*** This bug is a security vulnerability ***
Private security bug reported:
Current 2.1 admindb interface have no link (or button) to logout the administrator/moderator. An administrator can logout from mailman from admin interface but a moderator cannot logout without zapping the moderator cookie by browser's function (if it is provided) or terminating the browser. The admindb web page should have a convenient 'logout' link. Another inconvenience in admin logout funciton is that if the site-wide admin is allowed by mm_cfg.ALLOW_SITE_ADMIN_COOKIES then the administrator cannot logout with visiting the 'Logout' link in the admin page. These bugs are fixed by lp:~tkikuchi/mailman/logout-enforcement and the branch was requested to merge into 2.1 series.
** Affects: mailman Importance: Undecided Status: New
** Changed in: mailman Importance: Undecided => Medium
** Changed in: mailman Status: New => Fix Committed
** Changed in: mailman Milestone: None => 2.1.15
** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro)
** Changed in: mailman Status: Fix Committed => Fix Released
** Visibility changed to: Public
-
Mark Sapiro -
Tokio Kikuchi