From mailman-developers@python.org Thu Jul 11 20:52:33 2002 From: mailman-developers@python.org (Barry A. Warsaw) Date: Thu, 11 Jul 2002 15:52:33 -0400 Subject: [Mailman-Announce] RELEASED Mailman 2.0.12 Message-ID: <15661.57857.753290.942668@anthem.wooz.org> I' released Mailman 2.0.12 which fixes a cross-site scripting vulnerability, among other changes. I recommend that folks upgrade their 2.0.x systems to this new version. See below for a NEWS file excerpt. As usual, I've made both full source tarballs and patches available. See http://sourceforge.net/project/showfiles.php?group_id=103 for links to download all the patches and the source tarball. If you decide to install the patches, please do read the release notes first: http://sourceforge.net/project/shownotes.php?release_id=97760 See also: http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net Cheers, -Barry -------------------- snip snip -------------------- 2.0.12 (02-Jul-2002) - Implemented a guard against some reply loops and 'bot subscription attacks. Specifically, if a message to -request has a Precedence: bulk (or list, or junk) header, the command is ignored. Well-behaved 'bots should always include such a header. - Changes to the configure script so that you can pass in the mail host and web host by setting the environment variables MAILHOST and WWWHOST respectively. configure will also exit if it can't figure out these values (usually due to broken dns). - Closed another minor cross-site scripting vulnerability. From mailman-developers@python.org Wed Jul 24 05:14:12 2002 From: mailman-developers@python.org (Barry A. Warsaw) Date: Wed, 24 Jul 2002 00:14:12 -0400 Subject: [Mailman-Announce] Candidate Mailman 2.0.13 patch Message-ID: <15678.10644.858948.973667@anthem.wooz.org> As some of you have noticed, Mailman 2.0.12 has some compatibility problems with Python 1.5.2. In order to correct this, and a few other minor problems, I want to soon release a version 2.0.13. This time, however I'd like to enlist your help. ;) I have uploaded a candidate patch for 2.0.12 -> 2.0.13 at this url: http://sf.net/tracker/index.php?func=detail&aid=585643&group_id=103&atid=300103 I would appreciate it if someone (or a few someones) could give this patch a try. I'm essentially running it on python.org/zope.org, however I'm using Python 2.1.3 in my production environment. I have done some limited testing with Python 1.5.2 and this patch and it seems to go okay. I'd especially like to hear from those of you experiencing problems with MailCommandHandler, if you are running MM2.0.12 with Python 1.5.2. Does this patch fix things for you? Does it produce any other tracebacks or warnings in logs/error? Thanks for any feedback you can provide. If I get some positive feedback (or at least, no negative feedback) in a few days, I'd do a formal release. I expect that to be largely similar to this patch, with perhaps some documentation updates, unless other problems are uncovered by your testing. Thanks! -Barry From mailman-developers@python.org Mon Jul 29 18:50:31 2002 From: mailman-developers@python.org (Barry A. Warsaw) Date: Mon, 29 Jul 2002 13:50:31 -0400 Subject: [Mailman-Announce] RELEASED Mailman 2.0.13 Message-ID: <15685.32871.578530.632994@anthem.wooz.org> I've released Mailman 2.0.13 which fixes some incompatibilties with Python 1.5.2 that crept into Mailman 2.0.12. This also fixes a minor configure incompatibility on Solaris platforms (and possibly others). If you're using Python 1.5.2 with Mailman 2.0.12 you should definitely upgrade. The upgrade is safe if you're using newer Python versions too. See the NEWS file excerpt below. As usual, I've made both full source tarballs and patches available. See http://sourceforge.net/project/showfiles.php?group_id=103 for links to download all the patches and the source tarball. If you decide to install the patches, please do read the release notes first: http://sourceforge.net/project/shownotes.php?release_id=97760 See also: http://www.gnu.org/software/mailman http://www.list.org http://mailman.sf.net Cheers, -Barry -------------------- snip snip -------------------- 2.0.13 (29-Jul-2002) - Fixed some Python 1.5.2 compatibility problems that crept into Mailman 2.0.12. - Fixed some configure script incompatibilities on certain platforms.