I've released Mailman 2.1.1 which includes many bug fixes and language
updates. This release includes a fix for the cross-site scripting
vulnerability, a fix for the cookie problem, any many other bugs. I
recommend that all Mailman 2.1 users upgrade to this release.
As usual, I've made both a full source tarball and a patch file
for links to download all the patches and the source tarballs. If you
decide to install the patches, please do read the release notes first:
Note that applying the patch does /not/ completely update the language
support. If you go the patch route, you will want to cd into the
messages directory and run "make catalogs" before installing. This
will only work if your OS has the necessary language tools installed.
You don't need to do this if your lists are all English-only.
If you have a problem, please download and install the full release.
It is safe to install this over version 2.1. You can simply run
configure the way you did for 2.1, then do a make install. Be sure
you restart your mailman daemon by doing a "mailmanctl restart" after
-------------------- snip snip --------------------
Lots of bug fixes and language updates. Also:
- Closed a cross-site scripting vulnerability in the user options page.
- Restore the ability to control which headers show up in messages
included in plaintext and MIME digests. See the variables
PLAIN_DIGEST_KEEP_HEADERS and MIME_DIGEST_KEEP_HEADERS in
- Messages included in the plaintext digests are now sent through
the scrubber to remove (and archive) attachments. Otherwise,
attachments would screw up plaintext digests. MIME digests
include the attachments inline.
A long while ago, I offered to put up a page listing sites that
offered commercial Mailman list hosting services. Sadly, I don't have
the time to maintain this or even put it together.
However, there is a MoinMoin page (think: Wiki) listing general Python
hosting services, of which Mailman is included. I encourage all
Mailman hosting facilities to add entries to the page:
There is currently only one Mailman hosting site listed.
The MoinMoin is on the honor system, and you don't need a password to
add content to it. If you do add an entry, be sure to include the
word "Mailman" so the page is easy to search.