Hi Everyone,
I am pleased to announce a couple of more releases:
- Postorius: 1.3.3rc1
Changelog: https://docs.mailman3.org/projects/postorius/en/latest/news.html#rc1
Download: https://pypi.org/project/postorius/1.3.3rc1/
- Hyperkitty: 1.3.3rc1
Changelog: https://hyperkitty.readthedocs.io/en/latest/news.html#rc1
Download: https://pypi.org/project/HyperKitty/1.3.3rc1/
- Mailmanclient: 3.3.1rc1
Changelog: https://docs.mailman3.org/projects/mailmanclient/en/latest/src/mailmanclien…
Download: https://pypi.org/project/mailmanclient/3.3.1rc1/
- Django-mailman3: 1.3.3rc1
Changelog: https://gitlab.com/mailman/django-mailman3/-/blob/master/README.rst
Download: https://pypi.org/project/django-mailman3/1.3.3rc1/
Python 3.6+ and Django 2.0+ is supported for all of them. Django 3.0 support for Hyperkitty requires manually upgrading a dependency (django-haystack>=3.0b2, once a stable version of this has been released, it shouldn't require manually upgrading).
There are tons of bug-fixes across the board and some new features.
Biggest visible change is switch to Bootstrap 4, which has been long pending for us. Bootstrap 4 completely changes the CSS grid model using the new Flexbox. There might be some small changes or breakages when using on mobile. Please report such issues to us via Gitlab!
Some other notable changes are in Postorius, which includes many more list settings exposed include content filtering settings, bounce processing (which was added in the previous release of Mailman Core) settings and some other ones. You can now also specify a reason when rejecting held messages.
There was also a gnarly bug, which caused the name of some members to be the string "None". For the longest time, I couldn't figure out the reason for it, but it ended up being a simple fix in mailmanclient's json serialization of display_name, which would result in Python's None value being passed as string "None" to Mailman's API for subscription.
There is also better support for filtering visible lists based on the current vhost, which I see a few people are already waiting for from mailman-users list.
A full changelog has been added to each project in the top. These are still pre-releases and if you are installing via pip, you would need the `--pre` flag, for e.g.
$ pip install --pre --upgrade postorius hyperkitty
As with all other releases, these have also been running on mail.python.org and lists.mailman3.org for some time now, so it should be relatively safe to upgrade to. Stable releases for this is now scheduled in 1 week, hopefully, next weekend.
--
thanks,
Abhilash Raj (maxking)
For the third time in as many days I have released a new Mailman 2.1
version. This one is 2.1.33 and fixes another content injection
vulnerability. See the attached README.txt and the bug report at
https://bugs.launchpad.net/mailman/+bug/1877379 for details.
Again, for those who don't want to install the full update, the above
bug report contains a simple patch to fix the security issue.
As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1
branch from the GNU Mailman project. There has been some discussion as
to what this means. It means there will be no more releases from the GNU
Mailman project containing any new features. There may be future patch
releases to address the following:
i18n updates.
security issues.
bugs affecting operation for which no satisfactory workaround exists.
Mailman 2.1.31 is the first such patch release, Mailman 2.1.32 is the
second and Mailman 2.1.33 is the third.
Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see our web site at one of:
http://www.list.orghttps://www.gnu.org/software/mailmanhttp://mailman.sourceforge.net/
Mailman 2.1.33 can be downloaded from
https://launchpad.net/mailman/2.1/https://ftp.gnu.org/gnu/mailman/https://sourceforge.net/projects/mailman/
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
A content injection vulnerability in Mailman 2.1 has been discovered and
reported by Vishal Singh.
This is a heads-up that I plan to release Mailman 2.1.30-1 on Tuesday,
May 5 to fix this issue. At that time I will also post details of the
issue and a patch that can easily be applied to existing installations.
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
