v0.5.12

What's Changed

TruffleRuby is not (yet) "officially supported" but it seems to work (with a few small caveats). Several tests are still marked as pending, but the rest all pass. #528 protects us from merging PRs that break TruffleRuby and (in some cases) JRuby.

Fixed

• 🐛 Fix loading of net/imap for JRuby/TruffleRuby by @nevans in #530

Miscellaneous

• ✅ Test overriding inherited ::Data methods by @nevans in #531
• ✅ Add TruffleRuby to CI by @nevans in #528

Full Changelog: v0.5.11...v0.5.12

v0.5.11

What's Changed

Added

• ✨ Add ESearchResult#to_sequence_set by @nevans in #511
• ✨ Add ESearchResult#each by @nevans in #513
• ✨ Add VanishedData#each, delegated to #uids.each_number by @nevans in #522
• support new Ractor.shareable_proc by @ko1 in #525

Fixed

• 🐛 Fix SearchResult#== for LHS with no modseq by @nevans in #514

Other Changes

• ✨ Allow obj.to_sequence_set => nil in try_convert by @nevans in #512
• ♻️ Allow VanishedData#uids to be SequenceSet.empty by @nevans in #517
• 🥅 Raise ArgumentError for #fetch with partial by @nevans in #521

Documentation

• 📚 Fix rdoc call-seq for uid_expunge by @nevans in #516
• 📚 Add QRESYNC to #enable (docs only) by @nevans in #518

Miscellaneous

• ✅ Organize test files by @nevans in #515
• ✅ Fix flaky tests with FakeServer#Connection#close mutex by @nevans in #520
• Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in #524

New Contributors

• @ko1 made their first contribution in #525

Full Changelog: v0.5.10...v0.5.11

v0.5.10

What's Changed

Added

• 🔎 Update SequenceSet#inspect format to Net::IMAP::SequenceSet(#{string}) by @nevans in #501
• ⚡🔎 Abridge SequenceSet#inspect output for more than 512 entries by @nevans in #502

Fixed

• 🐛 Fix spelling of \Remote mailbox attr constant by @voxik in #509

Documentation

• 📚🐛 Fix mistake in SequenceSet#string= rdoc by @nevans in #497
• 📚🐛 Fix SequenceSet creation rdoc example output by @nevans in #499

Other Changes

• 🥅 Improve ArgumentError in SequenceSet#string= by @nevans in #498
• ♻️ Refactor SequenceSet#dup, #clone, and #replace by @nevans in #505

Miscellaneous

• ⬆️ Bump step-security/harden-runner from 2.12.1 to 2.12.2 by @dependabot[bot] in #496
• ⬆️ Bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in #500
• 📉 Add SequenceSet benchmarks by @nevans in #485
• 📉 Fix benchmark data for SequenceSet#normalize by @nevans in #503
• ⚡ Add vernier profiler for SequenceSet tests and benchmarks by @nevans in #504
• ⬆️ Bump actions/upload-pages-artifact from 3 to 4 by @dependabot[bot] in #507
• ⬆️ Bump actions/checkout from 4 to 5 by @dependabot[bot] in #506

Full Changelog: v0.5.9...v0.5.10

v0.5.9

What's Changed

Added

• ✨ Add Net::IMAP::SequenceSet() coercion method by @nevans in #490

Fixed

• 🐛 Fix SequenceSet#include? handling of invalid inputs by @nevans in #479
• 🐛 Always remove idle response handler after done by @nevans in #481
• 🧵 Improve synchronization of connection_state transitions by @nevans in #494

Documentation

• 📚🐛 Fix SequenceSet documentation errors by @nevans in #480
• 📚🐛 Fix doc & error msg for SequenceSet coersion by @nevans in #483
• 📚 RDoc updates for SequenceSet by @nevans in #489

Other Changes

• ♻️ Short-circuit frozen SequenceSet modifications by @nevans in #473
• ♻️ Move SequenceSet autoload by @nevans in #491
• ♻️ Avoid unnecessary allocation in SequenceSet[] by @nevans in #492
• 🧵 Close socket in #disconnect before waiting for lock & thread join by @nevans in #493

