Safeguard subject property (and others) against SMTP CRLF injection attacks
bbottema opened this issue · comments
Benny Bottema commented
It is possible to set a subject which contains newlines and custom SMTP protocol directives which directly sets the body of the email. This can be an issue when the subject comes from an external resource.
As a matter of precaution, Simple Java Mail should simply remove newline characters from all values (except for the body).
Also see:
Benny Bottema commented
Released in 4.3.0.