ProtonMail BETA v1.09 Release Notes

We are happy to announce the release of ProtonMail v1.09. As usual, please completely clear your browser cache to make sure you load the latest version of ProtonMail. Among all the security researchers who helped us, we’d like to give special thanks this time to all participants in the first ProtonMail Hackathon for security tests for this Version 1.09 release.

New Features

  • Replied and Forwarded message is indicated.
  • Update encoding scheme to better support some foreign languages.
  • Reminder when leaving compose page without saving a draft.
  • Rearrange the message operation menu.
  • Attachments will be displayed if they are plain text of html text.
  • Add a new form field on sign up to allow user to add notification email to reset login password.
  • Add two extra security headers to enhance XSS protection.

Bug Fixes

  • Quotes in message title are now appropriately displayed.
  • The page will stay the same after enter Mailbox Password in the new opened page, instead of always redirecting to inbox.
  • Fixed the number of new messages in notification email.
  • Fixed a rare case which leads to ‘inside_not_exist’ error

Known Issues

  • Multiple attachments not properly supported.
  • Mobile and Tablet not yet fully supported.
  • Attachments are not encrypted.

Security Fixes

  • Session Cookies are set to HttpOnly. (credit to ElectronMail team in ProtonMail’s hackathon)
  • Security Headers updated for all pages to be more strict.
  • XSS attack on Contacts page (credit Prakhar Prasad @prakharprasad)
  • Enhanced brute-force attack protection.

About the Author

Jason Stockman

Jason is a co-founder of ProtonMail. He works on building ProtonMail's user interface and websites. Jason has over 10 years experience building websites and applications.