[Mailman-Users] RELEASE Mailman 2.0.8
Barry A. Warsaw
barry at zope.com
Wed Nov 28 05:31:54 CET 2001
Hot on the heels of Mailman 2.0.7, I'm now releasing 2.0.8 which fixes
several cross-site scripting security holes, and a few other minor bug
fixes. More information on cross-site scripting exploits in general
can be found at
http://www.cert.org/advisories/CA-2000-02.html
I recommend anybody running a version of Mailman up to, and including
2.0.7 to upgrade to version 2.0.8.
I've made both full source tarballs and patches available. Actually,
patches going all the way back to 2.0 are now available on
SourceForge. See
http://sourceforge.net/project/showfiles.php?group_id=103
for links to download all the patches and the source tarball. If you
decide to install the patches, please do read the release notes first:
http://sourceforge.net/project/shownotes.php?release_id=63042
Currently the SourceForge and www.list.org sites are up-to-date, and I
expect the gnu.org site to be updated soon.
See also:
http://www.gnu.org/software/mailman
http://www.list.org
http://mailman.sf.net
I've also included links on the FAQ page to the Mailman FAQ wizard.
Thanks everybody for contributing good entries! (I may do some reorg
when I get a chance.) See the FAQ wizard at
http://www.python.org/cgi-bin/faqw-mm.py
Cheers,
-Barry
-------------------- snip snip --------------------
2.0.8 (27-Nov-2001)
Security fix release to prevent cross-site scripting exploits.
See http://www.cert.org/advisories/CA-2000-02.html for a
description of the general problem (not Mailman specific).
More information about the Mailman-Users
mailing list