Recent releases for mailvelope

mailvelope v0.13.0b10

2015-03-12T08:43:50+00:00

- Fix decrypt animation of editor

mailvelope v0.13.0b11

2015-03-31T14:00:46+00:00

- Add quota limit for attachments to client API - Establish demo page for client API at: https://demo.mailvelope.com - Log user actions in embedded components and display indicator as badge of the addon toolbar icon - Add multiple file upload functionality

mailvelope v0.13.0

2015-04-14T17:14:31+00:00

- Finalize Client-API v1: http://mailvelope.github.io/mailvelope/ - Optimize attachment styling - Support for multiple keyrings - Update mailreader to v0.4.0 - Fix attachment upload bug in FF - Replace security token with security background - Small screen-optimization for settings - Automatically set primary key at key generation and key import - Set auto adding of the primary key by default - Redesign password entry and import key dialogs - [Security] Encode attachment filename - [Security] Update DOMPurify to 0.6.1, use jQuery output option - Fix endless loop in armored block detection on the mail client page - [Security] Update OpenPGP.js to v0.11.1, fix bug in DSA signature verification - [Security] Add noreferrer to external links - [Security] Check for ambiguous keyIds on key import - [Security] Validate key and user IDs of signatories - [Security] Open all links in message body in new window - [Security] Set charcode in sandboxed iframes - Localization updates - Sign Firefox XPI packages - Fix decoding of MIME messages with transfer encoding: 8bit - Redesign browser action menu - Limit on/off action to non client-API controls (Firefox) - Establish new Firefox download link: https://download.mailvelope.com/releases/latest/mailvelope.firefox.xpi - Add De-Mail providers to default list of supported mail providers - UI to set custom security background - Establish demo page for client API at: https://demo.mailvelope.com - Log user actions in embedded components and display indicator as badge of the addon toolbar icon - Add multiple file upload functionality

mailvelope v0.13.1

2015-04-15T15:31:58+00:00

- Fix empty list of recipients due to bug in primary key setting - Fix positioning of sign/encrypt dialogs - Update OpenPGP.js to 1.0.1

mailvelope v0.13.2

2015-08-10T15:15:18+00:00

- Update OpenPGP.js to 1.2.0 - Custom icon color for security background

mailvelope v1.0.0

2015-08-19T08:43:46+00:00

- API: sign PGP/MIME messages - API: support for signature verification in the decrypt container - Set password cache to on by default (30 min) - Deprecate Firefox 31 support - Improve attachment decrypt performance (Firefox) - Auto select right keyring when opening the settings - Inject content scripts in all open tabs on installation of extension - API: register handlers to allow backup and restore of keys and public keyring synchronization - API: validateKeyForAddress method returns fingerprint and lastModified date - API: add container to create symmetrically encrypted key backup and recovery sheet - API: add container to restore key and password - API: add container to generate key - API: display key details in the key import dialog - API: fix editor quota limit calculation - [OpenPGP.js] Generate keys with multiple user IDs - [OpenPGP.js] Use Web Crypto API to generate keys (Firefox) - Show reason of password request in password dialogs - Many style fixes and layout improvements

mailvelope v1.0.1

2015-08-24T09:07:54+00:00

- Fix false positives from Mozilla signing review

mailvelope v1.0.2

2015-08-26T08:44:18+00:00

- Fix spinner for large messages in reply scenario

mailvelope v1.1.0

2015-09-18T12:37:47+00:00

- Editor container supports keepAttachment flag for message forwarding scenarios - Fix race condition on attachment upload that can lead to lost attachments - Ignore null values in API type checker - [OpenPGP.js] Support plain email address in user IDs of keys

mailvelope v1.2.0

2015-10-05T10:31:32+00:00

- API: trigger disconnect event on extension update - API: add confirm parameter to key generate method to allow rejecting key if public key upload fails - Fix Mailvelope editor button in certain mail providers - [Security][OpenPGP.js] Fix S2K to prevent decryption of malformed private key backup messages

mailvelope v1.2.2

2015-10-16T14:45:28+00:00

- Fix key generation activity indicator (Firefox) - Don't show recovery sheet when backup upload fails

mailvelope v1.2.3

2015-10-28T11:27:59+00:00

- [OpenPGP.js] Enforce integrity protection only for modern ciphers, fix compatibility issues

