Public bug reported:
Hello,
I noticed that GNU Mailman uses Google reCAPTCHA for filtering bot
traffic, unfortunately the default calling domain for Google reCAPTCHA
is www.google.com. And www.google.com is inaccessible in some areas,
such as the Chinese mainland.
Google provides an alternative, they also provide reCAPTCHA access
service at www.recaptcha.net.
So can you modify the calling domain of Google reCAPTCHA to
www.recaptcha.net?
Google Developer Documentation:
https://developers.google.com/recaptcha/docs/faq#can-i-use-recaptcha-
globally
Best regards,
Gentry
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/2047306
Title:
Modify the calling domain of Google reCAPTCHA
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/2047306/+subscriptions
*** This bug is a security vulnerability ***
Private security bug reported:
This is similar to but different from #1968443. The issue is on a list
with private rosters an attempt to log in to the options page with an
email address which is not a list member just returns the options login
page with no error, but attempt to login with an email address which is
a list member returns the page with a 401 status and an `Authentication
failed.` error message.
This could be used to fish for membership on a list with private
rosters.
** Affects: mailman
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/2015416
Title:
Membership information leak through options page.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/2015416/+subscriptions