Please upgrade to a newer version.

What's Changed

🔒 Security

This release backports two features to prevent unbounded memory use: the response_handlers keyword argument to Net::IMAP.new so response handlers can be added before the server can send any responses (#442), and the max_response_size config attribute (#447, GHSA-j3g3-5qv5-52mj, CVE-2025-43857, reported by @Masamuneee).

Note

The default max_response_size is nil (unlimited), to avoid backward compatibility issues with secure connections to trusted servers that are well-behaved. It can be configured more conservatively to guard against untrusted servers (for example, connecting to user-provided hostnames). It is the responsibility of net-imap users to configure their client appropriately for the server they are connecting to.

Added

✨ Add response_handlers option to new (backport) by @nevans in #442
- Backports #419, #427, and #438.
✨ Limit max_response_size (backport 0.2) by @nevans in #447
- Backports #444.

Documentation

📚 Add docs for receiver thread & server responses by @nevans in #440
- Backports #418 and #437.

Other Changes

♻️ Backport ResponseReader to v0.2 by @nevans in #443
- Backports #422, #433, #434, #435, and #439.

Miscellaneous

✅ Add modern ruby versions to CI by @nevans in #441

Full Changelog: v0.2.4...v0.2.5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v0.2.5