The Stable channel has been updated to 146.0.7680.177/178 for Windows/Mac  and 146.0.7680.177 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

1.4.11 (2026-03-31)

Features

• Logging: Add logging categories for better log management

Fixes

• Security: Harden security with CSP enforcement, SSRF redirect validation, reenabled S/MIME chain verify, IP spoofing prevention, and PDF iframe sandbox
• Security: Harden proxy authentication and SSRF defenses
• Security: Block plugins with dangerous JS patterns and enforce strict session secret length validation
• S/MIME: Add self-signed certificate detection and update status messages for S/MIME signatures
• Email: Auto-focus input fields in email composer for improved user experience (#126)
• Mailbox: Prevent orphaning of nested mailboxes by restricting deduplication to root-level folders
• JMAP: Strip server-immutable fields from updates before sending to JMAP (#128)
• Files: Update file feature disabled messages and add stability warnings
• i18n: Add missing translation keys to all non-English locales

1.4.10 (2026-03-31)

Features

• Plugins: Add plugin configuration UI with schema-driven admin config page, calendar event action slot, and Jitsi Meet plugin
• Calendar: Implement client-side recurrence expansion for calendar events
• Calendar: Add iCal subscription editing and batch event import
• Calendar: Add hover preview settings and functionality
• Calendar: Add virtual location input for calendar events (#121)
• Email: Add reply-to addresses support in email composer
• Email: Add mail layout settings and update email list components
• Email: Add auto-select reply identity feature with settings and localization
• Email: Enhance compose functionality with button integration and translations
• Filters: Preserve activation state when updating or creating Sieve scripts to avoid deactivating server-managed vacation scripts
• Filters: Skip server-managed vacation script in Sieve script handling
• Settings: Add support for custom JMAP server endpoints in login and settings
• Settings: Add folder expansion state management and settings navigation
• UI: Add options to hide account switcher and show account avatars on navigation rail
• i18n: Add JMAP server endpoint labels and hints in multiple languages
• i18n: Add missing translation keys to all non-English locales

Fixes

• Security: Patch critical auth bypass and credential leak vulnerabilities
• Security: Support 3DES S/MIME decryption by importing legacy RSAES-PKCS1-v1_5 keys and add diagnostic logging (#35)
• Security: Account isolation, auto-import signer certs, and no-key error handling (#35)
• Calendar: Fix JSCalendar 2.0 recurrenceRule single-object compatibility (#116)
• Calendar: Enhance calendar event handling to distinguish between events and tasks
• Calendar: Link existing events to target calendar during iCal import instead of skipping (#113)
• Calendar: Deduplicate UIDs during iCal import to prevent mass failures (#113)
• Calendar: Fix events disappearing after iCal import/subscription refresh
• Calendar: Enhance calendar event handling with full-day detection and layout adjustments
• Calendar: Use UTC timestamps for timed event rendering
• Calendar: Work around Stalwart not returning Task objects via CalendarEvent/query
• Email: Enhance email loading and deduplication logic in email store (#119)
• Email: Ensure draft editing function is called correctly in EmailViewer component (#60)
• Email: Match hover action background to selected row state
• Email: Align tag counts with mailbox folder counts in sidebar
• Auth: Handle 2FA/TOTP session expiry with basic auth (#117)
• Mailbox: Improve mailbox tree logic and enhance mailbox handling with logging (#118)
• UI: Improve dark mode handling for media elements and background images
• UI: Adjust account list spacing and remove push connection indicator
• UI: Fix nested button in theme card

1.4.9 (2026-03-27)

Features

• Admin: Add Stalwart admin authentication, sidebar access, and a reorganized dashboard with dedicated policy sections
• Plugins: Add plugin/theme admin dashboard, harness tooling, forced enable or disable controls, managed policy enforcement, and a resizable detail sidebar
• Filters: Add vacation responder management with Sieve generation and parsing, UI integration, and improved sync preservation
• Email: Add plain text only composer mode, optional conversation threading disable, configurable hover action placement, and OAuth app password support
• UI: Add drag-and-drop customization for sidebar apps
• Files: Use dynamic server-configured maximum upload sizes
• i18n: Add Russian locale support and complete missing translation strings for recent task features

Fixes

• Calendar: Improve date parsing and event normalization, prevent calendar page re-render loops, ensure unique ICal subscription IDs, and create all-day events with correct JSCalendar midnight handling
• Email: Respect the configured mark-as-read delay in EmailViewer and fetch full email content when needed while editing drafts (#60, #95)
• Auth: Improve network error handling, add JMAP rate limiting handling, and enhance settings retrieval and persistence diagnostics (#100, #104)
• UI: Improve mobile layout behavior on contacts and calendar pages (#103)
• Themes: Repair theme ZIP bundle handling and enforce admin theme locks correctly
• Code Quality: Resolve outstanding ESLint warnings across the codebase

chore: update version to 1.4.9

1.4.8 (2026-03-23)

Features

• Email: Add support for marking emails as answered or forwarded and display status icons in email list and thread views
• Email: Enhance identity selection by supporting sub-addressing (plus addressing) in email composer
• Settings: Add notification settings with sound picker, preview playback, and configurable alert sounds
• Settings: Add default mail program settings with localization support across all locales
• Auth: Implement path prefix handling for OAuth callbacks and login redirects, enabling reverse proxy deployments
• Validation: Add all multi-part TLDs for domain validation in favicon API (#81)

