"Fossies" - the Fresh Open Source Software Archive

Member "mailman-2.1.39/NEWS" (13 Dec 2021, 212122 Bytes) of package /linux/misc/mailman-2.1.39.tgz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "NEWS": 2.1.38_vs_2.1.39.

    1 -*- coding: iso-8859-1 -*-
    2 Mailman - The GNU Mailing List Management System
    3 Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
    4 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
    6 Here is a history of user visible changes to Mailman.
    8 2.1.39 (13-Dec-2021)
   10   Bug Fixes and other patches
   12     - User matching for CSRF tokens is no longer case sensitive., and a
   13       potential NamerError in logging is fixed.  (LP: #1954694)
   15 2.1.38 (30-Nov-2021)
   17   Security
   19     - A potential CSRF attack against a list admin from a list member or
   20       moderator has been blocked.  CVE-2021-44227  (LP: #1952384)
   22   Bug Fixes and other patches
   24     - NotAMemberError exception from the user options page when the user has
   25       been asynchronously unsubscribed is fixed.  (LP: #1951769)
   27 2.1.37 (12-Nov-2021)
   29   Bug Fixes and other patches
   31     - A bug in the fix for CVE-2021-43332 has neen fixed.  (LP: #1950833)
   33 2.1.36 (12-Nov-2021)
   35   Security
   37     - A potential XSS attack via the user options page has been reported by
   38       Harsh Jaiswal.  This is fixed.  CVE-2021-43331 (LP: #1949401)
   40     - A potential for for a list moderator to carry out an off-line brute force
   41       attack to obtain the list admin password has been reported by Andre
   42       Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
   43       CVE-2021-43332 (LP: #1949403)
   45 2.1.35 (19-Oct-2021)
   47   Security
   49     - A potential for for a list member to carry out an off-line brute force
   50       attack to obtain the list admin password has been reported by Andre
   51       Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
   52       CVE-2021-42096  (LP: #1947639)
   54     - A CSRF attack via the user options page could allow takeover of a users
   55       account.  This is fixed.  CVE-2021-42097  (LP: #1947640)
   57   Bug Fixes and other patches
   59     - Fixed an issue where sometimes the wrapper message for DMARC mitigation
   60       Wrap Message has no Subject:.  (LP: #1915655)
   62     - Plain text message bodies with Content-Disposition: and no declared
   63       charset are no longer scrubbed.  (LP: #1917968)
   65     - CommandRunner now recodes message bodies in the charset of the user's
   66       or list's language to avoid a possible UnicodeError when including the
   67       message body in the reply.  (LP: #1921682)
   69     - Delivery disabled by bounce notices to admins now have 'disabled'
   70       properly translated.  (LP: #1922843)
   72     - DMARC policy discovery ignores domains with multiple DMARC records per
   73       RFC 7849,  (LP: 1931029)
   75 2.1.34 (26-Jun-2020)
   77   i18n
   79     - The Spanish translation has been updated by Omar Walid Llorente.
   81   Bug Fixes and other patches
   83     - The fix for LP: #1859104 can result in ValueError being thrown on
   84       attempts to subscribe to a list. This is fixed and extended to apply
   85       REFUSE_SECOND_PENDING to unsubscription as well.  (LP: #1878458)
   87     - DMARC mitigation no longer misses if the domain name returned by DNS
   88       contains upper case.  (LP: #1881035)
   90     - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent
   91       mailbombing of a member of a list with private rosters by repeated
   92       subscribe attempts.  (LP: #1883017)
   94     - Very long filenames for scrubbed attachments are now truncated.
   95       (LP: #1884456)
   97 2.1.33 (07-May-2020)
   99   Security
  101     - A content injection vulnerability via the private login page has been
  102       fixed.  CVE-2020-15011  (LP: #1877379)
  104 2.1.32 (05-May-2020)
  106   i18n
  108     Fixed a typo in the Spanish translation and updated mailman.pot and
  109     the message catalog for 2.1.31 security fix.
  111 2.1.31 (05-May-2020)
  113   Security
  115     - A content injection vulnerability via the options login page has been
  116       discovered and reported by Vishal Singh. This is fixed.  CVE-2020-12108
  117       (LP: #1873722)
  119   i18n
  121     - The Spanish translation has been updated by Omar Walid Llorente.
  123   Bug Fixes and other patches
  125     - Bounce recognition for a non-compliant Yahoo format is added.
  127     - Archiving workaround for non-ascii in string.lowercase in some Python
  128       packages is added.
  130 2.1.30 (13-Apr-2020)
  132   New Features
  134     - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
  135       list setting that can be used to apply dmarc_moderation_action to mail
  136       From: addresses listed or matching listed regexps.  This can be used
  137       to modify mail to addresses that don't accept external mail From:
  138       themselves.
  140     - There is a new MAX_LISTNAME_LENGTH setting.  The fix for LP: #1780874
  141       obtains a list of the names of all the all the lists in the installation
  142       in order to determine the maximum length of a legitimate list name.  It
  143       does this on every web access and on sites with a very large number of
  144       lists, this can have performance implications.  See the description in
  145       Defaults.py for more information.
  147     - Thanks to Ralf Jung there is now the ability to add text based captchas
  148       (aka textchas) to the listinfo subscribe form.  See the documentation
  149       for the new CAPTCHA setting in Defaults.py for how to enable this.  Also
  150       note that if you have custom listinfo.html templates, you will have to
  151       add a <mm-captcha-ui> tag to those templates to make this work.  This
  152       feature can be used in combination with or instead of the Google
  153       reCAPTCHA feature added in 2.1.26.
  155     - Thanks to Ralf Hildebrandt the web admin Membership Management section
  156       now has a feature to sync the list's membership with a list of email
  157       addresses as with the bin/sync_members command.
  159     - There is a new drop_cc list attribute set from DEFAULT_DROP_CC.  This
  160       controls the dropping of addresses from the Cc: header in delivered
  161       messages by the duplicate avoidance process.  (LP: #1845751)
  163     - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
  164       a second request to subscribe to a list when there is already a pending
  165       confirmation for that user.  This can be set to Yes to prevent
  166       mailbombing of a third party by repeatedly posting the subscribe form.
  167       (LP: #1859104)
  169   i18n
  171     - The Japanese translation has been updated by Yasuhito FUTATSUKI.