Miscellaneous

• ♻️ Generate same stringprep tables with ruby 3.4 by @nevans in #469
• ✅ CI: Mark ruby head on windows as "experimental" by @nevans in #472
• ✅ Update Regexp.linear_time? tests for non-CRuby by @nevans in #477
• ✅ Add timeouts to CI workflow by @nevans in #478
• ✅ Update ResponseReader, UIDFetchData, DeprecatedClientOptions tests by @nevans in #476
• ⏪ Revert #472 (✅ CI: Mark ruby head on windows as "experimental") by @nevans in #482
• ➕ Add benchmark to Gemfile to silence warnings by @nevans in #486
• ⬆️ Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot in #488

Full Changelog: v0.5.8...v0.5.9

v0.4.22

Important

The regression fixed by this release (#471) appears to only affect Ruby 3.0.0 through 3.0.2, and only on some platforms. It appears to be fixed by ruby 3.0.3, released 2021-11-24. Ruby 3.0.7 was released on 2024-04-23. Ruby 3.0 has reached its EOL.

If you are affected by this issue, upgrading Ruby is much more important than upgrading net-imap!

What's Changed

Fixed

• ⏪ Revert Ractor sharability for config types (v0.4 only) by @nevans in #474
  Fixes a regression in v0.4.20, reported by by @glaszig and @mumkymikey in #471

Full Changelog: v0.4.21...v0.4.22

v0.5.8

What's Changed

Added

• ✨ Add SequenceSet#min(count) and #max(count) by @nevans in #460
• ✨ Add SequenceSet#above and SequenceSet#below by @nevans in #462

Fixed

• 🐛 Check for Ractor (for JRuby, TruffleRuby) by @nevans in #453, reported by @rammpeter in #452
• 🐛 Fix SequenceSet#slice with range (start...0) by @nevans in #456
• 🐛 Fix inconsistently frozen SequenceSet#[] result by @nevans in #458
• 🐛 Fix SequenceSet#xor crash when set is frozen by @nevans in #457
• 🐛 Fix SequenceSet#slice when length > result size by @nevans in #459

Documentation

• 📚 Various SequenceSet rdoc improvements by @nevans in #465

Miscellaneous

• ⬆️ Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @dependabot in #455
• ✅ Test SequenceSet#xor and fuzz test all set operations by @nevans in #464

Full Changelog: v0.5.7...v0.5.8

v0.4.21

What's Changed

Fixes

• 🐛 Backport SequenceSet bugfixes to v0.4 by @nevans in #461
  • Backports 🐛 Fix SequenceSet#slice with range (start...0) by @nevans in #456
  • Backports 🐛 Fix inconsistently frozen SequenceSet#[] result by @nevans in #458
  • Backports 🐛 Fix SequenceSet#xor crash when set is frozen by @nevans in #457
  • Backports 🐛 Fix SequenceSet#slice when length > result size by @nevans in #459

Miscellaneous

• ✅ Backport SequenceSet tests to 0.4 by @nevans in #466
  • Backports #464

Full Changelog: v0.4.20...v0.4.21

v0.5.7

What's Changed

🔒 Security

This release adds two features to prevent unbounded memory use: the response_handlers keyword argument to Net::IMAP.new (#419) so response handlers can be added before the server can send any responses, and the max_response_size config attribute (#444, GHSA-j3g3-5qv5-52mj, CVE-2025-43857, reported by @Masamuneee).

Note

The default max_response_size is extremely high, to avoid issues with secure connections to trusted servers that are well-behaved. It can be configured more conservatively to guard against untrusted servers (for example, connecting to user-provided hostnames). It is the responsibility of net-imap users to configure their client appropriately for the server they are connecting to.