mailvelope v1.3.0

2015-11-27T16:43:37+00:00

- API: create and restore drafts in the editor container - Grunt task to build crx packages for Chrome - Strict check on packet structure for private key restore - Pseudo-revoke mechanism to allow mail provider to invalidate keys - Update DOMpurify to 0.7.3

mailvelope v1.3.1

2015-12-07T11:09:05+00:00

- Increment patch version to allow new upload to Mozilla signing process

mailvelope v1.3.2

2015-12-15T16:55:50+00:00

- [Security] Fix XSS via HTML file download link

mailvelope v1.3.3

2016-01-07T19:05:37+00:00

- Update watchlist for Outlook.com - Activate API for Posteo - Log API encryption operations - Always sign editor drafts - Add mail.ru to list of supported mail providers

mailvelope v1.3.4

2016-01-23T17:23:26+00:00

- Fix editor flexbox rendering for Chrome 48 - Use name-addr format if no name provided in userid at key generation - Add language file for Ukrainian

mailvelope v1.3.6

2016-02-24T13:20:39+00:00

- Update to latest email.js components - Port Firefox add-on to jpm build tool

mailvelope v1.4.0

2016-05-09T10:42:37+00:00

- Implement HKP key search and import - File encryption support - Add mocha unit test infrastructure - Localize recovery sheet for key backup - Show key ID in sign message dialog - Redesign key import UI - Update OpenPGP.js to v1.6.0 - Update bower dependencies: jQuery to 2.2.1, DOMPurify to 0.7.4 - Bugfixes

mailvelope v1.5.1

2016-07-08T17:27:55+00:00

- Introduce provider specific content scripts to optimize integration of Mailvelope and webmail client (non-API case) - New workflow for key selection in the Mailvelope editor: select recipients with their email address. Email autocomplete feature from all email addresses in local keyring. - Transfer recipient email address to Mailvelope editor and back to webmail client (Gmail only) - Refactoring of controllers, add unit test framework, unit tests for controllers and Mailvelope editor - Use Angular.js for new UI components - Implement TOFU key lookup using new Mailvelope key server: [keys.mailvelope.com](https://keys.mailvelope.com/) - Add option to upload public key on key generation to key server - Increase minimum required version: Chrome 49, Firefox 45

mailvelope v1.5.2

2016-09-07T08:55:14+00:00

- [Firefox] Update jpm to v1.1.4 - Optimize recipients transfer methods in editor for Gmail and Yahoo - Remove recipients transfer methods in editor for generic webmail - Localization updates

mailvelope v1.6.0

2016-12-03T16:10:42+00:00

- Add message signing options to Mailvelope editor for sign & encrypt and sign-only use cases. - Extract sender address from mail client and show signature verification result in decrypt view - Add key expiration time option to key generate UI - Prevent setting invalid keys as primary key - Add inbox.google.com to watchlist. Fix decryption errors. - Migrate from jshint and jscs to eslint - [API]: createDisplayContainer method returns error code - Major refactoring - new folder structure - React is used for new UI components - Webpack and Babel included in the build step - migrating to ES6 module syntax - Update dependencies - Bugfixes

mailvelope v1.6.5

2017-01-16T19:20:03+00:00

- Workaround for port.disconnect() bug (#655932) in Chrome

mailvelope v1.7.1

2017-02-24T18:02:52+00:00

- Propagate preference changes in App UI to content scripts and all integrated components - Extract recipient tag input Angular component to separate file and wrap in React component - Update recipient input autocomplete after change of keyring data, newly imported keys can now directly be used in the editor - Update key selection for file encryption after key import - Fix add to whitelist function for Firefox - Remove unnecessary reload notice in settings - Refactoring key details view and keyring export - Add API version to body tag - [Security] Enforce password prompt for unmodified messages to prevent signing without user interaction - localization updates: Spanish, Portuguese (Brazil), Japanese, Chinese (Taiwan), Norwegian, Ukrainian, Dutch, Chinese, Arabic, French, Lithuanian

mailvelope v1.7.2

2017-04-18T09:47:20+00:00

* Add mail.riseup.net to list of email providers * Load keyGenDialog from embedded WebExtension to prevent password input warning in Firefox * Display selected key server in the key search UI * Migrate key server settings to React, allow ports, provide list of servers. Automatically add key server to watchlist. * Migrate to Webpack 2 * Update dependencies * Normalize armored keys before import

