v1.3.1

Flexphish v1.3.1

Release date: April 1, 2026

Highlights

• Improved SMTP compatibility for Microsoft 365 / Office365.
• Hardened SMTP delivery flow with safer TLS behavior and timeouts.
• Fixed cascade behavior when deleting groups.
• Applied repository/database consistency updates for campaign sender persistence.

What’s Changed

SMTP delivery and auth hardening

• Added SMTP auth negotiation based on server capabilities (LOGIN, PLAIN, CRAM-MD5).
• Implemented AUTH LOGIN support for providers like Office365.
• Enforced safer submission flow:
  • Requires STARTTLS for authenticated non-local SMTP submission (non-465 path).
  • Added session deadlines to avoid hanging SMTP operations.
• Refactored mail send path for cleaner and more consistent behavior.

Data and repository updates

• Updated campaign sender persistence behavior in repository/database layer.
• Fixed group deletion cascade to prevent orphan related targets.

Version bump

• Backend CLI version updated to 1.3.1.
• Frontend package version updated to 1.3.1.
• README version references updated.

Included Commits

• d06c212 - Fix SMTP auth negotiation and harden submission flow
• 019523c - Persist campaign sender and database updates
• 1f3098c - fix(groups) delete cascade targets when delete a group
• e62486e - chore(release): bump version to 1.3.1 and update app config

Notes

• SMTP behavior is now compatible with servers that advertise AUTH LOGIN (including Office365 scenarios).
• If authentication still fails with 535 errors, verify account credentials and tenant SMTP AUTH policies.

v1.3.0

Flexphish v1.3.0

This release improves template portability, Windows build support, and campaign reliability, with several UX and docs updates.

Highlights

• Added template import/export as .zip
• Added guided import modal with clear template structure instructions
• Added Windows build support in Makefile and GitHub Actions
• Improved campaign performance and metrics consistency when removing results
• Added grouped single-select for Template, SMTP Profile, and Email Template in campaign flows
• Added CSV/XML target import for groups
• Added template validation for step/path/id/title
• Improved campaign/table UI and fixed template name display issues
• Updated documentation and screenshots

Fixes

• Fixed jwt_secret and test_mode_token configuration keys
• Fixed campaign scheduling validation for active campaigns
• Fixed error when starting a finished campaign
• Fixed multiple view subtitles and template preview/card issues
• Added import/export action icons and general template view polish

Notes

• No breaking changes expected.
• Build/release pipeline remains tag-driven (v*.*.*) via GitHub Actions.

New Contributors

• @mh4x0f made their first contribution in #1

Full Changelog: v1.2.1...v1.3.0

v1.2.1

This is the first public release of flexphish, providing a flexible and modular foundation for building and managing phishing campaigns.

• Modular phishing campaign engine
  A modular architecture that enables flexible creation and management of campaigns.

• Wildcard domain campaigns
  Support for wildcard domains, allowing dynamic and scalable campaign setups.

• YAML-based phishing page templates
  Easily create and customize phishing pages using YAML configuration.

• Campaign tracking and credential capture
  Built-in tracking and credential capture for monitoring campaign activity.

Full Changelog: https://github.com/P0cL4bs/flexphish/commits/v1.2.1