  173     - The German translation has been updated by Ludwig Reiter.
  175     - The Spanish translation has been updated by Omar Walid Llorente.
  177     - The Brazilian Portugese translation has been updated by Emerson de Mello.
  179   Bug Fixes and other patches
  181     - Fixed the confirm CGI to catch a rare TypeError on simultaneous
  182       confirmations of the same token.  (LP: #1785854)
  184     - Scrubbed application/octet-stream MIME parts will now be given a
  185       .bin extension instead of .obj.  CVE-2020-12137  (LP: #1886117)
  187     - Added bounce recognition for a non-compliant opensmtpd DSN with
  188       Action: error.  (LP: #1805137)
  190     - Corrected and augmented some security log messages.  (LP: #1810098)
  192     - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
  193       (LP: #1818205)
  195     - Leading/trailing spaces in provided email addresses for login to private
  196       archives and the user options page are now ignored.  (LP: #1818872)
  198     - Fixed the spelling of the --no-restart option for mailmanctl.
  200     - Fixed an issue where certain combinations of charset and invalid
  201       characters in a list's description could produce a List-ID header
  202       without angle brackets.  (LP: #1831321)
  204     - With the Postfix MTA and virtual domains, mappings for the site list
  205       -bounces and -request addresses in each virtual domain are now added
  206       to data/virtual-mailman (-owner was done in 2.1.24).  (LP: #1831777)
  208     - The paths.py module now extends sys.path with the result of
  209       site.getsitepackages() if available.  (LP: #1838866)
  211     - A bug causing a UnicodeDecodeError in preparing to send the confirmation
  212       request message to a new subscriber has been fixed.  (LP: #1851442)
  214     - The SimpleMatch heuristic bounce recognizer has been improved to not
  215       return most invalid email addresses.  (LP: #1859011)
  217 2.1.29 (24-Jul-2018)
  219   Bug Fixes
  221     - Fixed the listinfo and admin overview pages that were broken by
  222       LP: #1780874.  (LP: #1783417)
  224 2.1.28 (23-Jul-2018)
  226   Security
  228     - A content spoofing vulnerability with invalid list name messages in
  229       the web UI has been fixed.  CVE-2018-13796  (LP: #1780874)
  231   New Features
  233     - It is now possible to edit HTML and text templates via the web admin
  234       UI in a supported language other than the list's preferred_language.
  235       Thanks to Yasuhito FUTATSUKI.
  237   i18n
  239     - The Japanese translation has been updated by Yasuhito FUTATSUKI.
  241     - The German translation has been updated by Ralf Hildebrandt.
  243     - The Esperanto translation has been updated by Rubén Fernández Asensio.
  245   Bug fixes and other patches
  247     - The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
  248       not working.  This is fixed.  (LP: #1779774)
  250     - Escaping of HTML entities for the web UI is now done more selectively.
  251       (LP: #1779445)
  253 2.1.27 (22-Jun-2018)
  255   Security
  257     - Existing protections against malicious listowners injecting evil
  258       scripts into listinfo pages have had a few more checks added.
  259       JVN#00846677/JPCERT#97432283/CVE-2018-0618
  261     - A few more error messages have had their values HTML escaped.
  262       JVN#00846677/JPCERT#97432283/CVE-2018-0618
  264     - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
  265       the same as one generated at the same time for a different list and
  266       IP address.  While this is not thought to be exploitable in any way,
  267       the generation has been changed to avoid this.  Thanks to Ralf Jung.
  269   New Features
  271     - An option has been added to bin/add_members to issue invitations
  272       instead of immediately adding members.  (LP: #1773064)
  274     - A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to
  275       enable blocking web subscribes from IPv4 addresses listed in Spamhaus
  276       SBL, CSS or XBL.  It will work with IPv6 addresses if Python's
  277       py2-ipaddress module is installed.  The module can be installed via pip
  278       if not included in your Python.
  280     - Thanks to Jim Popovitch, Mailman has a new 'security' log and logs
  281       authentication failures to the various web CGI functions.  The logged
  282       data include the remote IP and can be used to automate blocking of IPs
  283       with something like fail2ban.  Since Mailman 2.1.14, these have returned
  284       an http 401 status and the information should be logged by the web
  285       server, but this new log makes that more convenient.  Also, the
  286       'mischief' log entries for 'hostile listname' noe include the remote IP
  287       if available.
  289     - Thanks to Jim Popovitch, admin notices of (un)subscribes now may give
  290       the source of the action.  This consists of a %(whence)s replacement
  291       that has been added to the admin(un)subscribeack.txt templates.  Thanks
  292       to Yasuhito FUTATSUKI for updating the non-English templates and help
  293       with internationalizing the reasons.
  295     - Thanks to Jim Popovitch, there is a new
  296       BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web
  297       subscribes for addresses in domains listed in the Spamhaus DBL.
  299   i18n
  301     - The Japanese translation has been updated by Yasuhito FUTATSUKI.
  303     - The Russian translation has been updated by Danil Smirnov.
  305     - A partial Esperanto translation has been added.  Thanks to
  306       Rubén Fernández Asensio.
  308     - Fixed a '# -*- coding:' line in the Russian message catalog that was
  309       mistakenly translated to Russian.  (LP: #1777342)
  311   Bug fixes and other patches
  313     - Some messages from bin/arch were not issued in the charset of the system
  314       locale when DISABLE_COMMAND_LOCALE_CSET is No.  Thanks to Yasuhito
  315       FUTATSUKI this is now fixed.  (LP: #1768892)
  317     - The message displayed in the browser when accessing a Mailman CGI when
  318       mm_cfg.py can't be imported due to some exception other than ImportError
  319       has been improved.  (LP: #1760506)
  321     - The reimplementation of DELIVERY_RETRY_WAIT in 2.1.26 could cause extra
  322       dequeueing and requeueing in the out queue by OutgoingRunner.  This is
  323       fixed.  (LP: #1762871)
  325     - A Python 2.7 dependency introduced in the ToDigests handler in Mailman
  326       2.1.24 has been removed.  (LP: #1755317)
  328     - Bad values in a list's topics will no longer break everything that
  329       might instantiate the list.  (LP: #1754516)
  331     - A Python 2.7 dependency introduced with the reCAPTCHA feature in 2.1.26
  332       has been removed.  (LP: #1752658)
  334     - The reCAPTCHA feature requires JavaScript.  If JavaScript is not enabled,
  335       a message will be displayed on the subscribe form that JavaScript is
  336       required.  (LP: #1769374)
  338     - Quoting in the mailman-config command has been changed from double to
  339       single quotes to allow double-quoted parameters.  (LP: #1774986)
  341     - Approving a held subscription for a user with a 'different' preferred
  342       language no longer corrupts the results page.  (LP: #1777222)
  344     - An issue with garbled descriptions on listinfo and admin overview pages
  345       and the heading of a list's listinfo page due to incompatible character
  346       sets has been fixed thanks to Yasuhito FUTATSUKI.