mailvelope v1.8.0

2017-07-10T08:38:49+00:00

* Migrate storage layer from localstorage to chrome.storage on Chrome and WebExtension API on Firefox * Support multiple MIME text parts of decrypted message * Mailvelope version is set to body tag for all websites in watchlist * Bug fixes and update of dependencies

mailvelope v1.8.1

2017-08-02T12:58:17+00:00

* Fix localization issues on Firefox 55

mailvelope v2.0.0

2017-10-09T12:29:23+00:00

* Complete migration of Firefox Add-on to Web Extension. Merge codebase for Chrome and Firefox. * Upgrade to OpenPGP.js v2 * Support binary format for file decrypt * Raise file size limit for file encryption to 50 MB * Improve accessibility of main App UI * Add mail.zoho.com to list of email providers * Migrate main App UI to React and React Router * Use frameId based content script injection logic * Further migrate codebase to ES6 * Move bower dependencies to npm * Replace PhantomJS with Karma and Chrome headless for unit testing * Load OpenPGP.js as npm dependency instead of using git submodules * Update dependencies *Download* * Chrome: https://chrome.google.com/webstore/detail/kajibbejlbohfaggdiogboambcijhkke * Firefox: https://download.mailvelope.com/releases/latest/mailvelope.firefox.xpi

mailvelope v2.1.0

2017-12-19T13:15:10+00:00

* File encryption: use binary format (.gpg file extension) by default * Introduce dashboard view as main entry point for the application * Redesign of the Mailvelope menu (in browser add-on toolbar) * Accessibility improvements (navigation in keyring management and settings) * Use chrome.downloads API for key export (fix for Bugzilla #1420419) * Better clarity about private key export in key details UI * [Security] Fix Inline Security Background spoofable (Medium) * [Security] Fix UI Redressing via web accessible resources (Medium) * Unify event handling in all controllers * Revise modal dialog behavior of Mailvelope browser popups * Revert to Symmetric-Key Message Encryption of OpenPGP.js v1 for private key backup * Move add-on distribution from self-hosted to AMO * Minor bug fixes and dependency updates

mailvelope v2.1.1

2017-12-20T14:33:04+00:00

* Revert: Use chrome.downloads API for key export

mailvelope v2.2.0

2018-03-06T14:27:26+00:00

* Encrypt and decrypt texts in App UI * Migrate decrypt-inline and editor component to React * Decrypt available messages when transferring to Mailvelope editor * Fix keyring backup key type filtering * Fix initialization of watchlist * Fix key server selection cancel button

mailvelope v2.2.1

2018-05-04T17:09:35+00:00

* Fix issue with negative left-position of encrypt frame in some webmail clients * Remove non-functional (and on Firefox broken) scanning for sub frames when adding active tab to the watchlist * Fix corrupted file name on file download for Firefox <61

mailvelope v2.2.2

2018-05-15T12:37:17+00:00

* [Security] Enforce strict MDC checking for all non-AES symmetric encryption algorithms. For details see: https://www.mailvelope.com/en/blog/implications-efail-on-mailvelope

mailvelope v3.0.0

2018-12-11T15:48:49+00:00

* GnuPG integration: connect via native messaging with a GnuPG installation and use GnuPG as an alternative backend for all OpenPGP operations. * New encrypted web forms feature: use Mailvelope to transmit HTML form data end-to-end encrypted with OpenPGP (https://github.com/mailvelope/mailvelope/wiki/Encrypted-Forms). * Support the Web Key Directory (https://wiki.gnupg.org/WKD) for decentralized public key discovery. * Update OpenPGP.js to 4.2 (http://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0): security fixes, support for ECC. * Redesign of keyring selection component and keyring management view * Block external HTML content in decrypted messages * Revise unit testing framework and increase test coverage * Major refactoring of keyring and model classes to support multiple OpenPGP backends * Add keyring fallback mechanism to find required private key for an operation across multiple keyrings * Public keys are synchronized across multiple keyrings * Authorized domains for client-API are by default HTTPS-only * Revise MIME parser/builder integration __Note:__ When updating an existing Mailvelope installation to version 3.0.0 the browser will ask the user to grant Mailvelope additional permissions for "__Communicate with cooperating native applications__". This permission is required to give Mailvelope access to a local GnuPG installation. If no current version of GnuPG is available on the system, then the additional permission does not have any effect.

