Relax restriction on image tag src URIs. Others PLEASE TEST (HTML mails with unsafe images). Per the developers mailing list, no one could show that there was any exploit here. Some code has been inserted here but commented out in case there is in fact some exploit - the code will filter image URI file extensions as before but for URIs that fail that test, SM will check the actual served content for legitimate image files (so dynamically generated images from .asp, .php, and other systems can be correctly displayed).