Fixes

• Calendar: Fix bugs in duration parsing, RFC compliance, and event handling across calendar components
• Calendar: Detect tasks created by external CalDAV clients such as Thunderbird
• Settings: Enhance account settings with username and authentication method display (#90)

1.4.7 (2026-03-21)

Features

• Calendar: Add task management features with task creation, editing, and status tracking
• Calendar: Add option to show week numbers in mini-calendar
• Email: Add resizable image component and rich text editor with image upload support
• Files: Support uploading folders via drag-and-drop and toolbar button
• Filters: Add expanded visual view for filter rules
• Auth: Add non-interactive SSO login flow for embedded/iframe deployments (#69)
• DevOps: Add separate Docker build workflow for releases and dev branch images

Fixes

• Calendar: Handle updates and deletions for synthetic JMAP IDs in calendar events with fallback to destroy and recreate
• Security: Extend CryptoEngine to support legacy algorithms and integrate with LinerEngine for decryption
• Auth: Refactor logout to use synchronous flow with full page redirect
• Email: Update iframe sandbox attributes to allow popups to escape sandbox
• i18n: Add missing translation keys across all locales
• Docker: Update .env.example to clarify Docker volume mounting for settings data directory

1.4.6 (2026-03-21)

Features

• Demo: Add full demo mode with fixture data for emails, calendars, contacts, files, filters, identities, mailboxes, and vacation responses
• Demo: Implement JMAP client interface abstraction to support demo and live backends
• Contacts: Add no-category filter, drag-and-drop to category, and category combo box in contact form
• Email: Add hover actions for emails with configurable quick-action buttons
• Settings: Implement keyword migration functionality for upgrading legacy email tags
• Security: Enhance S/MIME certificate extraction and add legacy PBE (password-based encryption) support
• Tour: Add interactive guided tour overlay for new user onboarding

Fixes

• Settings: Add missing showTimeInMonthView and showOnMobile type definitions to settings store
• UI: Adjust padding and size of sidebar buttons for improved layout

1.4.5 (2026-03-20)

Features

• Calendar: Add prev/next navigation buttons and date label to desktop calendar toolbar
• Calendar: Add pending event preview functionality to calendar views and event modal
• Calendar: Add setting to show event start time in month view
• Contacts: Implement pagination for fetching contacts with maxObjectsInGet capability
• Email: Add attachment position setting in email settings
• Layout: Add mobile visibility toggle for sidebar apps
• Error: Add NotFound component to handle 404 errors and redirect unauthenticated users

Fixes

• Auth: Enhance account switching logic and clear stores on account change
• Auth: Improve account restoration logic and handle stale accounts
• Auth: Improve draft handling in email composer and enhance session cookie verification
• Calendar: Expand recurring events in CalendarEvent/query so individual occurrences are returned (#65)
• Calendar: Validate event start field when fetching calendar events
• Calendar: Auto-scroll agenda view to today's events and include today's date in groups
• Calendar: Correct JSX syntax in CalendarToolbar component
• Dependencies: Update flatted to 3.4.2
• DevOps: Use native ARM runners instead of QEMU for Docker builds
• DevOps: Enhance health check with detailed memory diagnostics and stable liveness probe

1.4.4 (2026-03-19)

Features

• Calendar: Implement CalDAV discovery API with automatic calendar home resolution for multi-account setups
• Calendar: Enhance calendar management settings with mailbox role reassignment controls
• Email: Add signature rendering utilities with HTML-to-text conversion and sanitization

Fixes

• Auth: Fix account session handling to update existing accounts instead of duplicating entries
• Auth: Fix logout redirects and unauthenticated home page rendering
• Calendar: Fix duplicate calendar edits and prevent double-save submissions in event modal
• Calendar: Remove stale calendar ID references in favor of CalDAV-discovered IDs
• Contacts: Improve RFC 9553 compliance for contact birthdays and address formatting
• Email: Fix email signature rendering for identity signatures
• Folders: Improve mailbox role management by clearing roles from all mailboxes before reassigning

1.4.3 (2026-03-19)

Features

• Auth: Implement multi-account support with up to 5 simultaneous accounts and instant switching
• Auth: Add account switcher component with connection status, default account selection, and per-account logout
• Auth: Support multi-account OAuth and basic auth with per-account session persistence
• Contacts: Enhance contacts sidebar with collapsible sections, bulk operations, and address book grouping
• Contacts: Add contact import functionality and keyword filtering
• Settings: Add per-account encrypted settings storage with server-side sync support

Fixes

• UI: Adjust popover alignment in sub-address helper component
• Settings: Improve error logging in settings sync functionality

1.4.2 (2026-03-19)

Features

• Calendar: Add task list view for calendar tasks with task details and management
• Calendar: Add shared calendar grouping with visual separation in sidebar
• Calendar: Support double-click to create events and improve modal date handling
• Contacts: Add address book directories with drag-and-drop and editor picker
• Email: Add email attachment support in sendEmail functionality
• Email: Implement draft editing functionality across email components
• Email: Implement unwrapping of embedded message/rfc822 attachments with enhanced HTML body validation
• Email: Add email export/import localization keys for multiple languages
• Contacts: Update gender handling to use speakToAs structure

Fixes

• Email: Resolve default sender to canonical identity on local-part login
• Email: Refactor overflow handling in EmailViewer to use hidden priorities and layout effects
• Email: Remove debugMode usage from EmailViewer component
• Calendar: Enhance IMIP invitation and cancellation handling for calendar events
• Calendar: Add time-based sorting for events in buildWeekSegments function
• Dependencies: Update dompurify to 3.3.3 and elliptic to 6.6.1, add undici override