We only support updates to the 3.x versions of Postal.
| Version | Supported |
|---|---|
| 3.x.x | ✅ |
| < 3.0 | ❌ |
If you discover a vulnerability in Postal, please do not post an issue on GitHub. Please, instead, create a new security advisory through GitHub.
Security: postalserver/postal
Security
SECURITY.md
-
HTML injection in mesage viewGHSA-5f4r-5jpr-rfhc published
Mar 12, 2026 by adamcookeHigh -
SMTP SmugglingGHSA-j42r-6c99-hqf2 published
Mar 11, 2024 by adamcookeModerate
Learn more about advisories related to postalserver/postal in the GitHub Advisory Database