-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am happy to announce the final release of GNU Mailman 2.1.14.
Mailman 2.1.14 is mainly a bug fix release, but it contains one
security fix as previously announced at
<http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html>
and one new feature.
It differs from the previously released 2.1.14rc1 only in wording
clarifications and typo corrections in a few messages.
This new feature controls the addition/replacement of …
[View More]the Sender:
header in outgoing mail. This allows a list owner to set
include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.
Additionally, there is a new Defaults.py/mm_cfg.py setting
ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
to remove the include_sender_header setting from General Options, and
thus preserve the prior behavior completely.
Python 2.4 is the minimum supported, but Python 2.5.or 2.6 is recommended.
See the changelog at <https://launchpad.net/mailman/2.1/2.1.14> for
more details.
Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see:
http://www.list.orghttp://www.gnu.org/software/mailman
Mailman 2.1.14 can be downloaded from
https://launchpad.net/mailman/2.1/http://ftp.gnu.org/gnu/mailman/
- --
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFMl7bXVVuXXpU7hpMRAtKyAJ4hnS08i71tx9nx1iG9wkGI9FalggCgqjnF
3CvTQeW7TOY76+u/KBNBGuM=
=we0d
-----END PGP SIGNATURE-----
[View Less]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am happy to announce the first release candidate for the 2.1.14
release of the 2.1 stable maintenance branch of GNU Mailman.
Mailman 2.1.14rc1 is mainly a bug fix release, but it contains one
security fix as previously announced at
<http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html>
and one new feature.
This new feature controls the addition/replacement of the Sender:
header in outgoing mail. This allows a list …
[View More]owner to set
include_sender_header on the list's General Options page in the
admin GUI. The default for this setting is Yes which preserves the prior
behavior of removing any pre-existing Sender: and setting it to the
list's -bounces address. Setting this to No stops Mailman from adding or
modifying the Sender: at all.
Additionally, there is a new Defaults.py/mm_cfg.py setting
ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
to remove the include_sender_header setting from General Options, and
thus preserve the prior behavior completely.
Python 2.4 is the minimum supported, but Python 2.5.or 2.6 is recommended.
See the changelog at <https://launchpad.net/mailman/2.1/2.1.14rc1> for
more details.
Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see:
http://www.list.orghttp://www.gnu.org/software/mailman
Mailman 2.1.14rc1 can be downloaded from
https://launchpad.net/mailman/2.1/http://ftp.gnu.org/gnu/mailman/
- --
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFMiVTzVVuXXpU7hpMRAoOBAJ9toQK+LGWfIW0GQ3bwGd7oQlDUJACfe+8a
wyxtS0VdLRJfjicrVGewmyA=
=uGQl
-----END PGP SIGNATURE-----
[View Less]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I plan to release a Mailman 2.1.14 candidate release towards the end of
next week (Sept 9 or 10). This release will have enhanced XSS defenses
addressing two recently discovered vulnerabilities. Since release of the
code will potentially expose the vulnerabilities, I plan to publish a
patch against the 2.1.13 base with the fix before actually releasing the
2.1.14 candidate.
I will post the patch to the same 4 lists that this post is being sent
to …
[View More]in the early afternoon, GMT, on September 9.
The vulnerabilities are obscure and can only be exploited by a list
owner, but if you are concerned about them you can plan to install the
patch.
The patch is small (34 line diff), only affects two modules and doesn't
require a Mailman restart to be effective, although I would recommend a
restart as soon as convenient after applying the patch.
- --
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFMgutpVVuXXpU7hpMRAsX1AJ48C0RxSpV7r9lg3J0V7OTs44ISqgCgn1wX
LZ5RkuGLo0r04eDNYOBDYpo=
=gscN
-----END PGP SIGNATURE-----
[View Less]