[Mailman-Announce] Mailman 2.1.10rc1 has been released

[Mark Sapiro]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am happy to announce the release of Mailman 2.1.10rc1.

This is a security and bug fix release and it is highly recommended
that all sites upgrade to this version. Mailman 2.1.10 also adds support
for three new language translations, Galician, Hebrew and Slovak and a
few new features.

Mailman is free software for managing email mailing lists and e-
newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, including download links, please see:

http://www.list.org
http://mailman.sf.net
http://www.gnu.org/software/mailman

Special thanks are due to Barry Warsaw and Tokio Kikuchi for much coding
and support, Moritz Naumann for help with security issues and Jim
Tittsler for a significant patch.

Here's a list of the major changes.

Note in particular, the second item under Security as this is new since
2.1.10b4 and requires an mm_cfg.py change to maintain current behavior.


Security

- - The 2.1.9 fixes for CVE-2006-3636 were not complete.  In particular,
~  some potential cross-site scripting attacks were not detected in
~  editing templates and updating the list's info attribute via the web
~  admin interface.  This has been assigned CVE-2008-0564 and has been
~  fixed.  Thanks again to Moritz Naumann for assistance with this.

- - There is a new mm_cfg.py/Defaults.py variable
~  OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list
~  owner can change a member's password from the member's options page.
~  This defaults to No and should be changed to Yes only if list owners
~  are trusted to not change a member's password, log in as the member
~  and make global membership changes.

New Features

- - Changed cmd_who.py to list all members if authorization is with the
~  list's admin or moderator password and to accept the password if the
~  roster is public.  Also changed the web roster to show hidden members
~  when authorization is by site or list's admin or moderator password
~  (1587651).

- - Added the ability to put a list name in accept_these_nonmembers
~  to accept posts from members of that list (1220144).

- - Added a new 'sibling list' feature to exclude members of another list
~  from receiving a post from this list if the other list is in the To:
~  or Cc: of the post or to include members of the other list if that
~  list is  not in the To: or Cc: of the post (Patch ID 1347962).

- - Added the admin_member_chunksize attribute to the admin General
~  Options interface (Bug 1072002, Partial RFE 782436).

Internationalization

- - Added the Hebrew translation from Dov Zamir.  This includes addition
~  of a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table.  The
~  add_language() function defaults direction to 'ltr' to not break
~  existing mm_cfg.py files.

- - Added the Slovak translation from Martin Matuska.

- - Added the Galician translation from Frco. Javier Rial Rodríguez.


Changes since 2.1.10b4 include the OWNERS_CAN_CHANGE_MEMBER_PASSWORDS
setting mentioned above plus

- - Changed cmd_subscribe.py to properly accept (no)digest without a
~  password and to recognize (no)digest and address= case insensitively.

- - An updated mm-handler (mm-handler-2.1.10) that can help reduce
~  backscatter has been added to the contrib directory.

and updates to the Italian and Polish translations.

- --
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIA98ZVVuXXpU7hpMRAm3uAKCngufNpjWZxTxIupg2X1dd5qSbLACgsAQX
xchWm2WMfDzXET53TeLxJcw=
=ZT1m
-----END PGP SIGNATURE-----