  348   Miscellaneous
  350     - Added to the contrib directory, a script from Jim Popovitch to generate
  351       Sitemap files for a list's archive.
  353 2.1.26 (04-Feb-2018)
  355   Security
  357     - An XSS vulnerability in the user options CGI could allow a crafted URL
  358       to execute arbitrary javascript in a user's browser.  A related issue
  359       could expose information on a user's options page without requiring
  360       login.  These are fixed.  Thanks to Calum Hutton for the report.
  361       CVE-2018-5950  (LP: #1747209)
  363   New Features
  365     - Thanks to David Siebörger who adapted an existing patch by Andrea
  366       Veri to use Google reCAPTCHA v2 there is now the ability to add
  367       reCAPTCHA to the listinfo subscribe form.  There are two new mm_cfg.py
  368       settings for RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY, the values
  369       for which you obtain for your domain(s) from Google at
  370       <https://www.google.com/recaptcha/admin>.
  372     - Thanks to Lindsay Haisley, there is a new bin/mailman-config command
  373       to display various information about this Mailman version and how it
  374       was configured.
  376   i18n
  378     - The Japanese message catalog has been updated for added strings by
  379       Yasuhito FUTATSUKI.
  381     - The German translation of a couple of templates has been updated by
  382       Thomas Hochstein.
  384     - The Japanese translation of Defaults.py.in has been updated by
  385       Yasuhito FUTATSUKI.
  387   Bug fixes and other patches
  389     - Fixed an i18n bug in the reCAPTCHA feature.  (LP: #1746189)
  391     - Added a few more environment variables to the list of those passed
  392       to CGIs to support an nginx/uwsgi configuration.  (LP #1744739)
  394     - Mailman 2.1.22 introduced a Python 2.7 dependency that could affect
  395       bin/arch processing a message without a valid Date: header.  The
  396       dependency has been removed.  (LP: #1740543)
  398     - Messages held for header_filter_rules now show the matched regexp in
  399       the hold reason.  (LP: #1737371)
  401     - When updating the group and mode of a .db file with Mailman's Postfix
  402       integration, a missing file is ignored.  (LP: #1734162)
  404     - The DELIVERY_RETRY_WAIT setting is now effective.  (LP: #1729472)
  406 2.1.25 (26-Oct-2017)
  408   New Features
  410     - The admindb held subscriptions listing now includes the date of the
  411       most recent request from the address.  (LP: #1697097)
  413   Accessibility
  415     - The admin Membership List now includes text for screen readers which
  416       identifies the function of each checkbox.  CSS is added to the page to
  417       visually hide the text but still allow screen readers to read it.
  418       Similar text has been added to some radio buttons on the admindb pages.
  420   i18n
  422     - The Russian translation has been updated by Sergey Matveev.
  423       (LP: #1708016)
  425   Bug fixes and other patches
  427     - Thanks to Jim Popovitch, certain failures in DNS lookups of DMARC policy
  428       will now result in mitigations being applied.  (LP: #1722013)
  430     - The default DMARC reject reason now properly replaces %(listowner)s.
  431       (LP: #1718962)
  433     - The web roster page now shows case preserved email addresses.
  434       (LP: #1707447)
  436     - Changed the SETGID wrappers to only pass those items in the environment
  437       that are needed by the called scripts.  (LP: #1705736)
  439     - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
  440       virtual-mailman(.db) files are readable by Postfix and the .db files are
  441       owned by the Mailman user.  (LP: #1696066)
  443     - Defended against certain web attacks that cause exceptions and "we hit
  444       a bug" responses when POST data or query fragments contain multiple
  445       values for the same parameter.  (LP: #1695667)
  447     - The fix for LP: #1614841 caused a regression in the options CGI.  This
  448       has been fixed.  (LP: #1602608)
  450     - Added a -a option to the (e)grep commands in contrib/mmdsr to account
  451       for logs that may have non-ascii and be seen as binary.
  453     - Fixed the -V option to bin/list_lists to not show lists whose host is a
  454       subdomain of the given domain.  (LP: #1695610)
  456 2.1.24 (02-Jun-2017)
  458   Security
  460     - A most likely unexploitable XSS attach that relies on the Mailman web
  461       server passing a crafted Host: header to the CGI environment has been
  462       fixed.  Apache for one is not vulnerable.  Thanks to Alqnas Eslam.
  464   New Features
  466     - There is a new RCPT_BASE64_HEADER_NAME setting.  If this is set to a
  467       non-empty string, that string is the name of a header that will be added
  468       to personalized and VERPed deliveries with value equal to the base64
  469       encoding of the recipient's email address.  This is intended to enable
  470       identification of the recipient otherwise redacted from "spam report"
  471       feedback loop messages.
  473     - cron/senddigests has a new -e/--exceptlist option to send pending
  474       digests for all but a named list.  (LP: #1619770)
  476     - The values for DEFAULT_DIGEST_FOOTER and DEFAULT_MSG_FOOTER have been
  477       changed to use a standard signature separator for DEFAULT_MSG_FOOTER
  478       and to remove the unneded line of underscores from DEFAULT_DIGEST_FOOTER.
  479       (LP: #266269)
  481   i18n
  483     - The Polish html templates have been recoded to use html entities
  484       instead of non-ascii characters.
  486     - The Basque (Euskara) translation has been updated by Gari Araolaza.
  488     - The German "details for personalize" page has been updated by
  489       Christian F Buser.
  491     - The Japanese translation has been updated by Yasuhito FUTATSUKI.
