This project is developed and tested with Python 3.12.4.
The minimum supported version is Python 3.7.4.
Older versions of Python (<3.7.4) are not supported.
Currently, only the latest release (main branch) is supported with security updates.
| Component | Supported |
|---|---|
| Main branch | ✅ |
| Old branches | ❌ |
| Python 3.12.4 (tested) | ✅ |
| Python ≥3.7.4 | ✅ |
| Python <3.7.4 | ❌ |
The project relies on the following key dependencies, which are regularly updated for security patches:
httpx==0.27.0PyJWT==2.9.0alembic==1.13.2Flask==3.0.3Flask_JWT_Extended==4.6.0flask_mail==0.10.0Flask_Migrate==4.0.7flask_restx==1.3.0flask_sqlalchemy==3.1.1pymysql==1.1.1python-dotenv==1.0.1SQLAlchemy==2.0.31Werkzeug==3.1.3openai==1.42.0email-validator==2.2.0flask-cors==5.0.1gunicorn==23.0.0gevent==24.11.1fernet==1.0.1google-auth-oauthlib==1.2.1google-auth-httplib2==0.2.0google-api-python-client==2.149.0msal==1.31.0psycopg2-binary==2.9.10redis==5.1.1Flask-Limiter==3.8.0BeautifulSoup4==4.12.3
The following packages are pinned specifically to avoid known vulnerabilities:
anyio>=4.4.0h11>=0.16.0protobuf>=4.25.8requests>=2.32.4urllib3>=2.5.0zipp>=3.19.1
If you discover a security vulnerability in Easy-Email:
-
Do not open a public issue.
Instead, please report it responsibly. -
Submit a detailed report via the GitHub Issues page.
-
Please include:
- A clear description of the vulnerability.
- Steps to reproduce the issue (if possible).
- Potential impact on the system.
- Suggested fix or mitigation (if you have one).
-
Response expectations:
- Acknowledgment of your report within 72 hours.
- Initial assessment within 7 days.
- Regular updates on the status of your report.
If the vulnerability is valid, it will be prioritized for patching in the next release cycle. If declined, you will receive an explanation.
We encourage researchers and contributors to report vulnerabilities responsibly and allow time for fixes before public disclosure.