Mailman 2.1.11 final has been released.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am happy to announce the final release of the Mailman 2.1.11.
Mailman 2.1.11 is a cleanup of a few problems found since the release of Mailman 2.1.10. It fixes the issue of shunted email subscribe requests and a few minor issues. It updates the contrib/mmdsr script for some 2.1.10 and 2.1.11 log and error messages, and it adds a new cron to cull and optionally archive old entries in the 'bad' and 'shunt' queues.
Mailman 2.1.11 has updates to several i18n translations.
A few bounce log messages now have the list name prepended.
There is a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS with default value '[-+_.=a-z0-9]'. This Python regular expression character class specifies the characters allowed in list names. The motivation for this is the fact that previously, a list named, e.g., xxx&yyy could be created and MTA aliases generated that would cause the MTA to execute yyy as a command. There is a possible security issue here, but it is not believed to be exploitable in any meaningful way.
If anyone is concerned about the security issue and not ready to upgrade, the mailman-2.1.11-listname-patch file contains a patch that can be applied to Mailman 2.1.9 or 2.1.10 to add this feature.
See the release notes at <http://sourceforge.net/project/shownotes.php?group_id=103&release_id=605074> for more details.
Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, including download links, please see:
http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman
Files in this release are:
mailman-2.1.11.tgz <- The full release tarball
mailman-2.1.11.tgz.sig <- GPG signature for the tarball
mailman-2.1.11-listname.patch <- Patch to add new listname ~ validation to 2.1.9 or 2.1.10. ~ This patch is only applicable to ~ the older releases.
mailman-2.1.11-listname.patch.sig <- GPG signature for the patch
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIaTDdVVuXXpU7hpMRApGpAKDXM56DmmpBY28+X6pN2sDpyyZltACgr3wm ePBR1weSHPYd1ViPCTc/L8o= =bV1I -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The release notes and NEWS file for Mailman 2.1.11 contains the following innocuous looking item.
~ - Improved bounce loop detection and handling in BounceRunner.py.
This actually first appeared in 2.1.11rc2. It turns out this had an unintended consequence, but I actually think it is a good thing.
The change involved bounces returned to the site list (mailman list) the bounce was a bounce of a notice to a list owner, and if so, to send
- -bounces address. There was always code in BounceRunner.py to look at bounces returned to the site list -bounces address to try to detect if
the bounce to the site list instead of processing it. This code never worked right.
The main problem, is I don't in general know how to tell to what address the bounced message was originally sent. If I did, there would never be an unrecognized bounce. So part of the change in 2.1.11 rc2 and final is to just forward to the site list owner any message that arrives to the site list -bounces address so the owner can handle the bounce.
The unintended consequence is that bounces of password reminders will also now go to the site list owner whereas before they were probably just ignored or processed as unrecognized bounces to the site list.
Most of these bounces will probably be for dead addresses where the user disabled delivery and forgot about the list and the address died and the password reminders have been bouncing for a long time.
In the longer term, plain text passwords and reminders are going away, but in the short term, the site list owner may get a lot of bounced password reminders (possibly a whole lot in a large site) on the first of the month following installation of this release.
I think the best way to deal with these is to remove the dead addresses from the lists. Once this is done, the number of bounces on an ongoing basis should be small.
Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIanG8VVuXXpU7hpMRAg9UAKDa8+K8krlwftCWex/9HuGPV/yq8ACgkX0H /lXKKlzIU/aP2xOhE9K3H5k= =lOmt -----END PGP SIGNATURE-----
participants (1)
-
Mark Sapiro