[Mailman-Developers] Released: Mailman 2.1.7a1

Tokio Kikuchi tkikuchi at is.kochi-u.ac.jp
Tue Dec 13 04:11:44 CET 2005


Hi Developers and i18ners,

Mailman 2.1.7a1 was released for alpha test and i18n translations.  Here
is excerpts from NEWS file.  I thank Mark Sapiro for significant
contributions in bug-fixes and document/message brushups.

Please fetch it from SF download sites or from
 http://mm.tkikuchi.net/mailman-2.1.7a1.tgz

Cheers,

Tokio
---------------------------------------------------
Here is a history of user visible changes to Mailman.

2.1.7a1 (13-Dec-2005)

  Security

    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
      message instead of just quietly dropping ./ and ../ from URLs.

    - A note on CVE-2005-3573: Although the RFC2231 bug example in the
      CVE has been solved in mailman-2.1.6, there may be more cases
      where ToDigest.send_digests() can block regular delivery.
      We put the send_digests() calling part in try - except clause and
      leave a message in the error log if something happened in
      send_digests().  Daily call of cron/senddigests will notify more
      detail to the site administrator.

    - List administrators can no longer change the user's
option/subscription
      globally.  Site admin can change these only if
      mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

    - Script tag is disallowd in edithtml script.

    - Since probe message for the disabled users may reach unexpected
      persons, the password was excluded from sendProbe() and probe.txt.
      Note that the default value of VERP_PROBE has been set to `No'
      from 2.1.6., thus this change doesn't change the default behavior.

  New Features

    - Always remove DomainKey (and similar) headers (1287546) from messages
      sent to the list.

    - List owners can customize content filter behavior as not to collapse
      multipart/alternative to its first content.  This allows HTML part
      to pass through after other content filtering is done.

  Internationalization

    - New language: Interlingua.

  Bug fixes and other patches

    - Fix MTA/Postfix.py to check aliases group permission in check_perms
      and fix mailman-install document on this matter (1378270).

    - Fix private.py to go to the original URL after authorization
(1080943).

    - Fix bounce log score messages to be more consistent.

    - Fix bin/remove_members to accept no arguments when both --fromall and
      --file= options are specified.

    - Change cgi-bin and mail wrapper "group not found" error message to be
      more descriptive of the actual problem.

    - Apply the list's ban_list to address changes and admin mass subscribe
      and invite and to confirmations/approvals of address changes,
      subscriptions and invitations.

    - Decode quoted-printable and base64 encoded parts before passing to
      HTML_TO_PLAIN_TEXT_COMMAND (1367783).

    - Remove Approve: header from post - treat as Approved: (1355707).

    - Stop removing line following Approve(d): line in body of post
(1318883).

    - Log post in post log with true sender, not listname-bounces (1287921).

    - Correctly initialize and remember the list's default_member_moderation
      attribute in the web list creation page (1263213).

    - Add PEP263 charset in config_list output (1343100).

    - header_filter_rules get lost if accessed directly and needed authenti-
      cation by login page (1230865).

    - Obscure email when the poster doesn't set full name in 'From:' header.

    - Take preambles and epilogues into account when calculating message
sizes
      for holding purposes (Mark Sapiro).

    - Logging/Logger.py unicode transform option (1235567).

    - bin/update crashes with bogus files (949117).

    - Bugs and patches: 1212066/1301983 (Date header in create/remove
notice)


-- 
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/


More information about the Mailman-Developers mailing list