  493   Bug fixes and other patches
  495     - The list-owner@virtual.domain addresses are now added to virtual-mailman
  496       as they are exposed in 'list created' emails.  (LP: #1694384)
  498     - The 'list run by' addresses in web page footers are now just the
  499       list-owner address.  (LP: #1694384)
  501     - Changed member_verbosity_threshold from a >= test to a strictly > test
  502       to avoid the issue of moderating every post when the threshold = 1.
  503       (LP: #1693366)
  505     - Subject prefixing has been improved to always have a space between
  506       the prefix and the subject even with non-ascii in the prefix.  This
  507       will sometimes result in two spaces when the prefix is non-ascii but
  508       the subject is ascii, but this is the lesser evil.  (LP: #1525954)
  510     - Treat message and digest headers and footers as empty if they contain
  511       only whitespace.  (LP: #1673307)
  513     - Ensured that added message and digest headers and footers always have
  514       a terminating new-line.  (LP: #1670033)
  516     - Fixed an uncaught TypeError in the subscribe CGI.  (LP: #1667215)
  518     - Added recognition for a newly seen mailEnable bounce.
  520     - Fixed an uncaught NotAMemberError when a member is removed before a
  521       probe bounce for the member is returned.  (LP: #1664729)
  523     - Fixed a TypeError thrown in the roster CGI when called with a listname
  524       containing a % character.  (LP: #1661810)
  526     - Fixed a NameError issue in bin/add_members with
  527       DISABLE_COMMAND_LOCALE_CSET = yes.  (LP: #1647450)
  529     - The CleanseDKIM handler has been removed from OWNER_PIPELINE.  It isn't
  530       needed there and has adverse DMARC implications for messages to -owner
  531       of an anonymous list.  (LP: #1645901)
  533     - Fixed an issue with properly RFC 2047 encoding the display name in the
  534       From: header for messages with DMARC mitigations.  (LP: #1643210)
  536     - Fixed an issue causing UnicodeError in sending digests following a
  537       change of a list's preferred_language.  (LP: #1644356)
  539     - Enhanced the fix for race conditions in MailList().Load().  (LP: #266464)
  541     - Fixed a typo in Utils.py that could have resulted in a NameError in
  542       logging an unlikely occurrence.  (LP: #1637745)
  544     - Fixed a bug which created incorrect "view more members" links at the
  545       bottom of the admin Membership List pages.  (LP: #1637061)
  547     - The 2.1.23 fix for LP: #1604544 only fixed the letter links at the top
  548       of the Membership List.  The links at the bottom have now been fixed.
  550     - paths.py now adds dist-packages as well as site-packages to sys.path.
  551       (LP: #1621172)
  553     - INIT INFO has been added to the sample init.d script.  (LP: #1620121)
  555 2.1.23 (27-Aug-2016)
  557   Security
  559     - CSRF protection has been extended to the user options page.  This was
  560       actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and
  561       intended for Mailman 2.1.15, but that fix wasn't completely merged at the
  562       time.  The full fix also addresses the admindb, and edithtml pages as
  563       well as the user options page and the previously fixed admin pages.
  564       Thanks to Nishant Agarwala for reporting the issue.  CVE-2016-6893
  565       (LP: #1614841)
  567   New Features
  569     - For header_filter_rules matching, RFC 2047 encoded headers, non-encoded
  570       headers and header_filter_rules patterns are now all decoded to unicode.
  571       Both XML character references of the form &#nnnn; and unicode escapes
  572       of the form \Uxxxx in patterns are converted to unicodes as well.  Both
  573       headers and patterns are normalized to 'NFKC' normal form before
  574       matching, but the normalization form can be set via a new NORMALIZE_FORM
  575       mm_cfg setting.  Also, the web UI has been updated to encode characters
  576       in text fields that are invalid in the character set of the page's
  577       language as XML character references instead of '?'.  This should help
  578       with entering header_filter_rules patterns to match 'odd' characters.
  579       This feature is experimental and is problematic for some cases where it
  580       is desired to have a header_filter_rules pattern with characters not in
  581       the character set of the list's preferred language.  For patterns
  582       without such characters, the only change in behavior should be because
  583       of unicode normalization which should improve matching.  For other
  584       situations such as trying to match a Subject: with CJK characters (range
  585       U+4E00..U+9FFF) on an English language (ascii) list, one can enter a
  586       pattern like '^subject:.*[&#19968;-&#40959;]' or
  587       '^subject:.*[\u4e00;-\u9fff;]' to match a Subject with any character in
  588       the range, and it will work, but depending on the actual characters and
  589       the browser, submitting another, even unrelated change can garble the
  590       original entry although this usually occurs only with ascii pages and
  591       characters in the range \u0080-\u00ff.  The \Uxxxx unicode escapes must
  592       have exactly 4 hex digits, but they are case insensitive.  (LP: #558155)
  594     - Thanks to Jim Popovitch REMOVE_DKIM_HEADERS can now be set to 3 to
  595       preserve the original headers as X-Mailman-Original-... before removing
  596       them.
  598     - Several additional templates have been added to those that can be edited
  599       via the web admin GUI.  (LP: #1583387)
  601     - SMTPDirect.py can now do SASL authentication and STARTTLS security when
  602       connecting to the outgoiung MTA. Associated with this are new
  603       Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and
  604       SMTP_USE_TLS.  (LP: #558281)
  606     - There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which
  607       can be set to 1 to enable verbose smtplib debugging to Mailman's error
  608       log to help with debugging 'low level smtp failures'.  (LP: #1573074)
  610     - A list's nonmember_rejection_notice attribute will now be the default
  611       rejection reason for a held non-member post in addition to it's prior
  612       role as the reson for an automatically rejected non-member post.
  613       (LP: #1572330)
  615   i18n
  617     - The French translation of 'Dutch' is changed from 'Hollandais' to
  618       'Néerlandais' per Francis Jorissen.
  620     - Some German language templates that were incorrectly utf-8 encoded have
  621       been recoded as iso-8859-1.  (LP: #1602779)
  623     - Japanese translation and documentation in messages/ja has been updated by
  624       Yasuhito FUTATSUKI.
  626   Bug fixes and other patches
  628     - The admin Membership List letter links could be incorrectly rendered as
  629       Unicode strings following a search.  (LP: #1604544)
  631     - We no longer throw an uncaught TypeError with certain defective crafted
  632       POST requests to Mailman's CGIs.  (LP: #1602608)
  634     - Scrubber links in archives are now in the list's preferred_language
  635       rather than the poster's language.  (LP: #1586505)
  637     - Improved logging of banned subscription and address change attempts.
