Skip to content

Update dependency org.simplejavamail:simple-java-mail to v8 #4694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency org.simplejavamail:simple-java-mail to v8 #4694

wants to merge 1 commit into from
+1 −1

Conversation

@renovate-bot
Copy link
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.simplejavamail:simple-java-mail (source) 6.7.6 -> 8.12.6 age adoption passing confidence

Release Notes

bbottema/simple-java-mail (org.simplejavamail:simple-java-mail)

v8.12.6

Compare Source

#​595: [bug] Spring configuration - fix support for simplejavamail.extraproperties

v8.12.5: maintenance release

Compare Source

Bumped PATCH versions of various dependencies #​553, #​554, #​555, #​562, #​567

v8.12.4

Compare Source

#​558: [bug] Mailer.close() exception because it attempts to shutdown batch-module connection pools, even if not available on the classpath

v8.12.3: v8.12.13

Compare Source

#​563: [enhancement] Add getter for Authenticated SOCKS server port

v8.12.2

Compare Source

#​552: [bug] support iCalendar events with METHOD defined in body instead of Content-Type

v8.12.1: Maintenance release v8.12.1

Compare Source

  • #​533: [maintenance] Bump com.github.therapi:therapi-runtime-javadoc-scribe from 0.1
  • #​532: [maintenance] Bump com.sanctionco.jmail:jmail from 1.4.1 to 1.6.3
  • #​531: [maintenance] Bump com.github.bbottema:java-socks-proxy-server from 4.0.0 to
  • #​528: [maintenance] Bump com.github.davidmoten:subethasmtp from 7.0.1 to 7.1.1
  • #​522: [maintenance] Bump jakarta.annotation:jakarta.annotation-api from 1.3.5 to 3.0.0

v8.12.0

Compare Source

  • #​550: [bug] Environment variables are not being loaded properly
  • #​538: [bug] System properties are only read if configuration file exists in class path
  • #​546: [Enhancement] Trim whitespace in encoder values for Content-Encoding

v8.11.3: Reduce batch-module log spam

Compare Source

#​543: [Enhancement] reduce log spam from the batch-module

v8.11.2: Outlook support bug fix

Compare Source

#​530: [Bug] After converting Outlook .msg to EML, bullet lists have duplicate numbering HTML converted from RTF

v8.11.1: maintenance update

Compare Source

  • #​529: Bump smtp-connection-pool from 2.3.2 to 2.3.3 which improves performance and fixes a rare ConcurrentModificationException
  • #​527: Bump org.slf4j:slf4j-api from 2.0.9 to 2.0.13
  • #​523: Bump org.jacoco:jacoco-maven-plugin from 0.8.5 to 0.8.12

v8.11.0

Compare Source

#​526: When reading .msg files the RTF converted to HTML is garbled in some cases where the appropriate charset is not detected properly

NOTE: this release contains many (minor) dependency updates to resolve CVE issues, including:

  • parent POM upgrade: Upgrades test dependencies as well as SLF4J versions
  • outlook-message-parser 1.13.2 -> 1.14.0
  • java-reflection 4.0.1 -> 4.0.2
  • smtp-connection-pool 2.3.1 -> 2.3.2
  • utils-mail-dkim 3.1.0 -> 3.2.0
  • jakarta.mail-api 2.1.2 -> 2.1.3
  • angus-mail 2.0.2 -> 2.0.3
  • therapi-runtime-javadoc 0.13.0 -> 0.15.0
  • kryo 5.0.0-RC1 -> 5.6.0
  • maven-assembly-plugin 3.1.0 -> 3.7.1 (only for the CLI module during build)

v8.10.1: batch-module dependency fix

Compare Source

#​510: Update upstream dependency generic-object-pool, which solves a critical bug when there are exceptions during allocation

v8.10.0: EmailConverter update

Compare Source

#​508: [enhancement+bug] Make EmailConverter API more consistent regarding Session parameter, don't use Session.getDefaultInstance anymore and fix bug where emlToEmailBuilder used emlToMimeMessage

v8.9.0: - Security update

Compare Source

#​507: [security] Update 3rd party dependencies to get rid of all currently known CVE issues

Changes:

Dependencies:

