[Mailman-Announce] RELEASED Mailman 2.1.3

Barry A. Warsaw barry at python.org
Mon Sep 29 09:10:14 EDT 2003

I have released Mailman 2.1.3, a bug fix release which also contains
support for four new languages: Ukrainian, Serbian, Euskara (Basque),
and Danish.  This release also contains a fix for a cross-site
scripting vulnerability in the 'create' cgi script, as well as
improved performance of the bounce and outgoing queue runners.  I
recommend all sites running versions of the 2.1.x line upgrade to the
new version.

The full source tarball has been made available from the usual sites
(although the gnu.org sites have not yet been updated).  Sorry, there
is no patch available, but you should be able to install 2.1.3 over
your existing 2.1.x installation.  See


for links to download all the patches and the source tarballs.  After
installing, be sure you restart your Mailman daemon by doing a
"mailmanctl restart".

See also:

    http://www.list.org (not yet updated)


-------------------- snip snip --------------------
2.1.3 (28-Sep-2003)

    Performance, Reliability, Security

        - Closed a cross-site scripting exploit in the create cgi script.

        - Improvements in the performance of the bounce processor.
          Now, instead of processing each bounce immediately (which
          can cause severe lock contention), bounce events are queued.
          Every 15 minutes by default, the queued bounce events are
          processed en masse, on a list-per-list basis, so that each
          list only needs to be locked once.

        - When some or all of a message's recipients have temporary
          delivery failures, the message is moved to a "retry" queue.
          This queue wakes up occasionally and moves the file back to
          the outgoing queue for attempted redelivery.  This should
          fix most observed OutgoingRunner 100% cpu consumption,
          especially for bounces to local recipients when using the
          Postfix MTA.

        - Optional support for fsync()'ing qfile data after writing.
          Under some catastrophic system failures (e.g. power lose),
          it would be possible to lose messages because the data
          wasn't sync'd to disk.  By setting SYNC_AFTER_WRITE to True
          in Mailman/Queue/Switchboard.py, you can force Mailman to
          fsync() queue files after flushing them.  The benefits are
          debatable for most operating environments, and you must
          ensure that your Python has the os.fsync() function defined
          before enabling this feature (it isn't, even on all
          Unix-like operating systems).


        - New languages Ukrainian, Serbian, Danish, Euskara/Basque.

        - Fixes to template lookup.  Lists with local overriding
          templates would find the wrong template.

        - .mo files (for internationalization) are now generated at
          build time instead of coming as part of the source


        - A first draft of member documentation by Terri Oda.  There
          is also a Japanese translation of this manual by Ikeda Soji.

    Archiver / Pipermail

        - In the configuration variables PUBLIC_EXTERNAL_ARCHIVER, and
          PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been added to
          the list of allowable substitution variables.

        - The timezone is now taken into account when figuring the
          posting date for an article.

    Scripts / Cron

        - Fixes to cron/disabled for NotAMemberError crashes.

        - New script bin/show_qfiles which prints the contents of .pck
          message files.  New script bin/discard which can be used to
          mass discard held messages.

        - Fixes to cron/mailpasswds to account for old password-less

        - bin/list_members has grown two new options: --invalid/-i
          prints only the addresses in the member database that are
          invalid (which could have snuck in via old releases);
          --unicode/-u prints addresses which are stored as Unicode
          objects instead of as normal strings.


        - Fixes to problems in some configurations where Python wouldn't
          be able to find its standard library.

        - Fixes to the digest which could cause MIME-losing missing
          newlines when parts are scrubbed via the content filters.

        - In the News/Mail gateway admin page, the configuration variable
          nntp_host can now be a name:port pair.

        - When messages are pulled from NNTP, the member moderation checks
          are short-circuited.

        - email 2.5.4 is included.  This fixes an RFC 2231 bug, among
          possibly others.

        - Fixed some extra spaces that could appear in the List-ID header.

        - Fixes to ensure that invalid email addresses can't be invited.

        - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should now work.

        - Fixes so that shunted message file names actually match
          those logged in log/errors.

        - An improved pending action cookie generation algorithm has
          been added.

        - Fixes to the DSN bounce detector.

        - The usual additional u/i, internationalization, unicode, and
          other miscellaneous fixes.

More information about the Mailman-announce mailing list