-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I plan to release a Mailman 2.1.14 candidate release towards the end of next week (Sept 9 or 10). This release will have enhanced XSS defenses addressing two recently discovered vulnerabilities. Since release of the code will potentially expose the vulnerabilities, I plan to publish a patch against the 2.1.13 base with the fix before actually releasing the 2.1.14 candidate. I will post the patch to the same 4 lists that this post is being sent to in the early afternoon, GMT, on September 9. The vulnerabilities are obscure and can only be exploited by a list owner, but if you are concerned about them you can plan to install the patch. The patch is small (34 line diff), only affects two modules and doesn't require a Mailman restart to be effective, although I would recommend a restart as soon as convenient after applying the patch. - -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFMgutpVVuXXpU7hpMRAsX1AJ48C0RxSpV7r9lg3J0V7OTs44ISqgCgn1wX LZ5RkuGLo0r04eDNYOBDYpo= =gscN -----END PGP SIGNATURE-----