Added

• ✨ Track IMAP connection state by @nevans in #416
• ✨ Add response_handlers kwarg to Net::IMAP.new by @nevans in #419
• ✨ Customize SequenceSet YAML serialization by @nevans in #432
• ✨ Limit max_response_size by @nevans in #444

Documentation

• 📚 Improve docs for unbounded memory use and thread safety by @nevans in #418
• 📚 Impove SequenceSet docs by @nevans in #420
• 📚 Doc improvements for open_timeout, etc by @nevans in #424

Other Changes

• ♻️ Reorganize Config.version_defaults creation by @nevans in #412
• ♻️ Refactor Config attr type coercion by @nevans in #417
• ♻️ Refactor Net::IMAP#get_response (internal) by @nevans in #422
• ♻️ Rational config versions by @nevans in #429
• ♻️ Extract ResponseReader from get_response by @nevans in #433
• ♻️ Refactor ResponseReader by @nevans in #435

Miscellaneous

• Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot in #409
• ✅ Make FakeServer more robust against disconnect by @nevans in #414
• ✅ Improvements to FakeServer (tests only) by @nevans in #415
• ✅ Ignore more IO errors in some FakeServer tests by @nevans in #421
• ⬆️ Bump step-security/harden-runner from 2.11.0 to 2.11.1 by @dependabot in #423

Full Changelog: v0.5.6...v0.5.7

v0.4.20

What's Changed

🔒 Security

This release backports two features to prevent unbounded memory use: the response_handlers keyword argument to Net::IMAP.new so response handlers can be added before the server can send any responses (#427), and the max_response_size config attribute (#445, GHSA-j3g3-5qv5-52mj, CVE-2025-43857, reported by @Masamuneee).

Note

The default max_response_size is nil (unlimited), to avoid backward compatibility issues with secure connections to trusted servers that are well-behaved. It can be configured more conservatively to guard against untrusted servers (for example, connecting to user-provided hostnames). It is the responsibility of net-imap users to configure their client appropriately for the server they are connecting to.

Known Issues

Fixed in v0.4.22: Ruby 3.0.0 through 3.0.2 on Mac OS crash when net/imap is required (#471).

Important

This is fixed by Ruby 3.0.3, which was released 2021-11-24.
Ruby 3.0.7 was released on 2024-04-23. Ruby 3.0 has reached its EOL.

If you are affected by #471, upgrading Ruby is much more important than upgrading net-imap!

Added

• ✨ Add response_handlers kwarg to Net::IMAP.new by @nevans in #427
  • Backports #419
• ✨ Limit max_response_size by @nevans in #445
  • Backports #444

Documentation

• 📚 Backport documentation to v0.4 by @nevans in #426
  • Backports #418, #420, documentation only from #416, and #424

Other Changes

• ♻️ Update versioned default configs by @nevans in #413
  • Backports #412
• ♻️ Refactor get_response by @nevans in #431
  • Backports #422
• ♻️ Rational config versions by @nevans in #430
  • Backports #429
• ♻️ Extract ResponseReader from get_response by @nevans in #434
  • Backports #433
• ♻️ Refactoring by @nevans in #436
  • Backports #417 and #435

Miscellaneous

• ✅ Various test improvements to v0.4 by @nevans in #425
  • Backports #414, #415, #421, and assert_pattern from minitest (originally in #333)

Full Changelog: v0.4.19...v0.4.20

v0.3.9

Important

The 0.3.x release branch only receives security fixes, and will be unsupported when ruby 3.2 is EOL.
Please upgrade to a newer version.

What's Changed

🔒 Security

This release backports two features to prevent unbounded memory use: the response_handlers keyword argument to Net::IMAP.new so response handlers can be added before the server can send any responses (#438), and the max_response_size config attribute (#446, GHSA-j3g3-5qv5-52mj, CVE-2025-43857, reported by @Masamuneee).

Note

The default max_response_size is nil (unlimited), to avoid backward compatibility issues with secure connections to trusted servers that are well-behaved. It can be configured more conservatively to guard against untrusted servers (for example, connecting to user-provided hostnames). It is the responsibility of net-imap users to configure their client appropriately for the server they are connecting to.

Added

• ✨ Backport response_handlersoption to new by @nevans in #438
  • Backports #419, and #427
• ✨ Limit max_response_size by @nevans in #446
  • Backports #444

Fixed

• 🐛 Use Range#size vs Range#count for uid-set limit by @nevans in #411

Documentation

• 📚 Docs: receiver thread, server responses, connection state by @nevans in #437
  • Backports #418, and only the documentation from #416.

Other Changes

• ♻️ Backport ResponseReader by @nevans in #439
  • Backports #422, #433, #434, and #435

Full Changelog: v0.3.8...v0.3.9