  • Spring 5.3.27 -> 5.3.34
  • Spring Boot 2.5.15 -> 2.7.18
  • commons-io 2.7 -> 2.11.0
  • utils-mail-smime 2.3.1 -> 2.3.3
    • org.bouncycastle:bcjmail-jdk15to18 1.75 -> org.bouncycastle:bcjmail-jdk18on 1.78.1
  • ical4j 2.2.4 -> ical4j-vcard 2.0.0-beta2

Other:

  • Junit 4 -> Junit 5 (including Mockito, AssertJ and got rid of Powermock)
  • maven-surefire-plugin 2.19.1 -> 3.2.5

v8.8.4: CVE smime-module (bouncycastle)

Compare Source

#​506: [CVE] Upgrade utils-mail-smime dependency to 2.3.2, to resolve CVE issue in bouncycastle

v8.8.3

Compare Source

#​502: [Bug] Message headers not treated with case insensitivity as per RFC, causing deviating headers to slip through the filters

v8.8.2

Compare Source

  • #​495: Add config support for 'verifyingServerIdentity' with SMTP, also: since Angus 1.1.0 (8.6.0) server identity checks are on by default and can be countered by mailerBuilder.verifyingServerIdentity(false)
  • #​501: [dependency] Update outlook-message-parser dependency, which has improved support for X500 addresses
  • #​499 (fix): [maintenance] Added missing finer-grained DKIM Spring Boot properties

v8.8.1

Compare Source

#​500: [bug] Fix parsing addresses from headers in EML files, like a Disposition-Notification-To with umlaut

v8.8.0: Enhanced DKIM API

Compare Source

  • #​499: [Enhancement] Expose finer-grained DKIM configuration through the builder api and disable 'l-param' by default)

NOTE: this release changes the default for DKIM signing from 'l-param' true to false. If you rely on this feature, you need to enable it explicitly. Refer to the DKIM documentation for the update.

v8.7.1: Enhanced S/Mime API

Compare Source

  • v8.7.1 (20-March-2024): #​498: [feature] Make S/MIME algorithms configurable (signature algorithm for signing, key encapsulation and cipher algorithms for encryption)
  • v8.7.1 (20-March-2024): #​497: [bug] Order of attachments is lost when converting a MimeMessage to an Email

NOTE: this breaks the API for S/MIME related builder methods. Refer to the S/MIME documentation for the new API.

v8.7.0: : Ignore this version

Compare Source

Don't use this version, as the versioning was messed up here. Refer to 8.7.1 instead.

v8.6.3

Compare Source

#​491: [bug] Attachment body parts should separately parse Content-Disposition and ContentID, possible resulting in an downloadable attachment that is also embedded

v8.6.2

Compare Source

#​493: [bug] don't require smime-module when adding collection of headers (also used when copying email)

v8.6.1

Compare Source

#​487: Move header filtering from MimeMessageParser to EmailConverter, thereby enabling access to all parsed headers when using MimeMessageParser directly
#​489: Finished update to Angus Mail by updating activation dependency

v8.6.0: - Update to Angus Mail

Compare Source

#​489 Update to Angus Mail

v8.5.1: Improve Outlook S/MIME support

Compare Source

#​486: [dependency] Handle Outlook's Non-Standard S/MIME Signed Messages

v8.5.0: Improved recipient address parsing when using strings

Compare Source

#​484: [bug] Addresses passed as string are not always interpreted correctly

v8.4.0: support overriding envelope-level receivers

Compare Source

#​483: Enhancement: add native support for overriding envelope-level receiver(s)

v8.3.5: Don't crash on missing recipient data from Outlook msg

Compare Source

#​482 Bug: 'IllegalArgumentException: emailAddressList is required' when parsing mail with incorrect recipients from Outlook message

v8.3.4

Compare Source

#​481 Enhancement: don't crash on invalid empty embedded images when parsing Outlook messages

v8.3.3: Outlook X500 DAP address format support

Compare Source

#​477 Enhancement: Support Exchange proprietary addresses (X.500 DAP)

v8.3.2: bug patch for attachments with identical names

Compare Source

#​480 Bug: Multiple attachments with same name get the same Content-ID, causing them to refer to the same file content

v8.3.1

Compare Source

#​440 Bug: names manually specified for embedded images are overridden and have extension added, breaking cid: references in HTML body

v8.3.0

Compare Source

#​475 Enhancement: Add configuration metadata for Spring Boot application properties

