I've released Mailman 2.1.1 which includes many bug fixes and language updates. This release includes a fix for the cross-site scripting vulnerability, a fix for the cookie problem, any many other bugs. I recommend that all Mailman 2.1 users upgrade to this release.
As usual, I've made both a full source tarball and a patch file available. See
for links to download all the patches and the source tarballs. If you decide to install the patches, please do read the release notes first:
Note that applying the patch does /not/ completely update the language support. If you go the patch route, you will want to cd into the messages directory and run "make catalogs" before installing. This will only work if your OS has the necessary language tools installed. You don't need to do this if your lists are all English-only.
If you have a problem, please download and install the full release. It is safe to install this over version 2.1. You can simply run configure the way you did for 2.1, then do a make install. Be sure you restart your mailman daemon by doing a "mailmanctl restart" after installing.
http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net
-------------------- snip snip -------------------- 2.1.1 (08-Feb-2003)
Lots of bug fixes and language updates. Also: - Closed a cross-site scripting vulnerability in the user options page. - Restore the ability to control which headers show up in messages included in plaintext and MIME digests. See the variables PLAIN_DIGEST_KEEP_HEADERS and MIME_DIGEST_KEEP_HEADERS in Defaults.py. - Messages included in the plaintext digests are now sent through the scrubber to remove (and archive) attachments. Otherwise, attachments would screw up plaintext digests. MIME digests include the attachments inline.