[Mailman-Users] Bug in SUBSCRIBE_FORM_SECRET feature?

Mark Sapiro mark at msapiro.net
Wed Dec 18 16:04:14 CET 2013

On 12/18/2013 01:27 AM, Sebastian Hagedorn wrote:
> I installed Mailman 2.1.17 last night (upgrade from 2.1.15) and decided
> to give the SUBSCRIBE_FORM_SECRET feature a try, since we don't use
> static subscribe forms. All seemed well, but this morning I noticed that
> the listinfo page for some of the lists didn't work anymore. Here's an
> example from the error log:
> admin(328):   File "/usr/lib/mailman/Mailman/Cgi/listinfo.py", line 194,
> in list_listinfo
> admin(328):     mlist.internal_name() +
> admin(328): TypeError: unsupported operand type(s) for +: 'int' and 'str'

It appears that you put something like


in mm_cfg.py. If you set SUBSCRIBE_FORM_SECRET, it must be a string as
for example:


This is intended to be a string unique to your site so an attacker can't
compute the hash needed in sub_form_token.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list