From mark at msapiro.net Tue Jul 10 21:03:06 2018 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 Jul 2018 18:03:06 -0700 Subject: [Mailman-Announce] Mailman 2.1.18 Security fix release Message-ID: <49581d63-1175-3802-6433-e5021d0782d2@msapiro.net> This is a heads up. There is a recently identified minor security issue in Mailman 2.1.27 and earlier. This is not something that allows permanent compromise or information leak from your site, but is something that needs to be fixed. This issue has been given CVE ID CVE-2018-13796. I plan to release Mailman 2.1.28 on 24 July, 2018 along with details of the issue and a patch to apply to earlier releases. This is just notification of that plan for those that need to plan ahead. Also, if you are a Mailman translator and you have any updates to your translation, please submit them in some form prior to 24 July so they can be incorporated in the release. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From mark at msapiro.net Tue Jul 10 23:13:16 2018 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 10 Jul 2018 20:13:16 -0700 Subject: [Mailman-Announce] correction: Mailman 2.1.28 Security fix release In-Reply-To: <49581d63-1175-3802-6433-e5021d0782d2@msapiro.net> References: <49581d63-1175-3802-6433-e5021d0782d2@msapiro.net> Message-ID: <106e27ee-73ba-fc83-bb22-4d6f3d34340f@msapiro.net> Resending with correct subject (2.1.28, not 2.1.18) On 7/10/18 6:03 PM, Mark Sapiro wrote: > This is a heads up. There is a recently identified minor security issue > in Mailman 2.1.27 and earlier. This is not something that allows > permanent compromise or information leak from your site, but is > something that needs to be fixed. This issue has been given CVE ID > CVE-2018-13796. > > I plan to release Mailman 2.1.28 on 24 July, 2018 along with details of > the issue and a patch to apply to earlier releases. > > This is just notification of that plan for those that need to plan ahead. > > Also, if you are a Mailman translator and you have any updates to your > translation, please submit them in some form prior to 24 July so they > can be incorporated in the release. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From maxking at asynchronous.in Wed Jul 11 02:50:09 2018 From: maxking at asynchronous.in (Abhilash Raj) Date: Tue, 10 Jul 2018 23:50:09 -0700 Subject: [Mailman-Announce] Announcing Mailman Suite 3.2 release Message-ID: <1531291809.1383003.1436888560.7910BC6D@webmail.messagingengine.com> I am very pleased to announce the release of Mailman Suite 3.2. This includes Mailman Core 3.2.0, MailmanClient 3.2.0, Postorius 1.2.0, Django-Mailman3 1.2.0, Hyperkitty 1.2.0. This release includes tons of new features and bug fixes. We had support from tons of new contributors and I, on behalf of the whole Mailman Core team, would like to thank each one of you. Mailman Core includes support for plugins, more attributes exposed in REST API and improved support for migrating Mailman 2.x lists. You can now migrate settings and memberships from Mailman 2.x lists to Mailman 3.1. Full change log is available here: https://mailman.readthedocs.io/en/latest/src/mailman/docs/NEWS.html#la-villa-strangiato Postorius, The New Mailman Web UI, now has more settings exposed. The most noteworthy of the features include Python 3.5+ support. Also, you can now set templates for headers, footers and automatic responses inside of Postorius. Full change log is available here: https://postorius.readthedocs.io/en/latest/news.html#id1 Hyperkitty, the next-generation mailing-list archiver, has also jumped on the Python 3.5+ wagon and supports all the latest and stable versions of Django. Importing archives from Mailman 2.x is now even more improved. Full change log is available here: https://hyperkitty.readthedocs.io/en/latest/news.html#id1 All the components can be downloaded from https://pypi.org. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. The Full documentation for the Suite is available at: http://docs.mailman3.org/en/latest/ For more information, please see our web site at one of: http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/ https://mirror.list.org/ -- thanks, Abhilash Raj (maxking) From mark at msapiro.net Wed Jul 11 10:02:27 2018 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 11 Jul 2018 07:02:27 -0700 Subject: [Mailman-Announce] Mailman 2.1.18 Security fix release (date change) In-Reply-To: <49581d63-1175-3802-6433-e5021d0782d2@msapiro.net> References: <49581d63-1175-3802-6433-e5021d0782d2@msapiro.net> Message-ID: <7a73d4eb-2db6-90b8-fa23-c65a930817a2@msapiro.net> On 7/10/18 6:03 PM, Mark Sapiro wrote: > This is a heads up. There is a recently identified minor security issue > in Mailman 2.1.27 and earlier. This is not something that allows > permanent compromise or information leak from your site, but is > something that needs to be fixed. This issue has been given CVE ID > CVE-2018-13796. > > I plan to release Mailman 2.1.28 on 24 July, 2018 along with details of > the issue and a patch to apply to earlier releases. > > This is just notification of that plan for those that need to plan ahead. Due to changed circumstances, I am changing the planned release date from 24 July to 23 July. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: From mark at msapiro.net Mon Jul 23 13:33:12 2018 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 23 Jul 2018 10:33:12 -0700 Subject: [Mailman-Announce] Mailman 2.1.28 Security Release Message-ID: I am pleased to announce the release of Mailman 2.1.28. Python 2.6 is the minimum supported, but Python 2.7 is strongly recommended. This is a minor security fix release. It also has some i18n updates and a couple of bug fixes and adds the ability to edit list specific templates through the web admin UI in a supported language other than the list's default. See the attached README.txt for details. For details of the security issue, see the report at which also includes a patch for those who want to fix this issue without upgrading. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, please see our web site at one of: http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/ https://mirror.list.org/ Mailman 2.1.28 can be downloaded from https://launchpad.net/mailman/2.1/ https://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: README.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: From mark at msapiro.net Tue Jul 24 18:59:08 2018 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 24 Jul 2018 15:59:08 -0700 Subject: [Mailman-Announce] Mailman 2.1.29 Release Message-ID: I am not so pleased to announce the release of Mailman 2.1.29. It turned out there was a bug in the security fix in 2.1.28 that broke the web admin and listinfo overview pages. This is fixed in Mailman 2.1.29. The patch referred to below has been corrected to fix this bug. There is also a patch attached to which applies to 2.1.28 to fix this issue. Python 2.6 is the minimum supported, but Python 2.7 is strongly recommended. Mailman 2.1.28 was a minor security fix release. It also has some i18n updates and a couple of bug fixes and adds the ability to edit list specific templates through the web admin UI in a supported language other than the list's default. See the attached README.txt for details. For details of the security issue, see the report at which also includes a patch for those who want to fix this issue without upgrading. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, please see our web site at one of: http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/ https://mirror.list.org/ Mailman 2.1.29 can be downloaded from https://launchpad.net/mailman/2.1/ https://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: README.txt URL: