RELEASE Mailman 2.0.8
Barry A. Warsaw
barry at zope.com
Wed Nov 28 05:38:27 CET 2001
I've just released version 2.0.8 of Mailman, the GNU Mailing List
Manager. Mailman is released under the GNU General Public License
(GPL). Version 2.0.8 closes several cross-site scripting
vulnerabilities and includes a few other minor bug fixes.
More information on cross-site scripting exploits in general
can be found at
I recommend anybody running a version of Mailman up to, and including
2.0.7 to upgrade to version 2.0.8.
GNU Mailman is software to help manage electronic mail discussion
lists. Mailman gives each mailing list a unique web page and allows
users to subscribe, unsubscribe, and change their account options over
the web. Even the list manager can administer his or her list
entirely via the web. Mailman has most of the features that people
want in a mailing list management system, including built-in
archiving, mail-to-news gateways, spam filters, bounce detection,
digest delivery, and so on.
Mailman is compatible with most web servers, web browsers, and mail
servers. It runs on GNU/Linux and should run on any other Unix-like
operating system. Mailman 2.0.8 requires Python 1.5.2 or newer. To
install Mailman from source, you will need a C compiler.
For more information on Mailman, including links to file downloads,
please see the Mailman web page: http://www.gnu.org/software/mailman
And its mirrors at:
(Note: the gnu.org mirror is not yet updated.)
Patches and tarbals are available at
There are email lists (managed by Mailman, of course!) for both
Mailman users and developers. See the web sites above for details.
-------------------- snip snip --------------------
Security fix release to prevent cross-site scripting exploits.
See http://www.cert.org/advisories/CA-2000-02.html for a
description of the general problem (not Mailman specific).
More information about the Python-list