- The GNU Mailing List Management System.
| NEWS (mailman-2.1.35.tgz) | : | NEWS (mailman-2.1.36.tgz) |
|---|
| -*- coding: iso-8859-1 -*- | | -*- coding: iso-8859-1 -*- |
| Mailman - The GNU Mailing List Management System | | Mailman - The GNU Mailing List Management System |
| Copyright (C) 1998-2020 by the Free Software Foundation, Inc. | | Copyright (C) 1998-2020 by the Free Software Foundation, Inc. |
| 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA | | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
| | |
| Here is a history of user visible changes to Mailman. | | Here is a history of user visible changes to Mailman. |
| | |
|
| | 2.1.36 (12-Nov-2021) |
| | |
| | Security |
| | |
| | - A potential XSS attack via the user options page has been reported by |
| | Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401) |
| | |
| | - A potential for for a list moderator to carry out an off-line brute force |
| | attack to obtain the list admin password has been reported by Andre |
| | Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. |
| | CVE-2021-43332 (LP: #1949403) |
| | |
| 2.1.35 (19-Oct-2021) | | 2.1.35 (19-Oct-2021) |
| | |
| Security | | Security |
| | |
| - A potential for for a list member to carry out an off-line brute force | | - A potential for for a list member to carry out an off-line brute force |
| attack to obtain the list admin password has been reported by Andre | | attack to obtain the list admin password has been reported by Andre |
| Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. | | Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. |
|
| CVE-2021-42096 (LP:#1947639) | | CVE-2021-42096 (LP: #1947639) |
| | |
| - A CSRF attack via the user options page could allow takeover of a users | | - A CSRF attack via the user options page could allow takeover of a users |
|
| account. This is fixed. CVE-2021-42097 (LP:#1947640) | | account. This is fixed. CVE-2021-42097 (LP: #1947640) |
| | |
| Bug Fixes and other patches | | Bug Fixes and other patches |
| | |
| - Fixed an issue where sometimes the wrapper message for DMARC mitigation | | - Fixed an issue where sometimes the wrapper message for DMARC mitigation |
| Wrap Message has no Subject:. (LP: #1915655) | | Wrap Message has no Subject:. (LP: #1915655) |
| | |
| - Plain text message bodies with Content-Disposition: and no declared | | - Plain text message bodies with Content-Disposition: and no declared |
| charset are no longer scrubbed. (LP: #1917968) | | charset are no longer scrubbed. (LP: #1917968) |
| | |
| - CommandRunner now recodes message bodies in the charset of the user's | | - CommandRunner now recodes message bodies in the charset of the user's |
| | | |
| End of changes. 3 change blocks. |
|---|
| 2 lines changed or deleted | | 14 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 