This release adds a build-time only Spring Boot dependency, so nothing should change for you there. What's new is that now you will get IDE hints for available Simple Java Mail properties, for those IDE's that support this.

v8.2.0

Compare Source

#​473: Bugfix: Add missing support for multiple reply-to addresses

v8.1.3: Security update and AutoCloseable Mailer for Spring

Compare Source

#​467 Security: Medium severity vulnerability is detected in org.bouncycastle transitive dependency
#​466 Maintenance: Let Mailer implement AutoCloseable, so it shuts down the connection pool automatically when disposed of by Spring

v8.1.2

Compare Source

#​465 Regression bug #​461: Simple Java Mail always requires DKIM/SMIME modules

v8.1.1

Compare Source

#​461 Bugfix: Fixed MessageID not preserved when signing/encrypting with S/MIME and/or DKIM

v8.1.0: OSGi & Apache Karaf support

Compare Source

  • #​458 Missing osgi headers (#​288) and added support for Apache Karaf
  • #​288 Maintenance: missing OSGI package-exports from core-module

v8.0.1

Compare Source

#​456: Enhancement: make Content-Transfer encoder detection more lenient, supporting more values from the wild

v8.0.0: Defaults and Overrides overhaul

Compare Source

v8.0.0 (08-March-2023)

  • #​451: Feature: Make defaults and overrides a first class feature
  • #​452: Enhancement: with ".disableAllClientValidation(true)", also ignore errors from the completeness check
  • #​450: Bug: when using dispositionNotificationTo or returnReceiptTo mode, when the corresponding emails are not filled, it fails even though it should fall back to replyTo or From
  • #​449: Bug: IllegalArgumentException on parsing empty header name and value (when parsing Outlook message)
  • #​448: Bug: withEmailDefaults and withEmailOverrides does not work with CustomMailer
  • #​447: Enhancement: allow defaults/overrides to ignore individual fields (turn off for specific properties)
  • #​446: Enhancement: add missing defaults properties for DKIM

v7.9.1

Compare Source

#​444 Bugfix: encoded delimited recipients in EML not parsed properly

v7.9.0: DKIM header signing exclusions

Compare Source

#​344 Enhancement: make DKIM signing more flexible by allowing header exclusions in DKIM signature

image

v7.8.3

Compare Source

#​293 Bugfix: Decoding missing in a few placed when parsing MimeMessage or sending an Email

v7.8.2: Fail when smime-module is needed but missing

Compare Source

#​442 Enhancement: Simple Java Mail should throw an exception when trying to utilize S/MIME with smime-module on the classpath

v7.8.1: fail-fast and avoid NPE

Compare Source

#​438 Bug: properly Fail-Fast in case of Transport claim timeout in the batch-module, rather than running into NPE further down the line

v7.8.0: reject emails based on large size

Compare Source

v7.8.0 (24-January-2023)

  • #​436 Enhancement: add mailerBuilder.withTransportModeLoggingOnly() as mailer API entry point
  • #​435 Enhancement: SMTP server config should be optional in case a CustomMailer is used
  • #​427 Feature: set a maximum email size on Mailer level which throws EmailToBig exception when exceeded

v7.7.1: CustomMailer regression bug

Compare Source

#​434 Regression bug in #​430: Email parameter missing in CustomMailer interface

v7.7.0: improved connection pools and cluster config

Compare Source

  • #​430 Enhancement: auto-reconnect (if needed) when reclaiming a Transport connection from the SMTP connection pool (to avoid needless errors)
  • #​383 Feature: be able to set defaults and overrides on the Mailer level, rather than email or global level

This moves the conversion of Email to MimeMessage to after a Transport instance has been selected (in case of a cluster of SMTP servers),
so we can apply defaults/overrides on the Mailer level, meaning you can configure 'global' values for individual SMTP servers

v7.6.0: OAUTH2 support

Compare Source

#​421: Enhancement: Add support for OAUTH2 authentication

v7.5.2

Compare Source

#​429 Bug: wrong username property used when password authentication is not needed

v7.5.1

Compare Source

v7.5.1 (12-December-2022)