  638       (LP: #1582856)
  640     - In rare circumstances a list can be removed while the admin or listinfo
  641       CGI or bin/list_lists is running causing an uncaught MMUnknownListError
  642       to be thrown.  The exception is now caught and handled.  (LP: #1582532)
  644     - Set the Date: header in the wrapper message when from_is_list or
  645       dmarc_moderation_action is Wrap Message.  (LP: #1581215)
  647     - A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the
  648       null string if it wants to avoid using this.  (LP: #1578450)
  650     - The white space to the left of the admindb Logout link is no longer
  651       part of the link.  (LP: #1573623)
  653 2.1.22 (17-Apr-2016)
  655   i18n
  657     - Fixed a typo in the German options.html template.  (LP: #1562408)
  659     - An error in the Brazilian Portugese translation of Quarterly has been
  660       fixed thanks to Kleber A. Benatti.
  662     - The Brazilian Portugese translation has been updated by Emerson Ribeiro
  663       de Mello.
  665   Bug fixes and other patches
  667     - All addresses in data/virtual-mailman are now properly appended with
  668       VIRTUAL_MAILMAN_LOCAL_DOMAIN and duplicates are not generated if the
  669       site list is in a virtual domain.  (LP: #1570630)
  671     - DMARC mitigations will now find the From: domain to the right of the
  672       rightmost '@' rather than the leftmost '@'.  (LP: #1568445)
  674     - DMARC mitigations for a sub-domain of an organizational domain will now
  675       use the organizational domain's sp= policy if any.  (LP: #1568398)
  677     - Modified NewsRunner.py to ensure that messages gated to Usenet have a
  678       non-blank Subject: header and when munging the Message-ID to add the
  679       original to References: to help with threading.  (LP: #557955)
  681     - Fixed the pipermail archiver to do a better job of figuring the date of
  682       a post when its Date: header is missing, unparseable or has an obviously
  683       out of range date.  This should only affect bin/arch as ArchRunner has
  684       code to fix dates at least if ARCHIVER_CLOBBER_DATE_POLICY has not been
  685       set to 0 in mm_cfg.py.  If posts have been added in the past to a list's
  686       archive using bin/arch and an imported mbox, running bin/arch again could
  687       result is some of those posts being archived with a different date.
  688       (LP: #1555798)
  690     - Fixed an issue with CommandRunner shunting a malformed message with a
  691       null byte in the body.  (LP: #1553888)
  693     - Don't collapse multipart with a single sub-part inside multipart/signed
  694       parts.  (LP: #1551075)
  696 2.1.21 (28-Feb-2016)
  698   New Features
  700     - There is a new dmarc_none_moderation_action list setting and a
  701       DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
  702       apply Munge From or Wrap Message actions to posts From: domains that
  703       publish DMARC p=none.  The intent is to eliminate failure reports to
  704       the domain owner for messages that would be munged or wrapped if the
  705       domain published a stronger DMARC policy.  See the descriptions in
  706       Defaults.py, the web UI and the bug report for more.  (LP: #1539384)
  708     - Thanks to Jim Popovitch there is now a feature to automatically turn
  709       on moderation for a malicious list member who attempts to flood a list
  710       with spam.  See the details for the Privacy options ... -> Sender
  711       filters -> member_verbosity_threshold and member_verbosity_interval
  712       settings in the web admin UI and the documentation in Defaults.py for
  713       the DEFAULT_MEMBER_VERBOSITY_* and VERBOSE_CLEAN_LIMIT settings for
  714       information.
  716     - bin/list_members now has options to display all moderated or all
  717       non-moderated members.
  719     - There is now a mm_cfg.py setting GLOBAL_BAN_LIST which is like the
  720       individual list's ban_list but applies globally to all subscribe
  721       requests.  See the description in Defaults.py for more details.
  723   i18n
  725     - The Japanese translation has been updated by Yasuhito FUTATSUKI.
  727     - Also thanks to Miloslav Trmac and Yasuhito FUTATSUKI, the l10n for
  728       Mailman's bin/ commands has been fixed to display using the character
  729       set of the user's work station even when Mailman's character set for
  730       the language is different.  Because this has not been tested over a
  731       wide set of locales, there is an mm_cfg.py switch
  732       DISABLE_COMMAND_LOCALE_CSET to disable it if it causes problems.
  733       (LP: #558167)
  735     - The Polish translation has been updated by Stefan Plewako.
  737     - The German translation has been updated by Mirian Margiani and
  738       Bernhard Schmidt.
  740     - The Russian translation has been updated by Danil Smirnov.
  742     - Several Galician templates that were improperly encoded as iso-8859-1
  743       have been fixed.  (LP: #1532504)
  745     - The Brazilian Portugese translation has been updated by Emerson Ribeiro
  746       de Mello.
  748   Bug fixes and other patches
  750     - If DMARC lookup fails to find a policy, also try the Organizational
  751       Domain.  Associated with this is a new mm_cfg.py setting
  752       DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL which sets the URL used to
  753       retrieve the data for the algorithm that computes the Organizational
  754       Domain.  See https://publicsuffix.org/list/ for info.  (LP: #1549420)
  756     - Modified contrib/mmdsr to correctly report No such list names that
  757       contain ".
  759     - User's "Acknowledge" option will now be honored for posts to anonymous
  760       lists.  (LP: #1546679)
  762     - Fixed a typo in the Non-digest options regular_exclude_ignore
  763       description thanks to Yasuhito FUTATSUKI.
  765     - DEFAULT_PASS_MIME_TYPES has been changed to accept text/plain sub-parts
  766       from message/rfc822 parts and multipart parts other than mixed and
  767       alternative and also accept pgp signatures.  This only applies to newly
  768       created lists and other than pgp signatures, still only accepts
  769       text/plain.  (LP: #1517446)
  771     - Modified contrib/mmdsr to report held and banned subscriptions and DMARC
  772       lookups in their own categories.