mailvelope v3.0.1

2018-12-14T19:58:47+00:00

* Move native messaging permission in Chrome to optional permissions. Revise OpenPGP backend selection UI. * Update OpenPGP.js to 4.2.2. Add patch to verify ECC keys.

mailvelope v3.0.2

2018-12-18T10:56:45+00:00

* Update OpenPGP.js to 4.3.0

mailvelope v3.1.0

2019-03-11T10:22:48+00:00

* Redesign key details UI in app * Key UI: upload or delete keys to/from the Mailvelope key server * Key UI: change password of private keys * Key UI: create key revokation certificates * Key UI: change (add new, delete, revoke) user ID: name and email * Key UI: set new expiration date for key * Make links in decrypted messages clickable * Add checkbox to security settings to allow to hide header in armored message * [Security] Fix control mechanism to let components only be created in authorized domains * [Security] Fix OK badge on browser action icon that signals user interaction * Various fixes and refactoring * Update OpenPGP.js to 4.4.9

mailvelope v3.2.0

2019-05-15T13:58:37+00:00

* Migrate to Bootstrap 4 * Add openpgp-email-read and openpgp-email-write web components * Add query by email parameter to keyring.hasPrivateKey method * Add basic Autocrypt integration * Enable key lookup (Mailvelope key server, WKD, Autocrypt) for client-API calls * Add freenet.de to default list of authorized domains * Update OpenPGP.js to 4.5.1

mailvelope v3.3.0

2019-07-04T13:15:31+00:00

* [Security] New key import UI that displays all imported user IDs and requires additional confirmation step (CVE-2019-9150) * [Security] Fix insufficient key equality checks when importing keys via the client-API * [Security] Fix self signature check for armoredDraft option when using GnuPG keyring. Sign and encrypt operations should always require user interaction (CVE-2019-9149). * [Security] Add missing message and key validity checks (CVE-2019-9148) * [Security] Improve counter of private key operations to increase resistance against time-based side-channel attacks * Improve GPG detection on startup * [Security] Fix issue with the private key restore mechanism, that stores unlocked private keys inside the encrypted recovery message * Support for Autocrypt headers in client-API

mailvelope v3.3.1

2019-07-05T12:22:08+00:00

* Fix race condition when importing keys that can lead to key pairs being imported as separate public and private key

mailvelope v4.0.0

2019-08-01T14:10:11+00:00

* Refreshed Mailvelope branding: new design, new logo, new icons and fonts. * Many revised UI components, integration of new UI concepts like toasts to replace alert messages. * Revised mail provider integration: messages are automatically decrypted if private key password is cached, new animated Mailvelope editor button. * New configurable security background with choice of 24 icons * Remove jQuery dependency in content scripts * Improve PGP message detection logic on host page * New file encryption UI in app which supports signing

mailvelope v4.0.1

2019-08-08T14:00:03+00:00

* Fix pasting password from clipboard in password and key generate dialogs * Fix import keys with key attribute packets from keys.mailvelope.com and WKD * Improve scaling of logo

mailvelope v4.1.0

2019-08-15T14:10:28+00:00

* Further fixes of character duplication when pasting password from clipboard in password input fields * The keyring.openSettings method supports now direct navigation to the default key

mailvelope v4.1.1

2019-08-28T13:42:23+00:00

* Fix error messages on restore backup dialog * Fix bug in the editor recipient input field when terminating email address with space key * Hide bit length selector in in advanced key generation options where not appropriate * Fix duplicate password popup for Mailvelope viewer in the app decrypt UI * Optimize styling of embedded components for small dimensions * Allow to switch keyrings in the keyring setup UI * Fix encoding of file objects when decrypting armored message in app * Add support for Experimental Web Platform features with DOMPurify returning TrustedHTML * Add Mailvelope title to editor and password dialog * Fix line wrapping of cleartext signed messages

mailvelope v4.2.0

2019-11-12T13:53:55+00:00

* Support for Gmail API (experimental) * Websites can trigger request for inclusion in the authorized domain list

mailvelope v4.2.1

2020-01-09T10:58:16+00:00

* Build WKD URL with web crypto digest method instead node crypto shim * Various bug fixes in Gmail API integration * Fix options view of app when using createSettingsContainer client-API method * Update to Bootstrap 4.4.1, optimize container layout

mailvelope v4.2.2

2020-03-03T14:15:07+00:00

* Fix key import of multiple keys in one armored block * Fix decrypt of message with unknown signature (GnuPG backend) * Revise Gmail API settings UI

