Hi all,

I've just released Mailman 2.1.7b1 for beta test and i18n translations. I'm tempted to jump into RC because the 2.1-maint branch is so stable and 2.1.7 is mainly for bug fixes, but we need more translations before the final release. Please download it from SF or: http://mm.tkikuchi.net/mailman-2.1.7b1.tgz

Cheers,

Tokio

Here is a history of user visible changes to Mailman.

2.1.7b1 (20-Dec-2005)

Security

- The fix for CAN-2005-0202 has been enhanced to issue an appropriate
  message instead of just quietly dropping ./ and ../ from URLs.

- A note on CVE-2005-3573: Although the RFC2231 bug example in the
  CVE has been solved in mailman-2.1.6, there may be more cases
  where ToDigest.send_digests() can block regular delivery.
  We put the send_digests() calling part in try - except clause and
  leave a message in the error log if something happened in
  send_digests().  Daily call of cron/senddigests will notify more
  detail to the site administrator.

- List administrators can no longer change the user's

option/subscription globally. Site admin can change these only if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

- Script tag is disallowd in edithtml script.

- Since probe message for the disabled users may reach unexpected
  persons, the password was excluded from sendProbe() and probe.txt.
  Note that the default value of VERP_PROBE has been set to `No'
  from 2.1.6., thus this change doesn't change the default behavior.

New Features

- Always remove DomainKey (and similar) headers (1287546) from messages
  sent to the list.

- List owners can customize content filter behavior as not to collapse
  multipart/alternative to its first content.  This allows HTML part
  to pass through after other content filtering is done.

Internationalization

- New language: Interlingua.

Bug fixes and other patches

- Fix Scrubber.py mungs quoted-printable bug with introducing
  'X-Mailman-Scrubbed' header for marking that the payload is
  scrubber-munged.  The flag is referenced in ToDigest.py, ToArchive.py,
  Decorate.py and Archiver.  Similar problem in ToDigest.py where the
  plain digest is generated is also fixed.

- Fix Syslog.py to write quopri encoded message when it fail to write
  8-bit characters.

- Fix MTA/Postfix.py to check aliases group permission in check_perms
  and fix mailman-install document on this matter (1378270).

- Fix private.py to go to the original URL after authorization

(1080943).

- Fix bounce log score messages to be more consistent.

- Fix bin/remove_members to accept no arguments when both --fromall and
  --file= options are specified.

- Change cgi-bin and mail wrapper "group not found" error message to be
  more descriptive of the actual problem.

- Apply the list's ban_list to address changes and admin mass subscribe
  and invite and to confirmations/approvals of address changes,
  subscriptions and invitations.

- Decode quoted-printable and base64 encoded parts before passing to
  HTML_TO_PLAIN_TEXT_COMMAND (1367783).

- Remove Approve: header from post - treat as Approved: (1355707).

- Stop removing line following Approve(d): line in body of post

(1318883).

- Log post in post log with true sender, not listname-bounces (1287921).

- Correctly initialize and remember the list's default_member_moderation
  attribute in the web list creation page (1263213).

- Add PEP263 charset in config_list output (1343100).

- header_filter_rules get lost if accessed directly and needed authenti-
  cation by login page (1230865).

- Obscure email when the poster doesn't set full name in 'From:' header.

- Take preambles and epilogues into account when calculating message

sizes for holding purposes (Mark Sapiro).

- Logging/Logger.py unicode transform option (1235567).

- bin/update crashes with bogus files (949117).

- Bugs and patches: 1212066/1301983 (Date header in create/remove

notice)