Blog

We are pleased to announce the release of Mailvelope v6.1, which builds upon our successful transition to Manifest V3 and brings several important improvements to our browser extension.

Last year's v6.0 release marked a significant milestone as we embraced Google Chrome's new extension framework, Manifest V3. The transition has been remarkably smooth, with over 208.000 Mailvelope users on Chrome benefiting from the updated architecture. Despite the substantial changes under the hood, we've received minimal bug reports after our release of v6.0—demonstrating the effectiveness of our implementation and thorough testing process.

But what does Manifest V3 actually mean for you as a user? Beyond the technical aspects, there are tangible benefits:

• Improved performance: Chrome extensions built on Manifest V3 generally consume less memory and CPU resources as they “run only when they are needed”.^1
• Enhanced security: To strengthen overall extension security, Google introduced stricter rules for code execution in Manifest V3. For example the loading and execution of remotely hosted code is now completely prohibited, significantly reducing the risk of malicious injections.^2

Mailvelope v6.1 on different platforms

With Mailvelope v6.1, we improved overall stability following our recent transition and expanded Manifest V3 support across all major browser platforms.

Microsoft Edge

Our Edge version now fully supports Manifest V3, serving approximately 52.000 users. Since Edge is built on the Chromium codebase (meaning it shares the same software foundation with Chrome), we've been able to deploy Mailvelope with minimal modifications. This shared architecture ensures consistent performance and feature parity between Chrome and Edge versions.

Additionally, v6.1 introduces multilingual support for Edge users, allowing more people around the world to use Mailvelope in their preferred language.

Mozilla Firefox

With around 30,000 Mailvelope users on Firefox, the open source browser remains a key focus for Mailvelope. Unlike Chrome and Edge, Firefox does not rely on service workers for extensions. Although Firefox’s implementation of Manifest V3 differs from that of Chromium-based browsers—particularly in its handling of background processes—we’ve now successfully adapted Mailvelope to its architecture.

Fortunately the required adjustments turned out to be less extensive than expected, enabling us to deliver a stable and reliable experience in version 6.1 that matches the functionality available on other platforms.

Technical improvements

Beyond platform expansion, v6.1 includes several important technical enhancements:

Modernized recipient input

We've completely rewritten the recipient input component in the Mailvelope editor. While this change should be largely invisible to users—maintaining the same intuitive interface you're familiar with—it represents an important technical advancement. The rewrite eliminates our dependency on the now-deprecated AngularJS framework, ensuring better long-term maintainability and performance.

Password cache restoration

The password cache feature, temporarily disabled during the Manifest V3 migration, has been fully restored. You can once again securely store your private key passwords in the extension's cache, reducing the need for repetitive password entry during your email sessions.

Enhanced GnuPG integration

For users who prefer working with GnuPG for key management, we've fixed a significant bug affecting message signing. Additionally, we've improved the integration between GnuPG and the new service worker architecture, ensuring more reliable operation.

Encrypted subject lines

We’ve enhanced Mailvelope with support for encrypted subject lines, following the “Memory Hole” specification.^3 This standard addresses the long-standing issue of unprotected email headers by embedding critical header fields—like the subject—within the encrypted body, ensuring they are cryptographically secured alongside the message content.

With this enhancement, Mailvelope can now decrypt and display encrypted subject lines from Thunderbird and other PGP clients using this feature.

Security fixes

Mailvelope recently underwent a comprehensive security audit by 0xche. Version 6.1 includes several fixes addressing issues identified during this review process. We'll be sharing more detailed information about the mentioned security audit in a dedicated follow-up post.