  • #​416 Bug: Support encoder names regardless of their case ("base64" is the same as "BASE64")
  • #​424 Maintenance: bump JMail dependency from 1.2.1 to 1.4.1

v7.5.0

Compare Source

  • #​411 Enhancement: expose validation sub steps in the MailerHelper class for the completeness check, CRLF inject scans and address validations
  • #​410 Bug: CRLF injection scan missing for dispositionNotificationTo and returnReceiptTo
  • #​390 Enhancement: make client sided validation optional, turning off address validation and CRLF injection detection

v7.4.0

Compare Source

  • #​407 Enhancement: Process all Outlook message headers, either copying the as-is or translating them to respective Simple Java Mail API calls
  • #​404 Minor bugfix: the new attachment's contentDescription was missing in Email.toString()

v7.3.0

Compare Source

  • #​405 Feature: Expand email builder API to support forced content Content-Transfer-Encoding for attachments, like quoted-printable, base64, 7BIT and others
  • #​404 Feature: Expand email builder API to support Content-Description on attachments

v7.2.1

Compare Source

#​396 Enhancement: make Outlook support tolerant of invalid/empty nested Outlook message attachments

v7.2.0

Compare Source

#​399 Feature: Expand email builder API to support selective content encoding, like quoted-printable, base64, 7BIT and others

v7.1.3

Compare Source

#​403 Security: Bump zip4j (only used during testing)

v7.1.2

Compare Source

  • #​401 Enhancement: Add HEIC and WEBP support when dynamically resolving embedded images from classpath
  • #​402 Security: Update Log4j to 2.17.1
  • #​393 Security: Update Apache POI and POI Scratchpad

v7.1.1

Compare Source

#​387 Bug: memory leak in SMPT connection pool when 3rd party deallocation failed with exception

v7.1.0

Compare Source

#​379 Maintenance: Adjust dependencies and make Java 9+ friendly

v7.0.2

Compare Source

#​329 Enhancement: Exceptions cause error-level logging in addition to rethrowing the exception, but should just include the message in a custom exception
#​378 Bug: package org.simplejavamail.internal.modules causes split package problem in Java9+

v7.0.1

Compare Source

#​375 Bug: batch-module gives error when there is a custom mailer

v7.0.0

Compare Source

v7.0.0 (2-January-2022)

It has been two years since the last major release, but 7.0.0 finally here!

What's new

Major features:

  • #​322 Simple Java Mail migrated to Java 8 finally (see notes below)
  • #​295 And also switched to JavaMail's successor Jakarta Mail 2.0.1 (see notes below)
  • #​323 Solved the great CLI performance problem (now executes near instantly)
  • #​319 Replaced the underlying regex-based email-address validation library with the lexer based JMail, which is faster, correcter, documented better and is more up-to-date with RFC's
  • #​367 The sendMail/testConnection methods now has proper support for CompletableFuture

Bugfixes:

  • #​352 Bug: names regex groups are not supported in Android JVM
  • #​326 Bug: NullPointer when parsing Outlook Message with nested empty Outlook message
  • #​330 Bug: cli expected --mailer arguments duplicated 3 times
  • #​324 Bug: Add back missing log4j2 for CLI library

Maintenance:

  • #​368 Resolve log4j (Java8) vulnerability in Simple Java Mail's CLI module
  • #​330 Improved feedback from failing CLI commands
  • #​327 Implement toString() for Mailer instances for debugging purposes
About the migration

Updating to Java8/Jakarta 2.0.1 posed a challenge as the 3rd party S/MIME library java-utils-mail-smime has been abandoned/archived while developing Simple Java Mail. Furthermore, it was still under LGPL3 license while everything else is ApacheV2.

Thankfully, I obtained permissions from the maintainers -as well as original developers from decades ago on SourceForge- to take both java-utils-mail-smime and java-utils-mail-dkim under my wings at Simple Java Mail and change the licensing model! You can now post issues and pull requests here:

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies A dependency upgrade label Oct 21, 2025
@tmortagne
Copy link
Member

https://jira.xwiki.org/browse/XWIKI-21394

@tmortagne tmortagne added the jakarta Require to move to jakarta.* packages label Oct 21, 2025
@socket-security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedmaven/​org.simplejavamail/​simple-java-mail@​6.7.6 ⏵ 8.12.6100 +1610089100100 +20

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@tmortagne tmortagne

Labels

dependencies A dependency upgrade jakarta Require to move to jakarta.* packages

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@renovate-bot @tmortagne