  774     - Fixed a bug that could create a garbled From: header with certain DMARC
  775       mitigation actions.  (LP: #1536816)
  777     - Treat a poster's address which matches an equivalent_domains address as
  778       a list member for the regular_exclude_ignore check.  (LP: #1526550)
  780     - Fixed an issue that sometimes left no white space following
  781       subject_prefix.  (LP: #1525954)
  783     - Vette log entries for banned subscriptions now include the source of
  784       the request if available.  (LP: #1525733)
  786     - Submitting the user options form for a user who was asynchronously
  787       unsubscribed would throw an uncaught NotAMemberError.  (LP: #1523273)
  789     - It was possible under some circumstances for a message to be shunted
  790       after a handler rejected or discarded it, and the handler would be
  791       skipped upon unshunting and the message accepted.  (LP: #1519062)
  793     - Posts gated to usenet will no longer have other than the target group
  794       in the Newsgroups: header.  (LP: #1512866)
  796     - Invalid regexps in *_these_nonmembers, subscribe_auto_approval and
  797       ban_list are now logged.  (LP: #1507241)
  799     - Refactored the GetPattern list method to simplify extending @listname
  800       syntax to new attributes in the future.  Changed Moderate.py to use the
  801       GetPattern method to process the *_these_nonmembers lists.
  803     - Changed CookHeaders to default to using space rather than tab as
  804       continuation_ws when folding headers.  (LP: #1505878)
  806     - Fixed the 'pidfile' path in the sample init.d script.  (LP: #1503422)
  808     - Subject prefixing could fail to collapse multiple 'Re:' in an incomming
  809       message if they all came after the list's subject_prefix.  This is now
  810       fixed.  (LP: #1496620)
  812     - Defended against a user submitting URLs with query fragments or POST
  813       data containing multiple occurrences of the same variable.
  814       (LP: #1496632)
  816     - Fixed bin/mailmanctl to check its effective rather than real uid.
  817       (LP: #1491187)
  819     - Fixed cron/gate_news to catch EOFError on opening the newsgroup.
  820       (LP: #1486263)
  822     - Fixed a bug where a delayed probe bounce can throw an AttributeError.
  823       (LP: #1482940)
  825     - If a list is not digestable an the user is not currently set to
  826       receive digests, the digest options will not be shown on the user's
  827       options page.  (LP: #1476298)
  829     - Improved identification of remote clients for logging and subscribe
  830       form checking in cases where access is via a proxy server.  Thanks to
  831       Jim Popovitch.  Also updated contrib/mmdsr for log change.
  833     - Fixed an issue with shunted messages on a list where the charset for
  834       the list's preferred_language had been changed from iso-8859-1 to
  835       utf-8 without recoding the list's description.  (LP: #1462755)
  837     - Mailman-Postfix integration will now add mailman@domain entries in
  838       data/virtual-mailman for each domain in POSTFIX_STYLE_VIRTUAL_DOMAINS
  839       which is a host_name of a list.  This is so the addresses which are
  840       exposed on admin and listinfo overview pages of virtual domains will
  841       be deliverable.  (LP: #1459236)
  843     - The vette log entry for DMARC policy hits now contains the list name.
  844       (LP: #1450826)
  846     - If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load
  847       balancer or similar in use the POSTing IP might not exactly match the
  848       GETting IP.  This is now accounted for by not requiring the last
  849       octet (16 bits for ipV6) to match.  (LP: #1447445)
  851     - DKIM-Signature:, DomainKey-Signature: and Authentication-Results:
  852       headers are now removed by default from posts to anonymous lists.
  853       (LP: #1444673)
  855     - The list admin web UI Mambership List search function often doesn't
  856       return correct results for search strings (regexps) that contain
  857       non-ascii characters.  This is partially fixed.  (LP: #1442298)
  859 2.1.20 (31-Mar-2015)
  861   Security
  863     - A path traversal vulnerability has been discovered and fixed.  This
  864       vulnerability is only exploitable by a local user on a Mailman server
  865       where the suggested Exim transport, the Postfix postfix_to_mailman.py
  866       transport or some other programmatic MTA delivery not using aliases
  867       is employed.  CVE-2015-2775  (LP: #1437145)
  869   New Features
  871     - There is a new Address Change sub-section in the web admin Membership
  872       Management section to allow a list admin to change a list member's
  873       address in one step rather than adding the new address, copying settings
  874       and deleting the old address.  (LP: #266809)
  876   i18n
  878     - The Russian translation has been updated by Danil Smirnov.
  880     - The Polish translation has been updated by Stefan Plewako.
  882   Bug fixes and other patches
  884     - A LookupError in SpamDetect on a message with RFC 2047 encoded headers
  885       in an unknown character set is fixed.  (LP: #1427389)
  887     - Fixed a bug in CommandRunner that could process the second word of a
  888       body line as a command word and a case sensitivity in commands in
  889       Subject: with an Re: prefix.  (LP: #1426829)
  891     - Fixed a bug in CommandRunner that threw an uncaught KeyError if
  892       the input to the list-request address contained a command word
  893       terminated by a period.  (LP: #1426825)
  895 2.2 Branch Backports (released in conjunction with 2.1.19)
  897   The following New Features and Bug Fixes have been in an "unofficial,
  898   never to be released" Mailman 2.2 branch for several years. Until now,
  899   they were never implemented on the official 2.1 branch because of their
  900   i18n impacts.  Given that there have been a number of i18n impacting
  901   changes due to DMARC mitigations in the last few releases, it has been
  902   decided to backport these as well.
  904   All of these changes have been running in production on several lists
  905   for years without problems other than untranslated strings, so they should
  906   be reasonably "bug free".
  908   New Features
  910     - There is a new list attribute 'subscribe_auto_approval' which is a list
  911       of email addresses and regular expressions matching email addresses
  912       whose subscriptions are exempt from admin approval.  (LP: #266609)
  914     - Confirmed member change of address is logged in the 'subscribe' log,
  915       and if admin_notify_mchanges is true, a notice is sent to the list
  916       owner using a new adminaddrchgack.txt template.
  918     - Added an 'automate' option to bin/newlist to send the notice to the
  919       admin without the prompt.
  921     - The processing of Topics regular expressions has changed. Previously the
  922       Topics regexp was compiled in verbose mode but not documented as such
  923       which caused some confusion.  Also, the documentation indicated that
  924       topic keywords could be entered one per line, but these entries were not
  925       handled properly.  Topics regexps are now compiled in non-verbose mode
  926       and multi-line entries are 'ored'.  Existing Topics regexps will be
  927       converted when the list is updated so they will continue to work.
