We are happy to announce the release of Proton Mail v1.09. As usual, please completely clear your browser cache to make sure you load the latest version of Proton Mail. Among all the security researchers who helped us, we’d like to give special thanks this time to all participants in the first Proton Mail Hackathon for security tests for this Version 1.09 release.
New Features
- Replied and Forwarded message is indicated.
- Update encoding scheme to better support some foreign languages.
- Reminder when leaving compose page without saving a draft.
- Rearrange the message operation menu.
- Attachments will be displayed if they are plain text of html text.
- Add a new form field on sign up to allow user to add notification email to reset login password.
- Add two extra security headers to enhance XSS protection.
Bug Fixes
- Quotes in message title are now appropriately displayed.
- The page will stay the same after enter Mailbox Password in the new opened page, instead of always redirecting to inbox.
- Fixed the number of new messages in notification email.
- Fixed a rare case which leads to ‘inside_not_exist’ error
Known Issues
- Multiple attachments not properly supported.
- Mobile and Tablet not yet fully supported.
- Attachments are not encrypted.
Security Fixes
- Session Cookies are set to HttpOnly. (credit to ElectronMail team in Proton Mail’s hackathon)
- Security Headers updated for all pages to be more strict.
- XSS attack on Contacts page (credit Prakhar Prasad @prakharprasad)
- Enhanced brute-force attack protection.
