Upcoming Mailman 2.1 security release
A content injection vulnerability in Mailman 2.1 has been discovered and reported by Vishal Singh.
This is a heads-up that I plan to release Mailman 2.1.30-1 on Tuesday, May 5 to fix this issue. At that time I will also post details of the issue and a patch that can easily be applied to existing installations.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
I am pleased to announce the release of Mailman 2.1.31
Python 2.6 is the minimum supported, but Python 2.7, preferably 2.7.17 - the final Python 2 release, is strongly recommended.
This is a security fix release with an update to the Spanish translation and another couple of minor fixes. See the attached README.txt and the bug report at <https://bugs.launchpad.net/mailman/+bug/1873722> for details.
For those who don't want to install the full update, the above bug report contains a simple patch to fix the security issue.
As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1 branch from the GNU Mailman project. There has been some discussion as to what this means. It means there will be no more releases from the GNU Mailman project containing any new features. There may be future patch releases to address the following:
- i18n updates.
- security issues.
- bugs affecting operation for which no satisfactory workaround exists.
Mailman 2.1.31 is the first such patch release
Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see our web site at one of:
http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/
Mailman 2.1.31 can be downloaded from
https://launchpad.net/mailman/2.1/ https://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 5/5/20 9:01 AM, Mark Sapiro wrote:
Python 2.6 is the minimum supported, but Python 2.7, preferably 2.7.17 - the final Python 2 release, is strongly recommended.
It has been brought to my attention that the final Python 2 release is 2.7.18, released April 20, 2020, and that is what is recommended.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
There were some i18n issues in this morning's Mailman 2.1.31 release so I have released Mailman 2.1.32 to fix these.
Python 2.6 is the minimum supported, but Python 2.7, preferably 2.7.18 - the final Python 2 release, is strongly recommended.
Mailman 2.1.31 is a security fix release with an update to the Spanish translation and another couple of minor fixes. See the attached README.txt and the bug report at <https://bugs.launchpad.net/mailman/+bug/1873722> for details.
For those who don't want to install the full update, the above bug report contains a simple patch to fix the security issue.
As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1 branch from the GNU Mailman project. There has been some discussion as to what this means. It means there will be no more releases from the GNU Mailman project containing any new features. There may be future patch releases to address the following:
- i18n updates.
- security issues.
- bugs affecting operation for which no satisfactory workaround exists.
Mailman 2.1.31 is the first such patch release and Mailman 2.1.32 is the second.
Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see our web site at one of:
http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/
Mailman 2.1.32 can be downloaded from
https://launchpad.net/mailman/2.1/ https://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (1)
-
Mark Sapiro