[Pkg-mailman-hackers] [Fwd: [Mailman-Developers] Mailman 2.1.10b1 Released]
Thijs Kinkhorst
thijs at debian.org
Wed Dec 5 12:31:05 UTC 2007
hi!
The mailman maintainers are moving... good news. I think what they mention
as "security" is a security feature / proactiveness, not a real
vulnerability in itself.
Thijs
---------------------------- Original Message ----------------------------
Subject: [Mailman-Developers] Mailman 2.1.10b1 Released
From: "Mark Sapiro" <mark at msapiro.net>
Date: Wed, December 5, 2007 06:36
To: "Mailman Users" <mailman-users at python.org>
"Mailman Developers" <mailman-developers at python.org>
"Mailman Announce" <mailman-announce at python.org>
"Mailman I18n" <mailman-i18n at python.org>
--------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am happy to announce the first beta release of Mailman 2.1.10.
This is a security and bug fix release and it is highly recommended
that all sites upgrade to this version. Mailman 2.1.10 also adds support
for two new language translations, Hebrew and Slovak and a few new features.
Mailman is free software for managing email mailing lists and e-
newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org
http://mailman.sf.net
http://www.gnu.org/software/mailman
Special thanks are due to Barry Warsaw and Tokio Kikuchi for much coding
and support, Moritz Naumann for help with security issues and Jim Tittsler
for a significant patch.
Here's a list of the major changes.
Security
- The 2.1.9 fixes for CVE-2006-3636 have been enhanced. In particular,
many potential cross-site scripting attacks have are now detected in
editing templates and updating the list's info attribute via the web
admin interface. Thanks again to Moritz Naumann for assistance with
this.
New Features
- Changed cmd_who.py to list all members if authorization is with the
list's admin or moderator password and to accept the password if the
roster is public. Also changed the web roster to show hidden members
when authorization is by site or list's admin or moderator password
(1587651).
- Added the ability to put a list name in accept_these_nonmembers
to accept posts from members of that list (1220144).
- Added a new 'sibling list' feature to exclude members of another list
from receiving a post from this list if the other list is in the To: or
Cc: of the post or to include members of the other list if that list is
not in the To: or Cc: of the post (Patch ID 1347962).
- Added the admin_member_chunksize attribute to the admin General Options
interface (Bug 1072002, Partial RFE 782436).
Internationalization
- Added the Hebrew translation from Dov Zamir. This includes addition of
a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The
add_language() function defaults direction to 'ltr' to not break
existing mm_cfg.py files.
- Added the Slovak translation from Martin Matuska.
- --
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD4DBQFHVjjPVVuXXpU7hpMRArQHAJ9NE4Fj8b2rpWaXX6+BFa27wWB2MACWIGqJ
1wxPhA7ZBRVG9gSiEhTb2A==
=vzXz
-----END PGP SIGNATURE-----
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers at python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/thijs%40debian.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
More information about the Pkg-mailman-hackers
mailing list