I am pleased to announce the release of Mailman 2.1.39.
This is a bug fix release. It fixes
https://bugs.launchpad.net/mailman/+bug/1954694
This addresses two issues.
The fix for CVE-2021-42097 was case sensitive and should not be.
The fix for CVE-2021-44227 introduced a potential NameError in logging.
This could cause a user's changes to the option's page to not be
accepted and perhaps cause a `We hit a bug` response if the user visited
the page with a mixed- or upper-case email address
For those who just want a patch one is attached to the bug report.
As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1
branch from the GNU Mailman project. There has been some discussion as
to what this means. It means there will be no more releases from the GNU
Mailman project containing any new features. There may be future patch
releases to address the following:
i18n updates.
security issues.
bugs affecting operation for which no satisfactory workaround exists.
Mailman 2.1.39 is the ninth such patch release.
Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.
For more information, please see our web site at one of:
http://www.list.orghttps://www.gnu.org/software/mailmanhttp://mailman.sourceforge.net/
Mailman 2.1.39 can be downloaded from
https://launchpad.net/mailman/2.1/https://ftp.gnu.org/gnu/mailman/https://sourceforge.net/projects/mailman/
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