mailvelope v4.2.3

2020-03-05T09:24:00+00:00

* Revise Google sign in button design

mailvelope v4.3.0

2020-04-03T14:09:40+00:00

* Add Gmail API support for G Suite organizations with Mailvelope subscription * Key import preview: merge public into private keys. Fix import of private keys from PGP Universal Server. * Revise wording for contacts vs keys * Fix build error on case sensitive file systems * Update default authorized domain list

mailvelope v4.3.1

2020-04-07T15:13:26+00:00

* Revise Gmail API configuration UI

mailvelope v4.3.2

2020-05-22T17:58:35+00:00

* Free access to Gmail-API for G Suite legacy (Google Apps) accounts * Support port numbers in match patterns of authorized domain list * Scan host page for PGP messages inside dynamically created iframes

mailvelope v4.4.0

2020-10-24T16:16:06+00:00

* WKD: Add missing 'l' parameter to WKD queries * Fix body selection for clipped or cleartext signed messages in Gmail integration * Revise signature detail retrieval in file decryption UI and GnuPG module * Replace innerHTML assignment with DOMParser in decrypt message content sandbox * Improve license error messages and status update * Reduce dependencies of content scripts

mailvelope v4.4.1

2021-05-12T15:21:18+00:00

* [Gmail] Fix Mailvelope editor button integration when Meet section active in main menu * [Gmail] Fix missing cc recipients when reply to all * [Gmail] Fix legacy G Suite detection * Fix unit tests: replace expired keys * Update dependencies

mailvelope v4.5.0

2022-03-10T12:53:02+00:00

* Add option to define extra encryption key in the editor UI to support a domain-wide key concept * Introduce key binding: latest seen signature of contact is used for the key selection process * Adapt key import dialog for key rotation events * Use the keys.openpgp.org verifying key server for automatic key discovery * Add Clean Insights privacy preserving analytics (https://cleaninsights.org/) * Support WKD advanced method (https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/13/) * [Gmail] Fix transfer of recipients to Gmail editor * Update dependencies (Webpack 4 -> 5)

mailvelope v4.5.1

2022-03-16T09:05:52+00:00

* Fix signature evaluation for key binding feature that can result in error when decrypting messages or files

mailvelope v4.5.2

2022-04-03T18:42:57+00:00

* [Gmail] Fix detection of navigation area for new integrated view of Gmail to display Mailvelope compose button * [Gmail] Fix transfer of recipient email addresses from Mailvelope to Gmail editor * Upgrade emailjs-mime-parser to v2.0.7

mailvelope v4.6.0

2022-06-20T10:29:31+00:00

* Revise key search UI: search in verified key directories and WKD. Use key import preview for search results. Remove HKP server configuration. * Fix decrypting email with empty MIME nodes * [Gmail] Fix sending email with special characters in name associated with the email address

mailvelope v4.6.1

2022-09-09T13:07:56+00:00

* PGP/MIME compatibility: detect messages starting with "Content-Class" * Fix sending messages with defined alternative key where recipient does not have a key * Fix update password caching settings not taking effect * Fix issue with sending message when password cache is deactivated and email has attachments

mailvelope v4.7.0

2022-11-08T13:44:53+00:00

* [Gmail] Migrate deprecated OAuth out-of-band flow to browser.identity API

mailvelope v4.7.1

2022-11-19T13:23:57+00:00

* [Gmail] Fix Gmail API re-authentication required after browser restart

mailvelope v5.0.0

2023-04-02T13:23:39+00:00

* Upgrade to OpenPGP.js v5 * Fix timeout error when loading large GnuPG keyrings

mailvelope v5.0.1

2023-04-19T09:56:35+00:00

* Replace QR code library * Fix showing only first email address of key in recipient selection of Mailvelope editor * Fix unknown signature has fingerprint instead keyId (GnuPG backend)

mailvelope v5.1.0

2023-07-11T15:12:12+00:00

* Support signature verification independent of sender identity (sender email address not available or does not match user identities on sender key * Display signature verification results in the file decryption UI (OpenPGP.js, previously only available with GnuPG keyring) * Warn about signature inconsistency between message and attachments * Improve detection of messages with detached signatures * Fix key import not updating existing keys properly * Fix undefined password in private key backup after prior usage of password cache

mailvelope v5.1.1

2023-10-13T12:48:41+00:00

* [Gmail] Fix detection of encrypted attachments