Mailman 2.1.8rc1 was released for the final test of 2.1.8.
Important: This is not only a release candidate but also include a fix for a cross-site scripting bug found in 2.1.7. All sites running previous versions are adviced to upgrade to 2.1.8(rc1). I am going to release the final by the next weekend if nothing serious happens.
Please download it from Sourceforge file area: http://sourceforge.net/project/showfiles.php?group_id=103
Here is a history of user visible changes to Mailman.
- A cross-site scripting hole in the private archive script of 2.1.7 has been closed. Thanks to Moritz Naumann for its discovery.
Bug fixes and other patches
- Bouncers support added: 'unknown user', Microsoft SMTPSVC,
Prodigy.net and several others.
- Updated email library to 2.5.7 which will encode payload into
qp/base64 upon setting. This enabled backing out the scrubber related patches including 'X-Mailman-Scrubbed' header in 2.1.7.
- Fix SpamDetect.py potential hold/reject loop problem. - A warning message from email package to the stderr can cause error in Logging because stderr may be detached from the process during the qrunner run. We chose not to output errors to stderr but to the logs/error if the process is running under mailmanctl subprocess. - DKIM header cleansing was separated from Cleanse.py and added to -owner messages too. - Fixes: Lose Topics when go directly to topics URL (1194419). UnicodeError running bin/arch (1395683). edithtml.py missing import (1400128). Bad escape in cleanarch. Wrong timezone in list archive index pages (1433673). bin/arch fails with TypeError (1430236). Subscription fails with some Language combinations (1435722). Postfix delayed notification not recognized (863989). 2.1.7 (VERP) mistakes delay notice for bounce (1421285). show_qfiles: 'str' object has no attribute 'as_string' (1444447). Utils.get_domain() wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
- Brad Knowles' mailman daily status report script updated to 0.0.16.