Mailman 2.1.10b4 Released
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am happy to announce the next beta release of Mailman 2.1.10.
This is a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.10 also adds support for three new language translations, Galician, Hebrew and Slovak and a few new features.
Mailman is free software for managing email mailing lists and e- newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman
Special thanks are due to Barry Warsaw and Tokio Kikuchi for much coding and support, Moritz Naumann for help with security issues and Jim Tittsler for a significant patch.
Here's a list of the major changes.
Security
- The 2.1.9 fixes for CVE-2006-3636 were not complete. In particular, some potential cross-site scripting attacks were not detected in editing templates and updating the list's info attribute via the web admin interface. This has been assigned CVE-2008-0564 and has been
fixed. Thanks again to Moritz Naumann for assistance with this.
New Features
- Changed cmd_who.py to list all members if authorization is with the list's admin or moderator password and to accept the password if the roster is public. Also changed the web roster to show hidden members when authorization is by site or list's admin or moderator password (1587651).
- Added the ability to put a list name in accept_these_nonmembers to accept posts from members of that list (1220144).
- Added a new 'sibling list' feature to exclude members of another list from receiving a post from this list if the other list is in the To: or Cc: of the post or to include members of the other list if that list is not in the To: or Cc: of the post (Patch ID 1347962).
- Added the admin_member_chunksize attribute to the admin General Options interface (Bug 1072002, Partial RFE 782436).
Internationalization
- Added the Hebrew translation from Dov Zamir. This includes addition of a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The add_language() function defaults direction to 'ltr' to not break existing mm_cfg.py files.
- Added the Slovak translation from Martin Matuska.
- Added the Galician translation from Frco. Javier Rial Rodríguez.
Changes since 2.1.10b3 include the Galician translation and updates to the French translation (Vietnamese and Danish translations were updated in 2.1.10b3). Other changes since 2.1.10b3 include:
- In 2.1.9, queue runner processing was made ~ more robust by making backups of queue entries when they were dequeued ~ so they could be recovered in the event of a system failure. This ~ opened the possibility that if a message itself caused a runner to ~ crash, a loop could result that would endlessly reprocess the message. ~ This has now been fixed by adding a dequeue count to the entry and ~ moving the entry aside and logging the fact after the third dequeue of ~ the same entry.
- Fixed the command line scripts add_members, sync_members and ~ clone_member to properly handle banned addresses (1904737).
- Fixed bin/newlist to add the list's preferred language to the list's ~ available_languages if it is other than the server's default language ~ (1906368).
- Changed the first URL in the RFC 2369 List-Unsubscribe: header to go ~ to the options login page instead of the listinfo page.
- Changed the options login page to not issue the "No address given" ~ error when coming from the List-Unsubscribe and other direct links. ~ Also changed to remember the user's language selection when ~ redisplaying the page following an error.
/Mark Sapiro
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH2eJuVVuXXpU7hpMRAihOAJ4zIREWCWCQt7YDDHp3frDHjzwkCQCfdh7J W3UKWsTTfStBE4z64oqa36c= =ZedT -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
For translators who haven't yet updated their translations for 2.1.10 and for other interested parties, I plan to release a 2.1.10 release candidate on April 14, 2008 and barring any issues with the RC, the 2.1.10 final on April 21, 2008.
Note to translators - the latest mailman.pot for the 2.1 branch is at <https://code.launchpad.net/~mailman-coders/mailman/2.1>. The SVN repository on sourceforge is no longer maintained and is out of date.
One way to get your updated translation to me is to register on launchpad and make your own private branch off the 2.1 branch, update your branch and publish it and send me a note when it's ready. Then I can just merge your branch back into the 2.1 branch.
Of course, if you prefer, you can just send me your updated message catalog and templates if any or make them available anywhere on the web and tell me where to find them.
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFH97KHVVuXXpU7hpMRAoSnAKCb9kN0WV7EVJ2KVqUX0yhPQjlkkQCgwfLx UjpxqBDIR8yLPin2faeMr7M= =yLBQ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Apr 5, 2008, at 1:10 PM, Mark Sapiro wrote:
For translators who haven't yet updated their translations for 2.1.10 and for other interested parties, I plan to release a 2.1.10 release candidate on April 14, 2008 and barring any issues with the RC, the 2.1.10 final on April 21, 2008.
Sounds great, Mark. Thanks!
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkf3ygwACgkQ2YZpQepbvXFxGACgpa03tySXUxgGL8yuQCzD7zub QeoAmwbL7R3SKQ+1K5aF9EiS8d3z5YiM =t5NW -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am happy to announce the release of Mailman 2.1.10rc1.
This is a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.10 also adds support for three new language translations, Galician, Hebrew and Slovak and a few new features.
Mailman is free software for managing email mailing lists and e- newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman
Special thanks are due to Barry Warsaw and Tokio Kikuchi for much coding and support, Moritz Naumann for help with security issues and Jim Tittsler for a significant patch.
Here's a list of the major changes.
Note in particular, the second item under Security as this is new since 2.1.10b4 and requires an mm_cfg.py change to maintain current behavior.
Security
- The 2.1.9 fixes for CVE-2006-3636 were not complete. In particular, ~ some potential cross-site scripting attacks were not detected in ~ editing templates and updating the list's info attribute via the web ~ admin interface. This has been assigned CVE-2008-0564 and has been ~ fixed. Thanks again to Moritz Naumann for assistance with this.
- There is a new mm_cfg.py/Defaults.py variable ~ OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list ~ owner can change a member's password from the member's options page. ~ This defaults to No and should be changed to Yes only if list owners ~ are trusted to not change a member's password, log in as the member ~ and make global membership changes.
