Third-party libraries? TLS has definitely had its fair share of implementation and protocol vulnerabilities.

Although in mailhog's case it looks like STARTTLS was never implemented. Hence the forks.

It's a web application too, not just a SMTP server. The MailHog web app is a little rough around the edges (it's an early AngularJS app) and had some bugs involving HTML mail content, so I can see the need for an updated version.