Hi Developers and i18ners, Mailman 2.1.7a1 was released for alpha test and i18n translations. Here is excerpts from NEWS file. I thank Mark Sapiro for significant contributions in bug-fixes and document/message brushups. Please fetch it from SF download sites or from http://mm.tkikuchi.net/mailman-2.1.7a1.tgz Cheers, Tokio --------------------------------------------------- Here is a history of user visible changes to Mailman. 2.1.7a1 (13-Dec-2005) Security - The fix for CAN-2005-0202 has been enhanced to issue an appropriate message instead of just quietly dropping ./ and ../ from URLs. - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has been solved in mailman-2.1.6, there may be more cases where ToDigest.send_digests() can block regular delivery. We put the send_digests() calling part in try - except clause and leave a message in the error log if something happened in send_digests(). Daily call of cron/senddigests will notify more detail to the site administrator. - List administrators can no longer change the user's option/subscription globally. Site admin can change these only if mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes. - Script tag is disallowd in edithtml script. - Since probe message for the disabled users may reach unexpected persons, the password was excluded from sendProbe() and probe.txt. Note that the default value of VERP_PROBE has been set to `No' from 2.1.6., thus this change doesn't change the default behavior. New Features - Always remove DomainKey (and similar) headers (1287546) from messages sent to the list. - List owners can customize content filter behavior as not to collapse multipart/alternative to its first content. This allows HTML part to pass through after other content filtering is done. Internationalization - New language: Interlingua. Bug fixes and other patches - Fix MTA/Postfix.py to check aliases group permission in check_perms and fix mailman-install document on this matter (1378270). - Fix private.py to go to the original URL after authorization (1080943). - Fix bounce log score messages to be more consistent. - Fix bin/remove_members to accept no arguments when both --fromall and --file= options are specified. - Change cgi-bin and mail wrapper "group not found" error message to be more descriptive of the actual problem. - Apply the list's ban_list to address changes and admin mass subscribe and invite and to confirmations/approvals of address changes, subscriptions and invitations. - Decode quoted-printable and base64 encoded parts before passing to HTML_TO_PLAIN_TEXT_COMMAND (1367783). - Remove Approve: header from post - treat as Approved: (1355707). - Stop removing line following Approve(d): line in body of post (1318883). - Log post in post log with true sender, not listname-bounces (1287921). - Correctly initialize and remember the list's default_member_moderation attribute in the web list creation page (1263213). - Add PEP263 charset in config_list output (1343100). - header_filter_rules get lost if accessed directly and needed authenti- cation by login page (1230865). - Obscure email when the poster doesn't set full name in 'From:' header. - Take preambles and epilogues into account when calculating message sizes for holding purposes (Mark Sapiro). - Logging/Logger.py unicode transform option (1235567). - bin/update crashes with bogus files (949117). - Bugs and patches: 1212066/1301983 (Date header in create/remove notice) -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/