[Mailman-Announce] RELEASED Mailman 2.0.12
Barry A. Warsaw
Thu, 11 Jul 2002 15:52:33 -0400
I' released Mailman 2.0.12 which fixes a cross-site scripting
vulnerability, among other changes. I recommend that folks upgrade
their 2.0.x systems to this new version. See below for a NEWS file
As usual, I've made both full source tarballs and patches available.
for links to download all the patches and the source tarball. If you
decide to install the patches, please do read the release notes first:
-------------------- snip snip --------------------
- Implemented a guard against some reply loops and 'bot
subscription attacks. Specifically, if a message to -request
has a Precedence: bulk (or list, or junk) header, the command is
ignored. Well-behaved 'bots should always include such a
- Changes to the configure script so that you can pass in the mail
host and web host by setting the environment variables MAILHOST
and WWWHOST respectively. configure will also exit if it can't
figure out these values (usually due to broken dns).
- Closed another minor cross-site scripting vulnerability.