[Mailman-Developers] [Mailman-Users] Released: Mailman 2.1.7b1

Tokio Kikuchi tkikuchi at is.kochi-u.ac.jp
Sat Dec 24 08:30:36 CET 2005 

Hi all,

I've just released Mailman 2.1.7rc1 Release Candidate.  I'm sorry for 
the violation of file name extension convention because I made a small 
mistake when tagging the release number.  I will be releasing 2.1.7 
final by December 31 if there is no problem.

Please download it from SF or:
  http://mm.tkikuchi.net/mailman-2.1.7rc1.tar.gz

Cheers,

Tokio
-------------------------------------------------------

2.1.7rc1 (24-Dec-2005)

   Security

     - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
       message instead of just quietly dropping ./ and ../ from URLs.

     - A note on CVE-2005-3573: Although the RFC2231 bug example in the
       CVE has been solved in mailman-2.1.6, there may be more cases
       where ToDigest.send_digests() can block regular delivery.
       We put the send_digests() calling part in try - except clause and
       leave a message in the error log if something happened in
       send_digests().  Daily call of cron/senddigests will notify more
       detail to the site administrator.

     - List administrators can no longer change the user's 
option/subscription
       globally.  Site admin can change these only if
       mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

     - Script tag is disallowd in edithtml script.

     - Since probe message for the disabled users may reach unexpected
       persons, the password was excluded from sendProbe() and probe.txt.
       Note that the default value of VERP_PROBE has been set to `No'
       from 2.1.6., thus this change doesn't change the default behavior.

   New Features

     - Always remove DomainKey (and similar) headers (1287546) from messages
       sent to the list.

     - List owners can customize content filter behavior as not to collapse
       multipart/alternative to its first content.  This allows HTML part
       to pass through after other content filtering is done.

   Internationalization

     - New language: Interlingua.

   Bug fixes and other patches


     - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True
       for safer operation.

     - Fix Scrubber.py mungs quoted-printable bug with introducing
       'X-Mailman-Scrubbed' header for marking that the payload is
       scrubber-munged.  The flag is referenced in ToDigest.py, 
ToArchive.py,
       Decorate.py and Archiver.  Similar problem in ToDigest.py where the
       plain digest is generated is also fixed.

     - Fix Syslog.py to write quopri encoded message when it fail to write
       8-bit characters.

     - Fix MTA/Postfix.py to check aliases group permission in check_perms
       and fix mailman-install document on this matter (1378270).

     - Fix private.py to go to the original URL after authorization 
(1080943).

     - Fix bounce log score messages to be more consistent.

     - Fix bin/remove_members to accept no arguments when both --fromall and
       --file= options are specified.

     - Change cgi-bin and mail wrapper "group not found" error message to be
       more descriptive of the actual problem.

     - Apply the list's ban_list to address changes and admin mass subscribe
       and invite and to confirmations/approvals of address changes,
       subscriptions and invitations.

     - Decode quoted-printable and base64 encoded parts before passing to
       HTML_TO_PLAIN_TEXT_COMMAND (1367783).

     - Remove Approve: header from post - treat as Approved: (1355707).

     - Stop removing line following Approve(d): line in body of post 
(1318883).

     - Remove Approve(d): <password> from all text/* parts in addition the
       initial text/plain part. It still must be the first non-blank line in
       the first text/plain part or it won't be found or removed at all
       (1181161).

     - Log post in post log with true sender, not listname-bounces 
(1287921).

     - Correctly initialize and remember the list's 
default_member_moderation
       attribute in the web list creation page (1263213).

     - Add PEP263 charset in config_list output (1343100).

     - header_filter_rules get lost if accessed directly and needed 
authenti-
       cation by login page (1230865).

     - Obscure email when the poster doesn't set full name in 'From:' 
header.

     - Take preambles and epilogues into account when calculating 
message sizes
       for holding purposes (Mark Sapiro).

     - Logging/Logger.py unicode transform option (1235567).

     - bin/update crashes with bogus files (949117).

     - Bugs and patches: 1212066/1301983 (Date header in create/remove 
notice)

More information about the Mailman-Developers mailing list