From tkikuchi at is.kochi-u.ac.jp Fri Apr 7 02:16:52 2006 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Fri, 07 Apr 2006 09:16:52 +0900 Subject: [Mailman-Announce] Released: Mailman 2.1.8 release candidate Message-ID: <4435AF74.1050607@is.kochi-u.ac.jp> Hi all, Mailman 2.1.8rc1 was released for the final test of 2.1.8. Important: This is not only a release candidate but also include a fix for a cross-site scripting bug found in 2.1.7. All sites running previous versions are adviced to upgrade to 2.1.8(rc1). I am going to release the final by the next weekend if nothing serious happens. Please download it from Sourceforge file area: http://sourceforge.net/project/showfiles.php?group_id=103 Cheers, Tokio --------------------------------------------------- Here is a history of user visible changes to Mailman. 2.1.8rc1 (07-Apr-2006) Security - A cross-site scripting hole in the private archive script of 2.1.7 has been closed. Thanks to Moritz Naumann for its discovery. Bug fixes and other patches - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net and several others. - Updated email library to 2.5.7 which will encode payload into qp/base64 upon setting. This enabled backing out the scrubber related patches including 'X-Mailman-Scrubbed' header in 2.1.7. - Fix SpamDetect.py potential hold/reject loop problem. - A warning message from email package to the stderr can cause error in Logging because stderr may be detached from the process during the qrunner run. We chose not to output errors to stderr but to the logs/error if the process is running under mailmanctl subprocess. - DKIM header cleansing was separated from Cleanse.py and added to -owner messages too. - Fixes: Lose Topics when go directly to topics URL (1194419). UnicodeError running bin/arch (1395683). edithtml.py missing import (1400128). Bad escape in cleanarch. Wrong timezone in list archive index pages (1433673). bin/arch fails with TypeError (1430236). Subscription fails with some Language combinations (1435722). Postfix delayed notification not recognized (863989). 2.1.7 (VERP) mistakes delay notice for bounce (1421285). show_qfiles: 'str' object has no attribute 'as_string' (1444447). Utils.get_domain() wrong if VIRTUAL_HOST_OVERVIEW off (1275856). Miscellaneous - Brad Knowles' mailman daily status report script updated to 0.0.16. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From tkikuchi at is.kochi-u.ac.jp Sat Apr 15 07:41:07 2006 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat, 15 Apr 2006 14:41:07 +0900 Subject: [Mailman-Announce] RELEASED: Mailman 2.1.8 Message-ID: <44408773.6010206@is.kochi-u.ac.jp> On behalf of the development team, I'm pleased to announce the release of GNU Mailman 2.1.8. In this release, we have fixed a cross-site scripting security bug in the previous release (CVE-2006-1712), integrated a new version of email library (email-2.5.7), and added bounce processing supports for number of sites and MUAs. It is highly recommended that all sites using 2.1.7 and before should update to this release. Mailman is free software for managing email mailing lists and e-newsletters. For more information, see: http://mailman.sourceforge.net/ For links to download the Mailman 2.1.8 source tarball, see: http://sourceforge.net/project/showfiles.php?group_id=103 (Note that uploading to the mirror sites may be delayed.) -- Tokio Kikuchi