New Features
- Changed cmd_who.py to list all members if authorization is with the ~ list's admin or moderator password and to accept the password if the ~ roster is public. Also changed the web roster to show hidden members ~ when authorization is by site or list's admin or moderator password ~ (1587651).
- Added the ability to put a list name in accept_these_nonmembers ~ to accept posts from members of that list (1220144).
- Added a new 'sibling list' feature to exclude members of another list ~ from receiving a post from this list if the other list is in the To: ~ or Cc: of the post or to include members of the other list if that ~ list is not in the To: or Cc: of the post (Patch ID 1347962).
- Added the admin_member_chunksize attribute to the admin General ~ Options interface (Bug 1072002, Partial RFE 782436).
Internationalization
- Added the Hebrew translation from Dov Zamir. This includes addition ~ of a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The ~ add_language() function defaults direction to 'ltr' to not break ~ existing mm_cfg.py files.
- Added the Slovak translation from Martin Matuska.
- Added the Galician translation from Frco. Javier Rial Rodríguez.
Changes since 2.1.10b4 include the OWNERS_CAN_CHANGE_MEMBER_PASSWORDS setting mentioned above plus
- Changed cmd_subscribe.py to properly accept (no)digest without a ~ password and to recognize (no)digest and address= case insensitively.
- An updated mm-handler (mm-handler-2.1.10) that can help reduce ~ backscatter has been added to the contrib directory.
and updates to the Italian and Polish translations.
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIA98ZVVuXXpU7hpMRAm3uAKCngufNpjWZxTxIupg2X1dd5qSbLACgsAQX xchWm2WMfDzXET53TeLxJcw= =ZT1m -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am happy to announce the release of Mailman 2.1.10.
This is a security and bug fix release and it is highly recommended that all sites upgrade to this version. Mailman 2.1.10 also adds support for three new language translations, Galician, Hebrew and Slovak and a few new features.
Mailman is free software for managing email mailing lists and e- newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman
Special thanks are due to Barry Warsaw and Tokio Kikuchi for much coding and support, Moritz Naumann for help with security issues and Jim Tittsler for a significant patch.
Here's a list of the major changes.
Security
- The 2.1.9 fixes for CVE-2006-3636 were not complete. In particular, some potential cross-site scripting attacks were not detected in editing templates and updating the list's info attribute via the web admin interface. This has been assigned CVE-2008-0564 and has been fixed. Thanks again to Moritz Naumann for assistance with this.
- There is a new mm_cfg.py/Defaults.py variable OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list owner can change a member's password from the member's options page. This defaults to No and should be changed to Yes only if list owners are trusted to not change a member's password, log in as the member and make global membership changes.
Note: If you are not ready to upgrade, patches for these two issues are available at http://sourceforge.net/project/showfiles.php?group_id=103 in the 2.1.9 file list.
New Features
- Changed cmd_who.py to list all members if authorization is with the list's admin or moderator password and to accept the password if the roster is public. Also changed the web roster to show hidden members when authorization is by site or list's admin or moderator password (1587651).
- Added the ability to put a list name in accept_these_nonmembers to accept posts from members of that list (1220144).
- Added a new 'sibling list' feature to exclude members of another list from receiving a post from this list if the other list is in the To: or Cc: of the post or to include members of the other list if that list is not in the To: or Cc: of the post (Patch ID 1347962).
- Added the admin_member_chunksize attribute to the admin General Options interface (Bug 1072002, Partial RFE 782436).
Internationalization
- Added the Hebrew translation from Dov Zamir. This includes addition of a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The add_language() function defaults direction to 'ltr' to not break existing mm_cfg.py files.
- Added the Slovak translation from Martin Matuska.
- Added the Galician translation from Frco. Javier Rial Rodríguez.
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIDO/oVVuXXpU7hpMRAngiAKCwIOhSJJrCaY3afhGJQN339/dKuACeMckR SI7DwCHcYONnIj3LoNYueC0= =DO/d -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Apr 21, 2008, at 3:50 PM, Mark Sapiro wrote:
I am happy to announce the release of Mailman 2.1.10.
Congratulations Mark! Long live Mailman 2.2. :)
I will update the web sites.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgNFc0ACgkQ2YZpQepbvXEQ0wCePrsNZ1cyXStsBpjMHR94o20H HoEAn3Fv8D3WC3NCSkkjg9qIS5I5CzzP =1UG9 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Sapiro wrote: | I am happy to announce the release of Mailman 2.1.10. I have discovered a few problems with the release. None is a major show stopper, but the most significant so far is that I broke cmd_subscribe so that email subscribe to the -subscribe or -join address or the - -request address with a bare 'subscribe' command results in the message being shunted. A patch for this is attached, but I plan to make a patch release probably next week. - -- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFID1HvVVuXXpU7hpMRAm+3AKD2otRNTXWYSRjguJEYVc0HRVflhACZAVXf Kao5NWvpiRQ9U9keKT2Jbj8= =1NSl -----END PGP SIGNATURE----- === modified file 'Mailman/Commands/cmd_subscribe.py' --- Mailman/Commands/cmd_subscribe.py 2008-03-20 03:07:51 +0000 +++ Mailman/Commands/cmd_subscribe.py 2008-04-23 14:32:48 +0000 @@ -71,7 +71,8 @@ return STOP argnum += 1 # Fix the password/digest issue - if digest is None and password.lower() in ('digest', 'nodigest'): + if (digest is None + and password and password.lower() in ('digest', 'nodigest')): if password.lower() == 'digest': digest = 1 else:
participants (2)
-
Barry Warsaw
-
Mark Sapiro