  929     - Added real name display to the web roster.  (LP: #266754)
  932   Bug fixes and other patches
  934     - Changed the response to an invalid confirmation to be more generic.
  935       Not all confirmations are subscription requests.
  937     - Changed the default nonmember_rejection_notice to be more user friendly.
  938       (LP: #418728)
  940     - Added "If you are a list member" qualification to some messages from the
  941       options login page.  (LP: #266442)
  943     - Changed the 'Approve' wording in the admindbdetails.html template to
  944       'Accept/Approve' for better agreement with the button labels.
  946     - Added '(by thread)' to the previous and next message links in the
  947       archive to emphasize that even if you got to the message from a
  948       subject, date or author index, previous and next are still by thread.
  950 2.1.19 (28-Feb-2015)
  952   New Features
  954     - The subscribe_auto_approval feature backported from the 2.2 branch and
  955       described above has been enhanced to accept entries of the form
  956       @listname to auto approve members of another list.  (LP: #1417093)
  958     - There is a new list attribute dmarc_wrapped_message_text and a
  959       DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new
  960       lists.  This text is added to a message which is wrapped because of
  961       dmarc_moderation_action in a separate text/plain part that precedes the
  962       message/rfc822 part containing the original message.  It can be used to
  963       provide an explanation of why the message was wrapped or similar info.
  965     - There is a new list attribute equivalent_domains and a
  966       DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which
  967       in turn defaults to the empty string.  This provides a way to specify one
  968       or more groups of domains, e.g., mac.com, me.com, icloud.com, which are
  969       considered equivalent for validating list membership for posting and
  970       moderation purposes.
  972     - There is a new WEB_HEAD_ADD setting to specify text to be added to the
  973       <HEAD> section of Mailman's internally generated web pages.  This doesn't
  974       apply to pages built from templates, but in those cases, custom templates
  975       can be created.  (LP: #1409396)
  977     - There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting.  Set this to Yes
  978       to make the default selection on the admin Mass Subscriptions page
  979       Invite rather than Subscribe.  (LP: #1404511)
  981     - There is a new list attribute in the Bounce processing section.
  982       bounce_notify_owner_on_bounce_increment if set to Yes will cause
  983       Mailman to notify the list owner on every bounce that increments a
  984       list member's score but doesn't result in a probe or disable.  There
  985       is a new configuration setting setting
  987       for new lists.  This in turn defaults to No.  (LP: #1382150)
  989   Changed behavior
  991     - Mailman's log files, request.pck files and heldmsg-* files are no
  992       longer created world readable to protect against access by untrusted
  993       local users.  Note that permissions on existing log files won't be
  994       changed so if you are concerned about this and don't rotate logs or
  995       have a logrotate process that creates new log files instead of letting
  996       Mailman create them, you will need to address that.  (LP: #1327404)
  998   Other changes
 1000     - The Python Powered logo image has been replaced in the misc/ directory
 1001       in the source distribution.  Depending on how you've installed these
 1002       images, you may need to copy PythonPowered.png from the misc/ directory
 1003       in the source or from the $prefix/icons/ installed directory to another
 1004       location for your web server.  (LP: #1408575)
 1006   i18n
 1008     - The Polish translation has been updated by Stefan Plewako.
 1010     - The Interlingua translation has been updated by Martijn Dekker.
 1012     - The Japanese message catalog has been updated by SATOH Fumiyasu.
 1014     - Mailman's character set for Romanian has been changed from iso-8859-2
 1015       to utf-8 and the templates and messages recoded.  This change will
 1016       require running 'bin/arch --wipe' on any existing Romanian language
 1017       lists in order to recode the list's archives, and will require recoding
 1018       any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and
 1019       templates/site/ro/*.  It may also require recoding any existing
 1020       iso-8859-2 text in list attributes.  (LP: #1418735)
 1022     - Mailman's character set for Russian has been changed from koi8-r to
 1023       utf-8 and the templates and messages recoded.  This change will
 1024       require running 'bin/arch --wipe' on any existing Russian language
 1025       lists in order to recode the list's archives, and will require recoding
 1026       any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and
 1027       templates/site/ru/*.  It may also require recoding any existing koi8-r
 1028       text in list attributes.  (LP: #1418448)
 1030     - Mailman's versions.py has been augmented to help with the above two
 1031       character set changes.  The first time a list with preferred_language
 1032       of Romanian or Russian is accessed or upon upgrade to this release,
 1033       any list attributes which have string values such as description, info,
 1034       welcome_msg, etc. that appear to be in the old character set will be
 1035       converted to utf-8.  This is done recursively for the values (but not
 1036       the keys) of dictionary attributes and the elements of list and tuple
 1037       attributes.
 1039     - The Russian message catalog and templates have been further updated by
 1040       Danil Smirnov.
 1042     - The Romanian message catalog has been updated.  (LP: #1415489)
 1044     - The Russian templates have been updated by Danil Smirnov.  (LP: #1403462)
 1046     - The Japanese translation has been updated by SATOH Fumiyasu.
 1047       (LP: #1402989)
 1049     - A minor change in the French translation of a listinfo subscribe form
 1050       message has been made.  (LP: #1331194)
 1052   Bug fixes and other patches
 1054     - Because of privacy concerns with the 2.2 backport adding real name to
 1055       list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME
 1056       setting that defaults to No.  You may wish to set this to Yes in
 1057       mm_cfg.py.
 1059     - Organization: headers are now unconditionally removed from posts to
 1060       anonymous lists.  Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept
 1061       if the regexp included the trailing ':'.  This is fixed too.
 1062       (LP: #1419132)
 1064     - The admindb interface has been fixed so the the detail message body
 1065       display doesn't lose part of a multi-byte character, and characters which
 1066       are invalid in the message's charset are replaced rather than the whole
 1067       body not being converted to the display charset.  (LP: #1415406)
 1069     - Fixed a bug in bin/rmlist that would throw an exception or just fail to
 1070       remove held message files for a list with regexp special characters in
 1071       its name.  (LP: #1414864)
 1073     - When applying DMARC mitigations, CookHeaders now adds the original From:
 1074       to Cc: rather than Reply-To: in some cases to make MUA 'reply' and
 1075       'reply all' more consistent with the non-DMARC cases.  (LP: #1407098)
 1077     - The Subject: of the list welcome message wasn't always in the user's
 1078       preferred language.  Fixed.  (LP: #1400988)
 1080     - Accept email command in Subject: prefixed with Re: or similar with no
 1081       intervening space.  (LP: #1400200)
 1083     - Fixed a UnicodeDecodeError that could occur in the web admin interface
 1084       if 'text' valued attributes have unicode values.  (LP: #1397170)
 1086     - We now catch the NotAMemberError exception thrown if an authenticated
 1087       unsubscribe is submitted from the user options page for a nonmember.
