[Mailman-Announce] RELEASED Mailman 2.0.12
Barry A. Warsaw
mailman-developers@python.org
Thu, 11 Jul 2002 15:52:33 -0400
I' released Mailman 2.0.12 which fixes a cross-site scripting
vulnerability, among other changes. I recommend that folks upgrade
their 2.0.x systems to this new version. See below for a NEWS file
excerpt.
As usual, I've made both full source tarballs and patches available.
See
http://sourceforge.net/project/showfiles.php?group_id=103
for links to download all the patches and the source tarball. If you
decide to install the patches, please do read the release notes first:
http://sourceforge.net/project/shownotes.php?release_id=97760
See also:
http://www.gnu.org/software/mailman
http://www.list.org
http://mailman.sf.net
Cheers,
-Barry
-------------------- snip snip --------------------
2.0.12 (02-Jul-2002)
- Implemented a guard against some reply loops and 'bot
subscription attacks. Specifically, if a message to -request
has a Precedence: bulk (or list, or junk) header, the command is
ignored. Well-behaved 'bots should always include such a
header.
- Changes to the configure script so that you can pass in the mail
host and web host by setting the environment variables MAILHOST
and WWWHOST respectively. configure will also exit if it can't
figure out these values (usually due to broken dns).
- Closed another minor cross-site scripting vulnerability.