I've just released version 2.0.8 of Mailman, the GNU Mailing List Manager. Mailman is released under the GNU General Public License (GPL). Version 2.0.8 closes several cross-site scripting vulnerabilities and includes a few other minor bug fixes. More information on cross-site scripting exploits in general can be found at http://www.cert.org/advisories/CA-2000-02.html I recommend anybody running a version of Mailman up to, and including 2.0.7 to upgrade to version 2.0.8. GNU Mailman is software to help manage electronic mail discussion lists. Mailman gives each mailing list a unique web page and allows users to subscribe, unsubscribe, and change their account options over the web. Even the list manager can administer his or her list entirely via the web. Mailman has most of the features that people want in a mailing list management system, including built-in archiving, mail-to-news gateways, spam filters, bounce detection, digest delivery, and so on. Mailman is compatible with most web servers, web browsers, and mail servers. It runs on GNU/Linux and should run on any other Unix-like operating system. Mailman 2.0.8 requires Python 1.5.2 or newer. To install Mailman from source, you will need a C compiler. For more information on Mailman, including links to file downloads, please see the Mailman web page: http://www.gnu.org/software/mailman And its mirrors at: http://mailman.sourceforge.net http://www.list.org (Note: the gnu.org mirror is not yet updated.) Patches and tarbals are available at http://sourceforge.net/project/showfiles.php?group_id=103 There are email lists (managed by Mailman, of course!) for both Mailman users and developers. See the web sites above for details. Cheers, -Barry -------------------- snip snip -------------------- 2.0.8 (27-Nov-2001) Security fix release to prevent cross-site scripting exploits. See http://www.cert.org/advisories/CA-2000-02.html for a description of the general problem (not Mailman specific).