 1088       (LP: #1390653)
 1090     - Fixed an archiving bug that would cause messages with 'Subject: Re:'
 1091       only to be indexed in the archives without a link to the message.
 1092       (LP: #1388614)
 1094     - The vette log entry for a message discarded by a handler now includes
 1095       the list name and the name of the handler.  (LP: #558096)
 1097     - The options CGI now rejects all but HTTP GET and POST requests.
 1098       (LP: #1372199)
 1100     - A list's poster password will now be accepted on an Urgent: header.
 1101       (LP: #1371678)
 1103     - Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be
 1104       ignored.  (LP: #1363278)
 1106     - Renamed messages/sr/readme.sr to README.sr.  (LP: #1360616)
 1108     - Moved the dmarc_moderation_action checks from the Moderate handler to
 1109       the SpamDetect handler so that the Reject and Discard actions will be
 1110       done before the message might be held by header_filter_rules, and the
 1111       Wrap Message and Munge From actions will be done on messages held by
 1112       header_filter_rules if the message is approved.  (LP: #1334450)
 1114     - <label> tags have been added around most check boxes and radio buttons
 1115       and their text labels in the admin and admindb web GUI so they can be
 1116       (de)selected by clicking the text.  (LP: #266391)
 1118     - If checking DNS for dmarc_moderation_action and DNS lookup is not
 1119       available, log it.  (LP: #1324541)
 1121     - Handle missing From: header addresses for DMARC mitigation actions.
 1122       (LP: #1318025)
 1124 2.1.18-1 (06-May-2014)
 1126   Bug fixes and other patches
 1128     - A critical incompatibility between the DMARC Wrap Message action and
 1129       Python versions older than 2.6.x for some x <= 5 existed and caused
 1130       Wrapped message to be shunted.  This is fixed.  (LP: #1316682)
 1132     - Sender: headers are no longer removed in from_is_list Munge From
 1133       actions.  (LP: #1315970)
 1135 2.1.18 (03-May-2014)
 1137   Acknowledgements
 1139     - Thanks to Jim Popovitch and Phil Pennock for the branch that formed the
 1140       basis of the dmarc_moderation_action feature.
 1142     - Thanks to Franck Martin et al for the branch that formed the basis of
 1143       the from_is_list feature.
 1145   Dependencies
 1147     - There is a new dependency associated with the new Privacy options ->
 1148       Sender filters -> dmarc_moderation_action feature discussed below.
 1149       This requires that the dnspython <http://www.dnspython.org/> package
 1150       be available in Python.  This package can be downloaded from the above
 1151       site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
 1152       or installed with pip.
 1154   New Features
 1156     - The from_is_list feature introduced in 2.1.16 is now unconditionally
 1157       available to list owners.  There is also, a new Privacy options ->
 1158       Sender filters -> dmarc_moderation_action feature which applies to list
 1159       messages where the From: address is in a domain which publishes a DMARC
 1160       policy of reject or possibly quarantine.  This is a list setting with
 1161       values of Accept, Wrap Message, Munge From, Reject or Discard. There is
 1162       a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
 1163       default for this, and the list admin UI is not able to set an action
 1164       which is 'less' than the default.  The prior ALLOW_FROM_IS_LIST setting
 1165       has been removed and is effectively always Yes. There is a new
 1166       dmarc_quarantine_moderation_action list setting with default set by a
 1167       new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
 1168       which in turn defaults to Yes.  The list setting can be set to No to
 1169       exclude domains with DMARC policy of quarantine from
 1170       dmarc_moderation_action.
 1172       dmarc_moderation_action and from_is_list interact in the following way.
 1173       If the message is From: a domain to which dmarc_moderation_action applies
 1174       and if dmarc_moderation_action is other than Accept,
 1175       dmarc_moderation_action applies to that message.  Otherwise the
 1176       from_is_list action applies.
 1178       Also associated with dmarc_moderation_action are configuration settings
 1180       in more detail in Defaults.py.  There are also new vette log entries
 1181       written when dmarc_moderation_action is found to apply to a post.
 1183   i18n
 1185     - Added missing <mm-digest-question-start> tag to French listinfo template.
 1186       (LP: #1275964)
 1188   Bug Fixes and other patches
 1190     - Removed HTML tags from the title of a couple of rmlist.py pages because
 1191       browsers don't render tags in the title.  (LP: #265848)
 1193     - Most Mailman generated notices to list owners and moderators are now
 1194       sent as Precedence: list instead of bulk.  (LP: #1313146)
 1196     - The Reply-To: munging options weren't honored if there was no
 1197       from_is_list action.  (LP: #1313010)
 1199     - Changed from_is_list actions to insert the list address in Cc: if the
 1200       list is fully personalized.  Otherwise, the list address is only in
 1201       From: and Reply-To: overrides it.  (LP: #1312970)
 1203     - Fixed the Munge From action to only Munge the From: and/or Reply-To: in
 1204       the outgoing message and not in archives, digests and messages sent via
 1205       the usenet gateway.  (LP: #1311431)
 1207     - Fixed a long standing issue in which a notice sent to a user whose
 1208       language is other than that of the list can cause subsequent things
 1209       which should be in the list's language to be in the user's language
 1210       instead.  (LP: #1308655)
 1212     - Fixed the admin Membership List so a search string if any is not lost
 1213       when visiting subsequent fragments of a chunked list.  (LP: #1307454)
 1215     - For from_is_list feature, use email address from original From: if
 1216       original From: has no display name and strip domain part from resultant
 1217       names that look like email addresses.  (LP: #1304511)
 1219     - Added the list name to the vette log "held message approved" entry.
 1220       (LP: #1295875)
 1222     - Added the CGI module name to various "No such list" error log entries.
 1223       (LP: #1295875)
 1225     - Modified contrib/mmdsr to report module name if present in "No such list
 1226       error log entries.
 1228     - Fixed a NameError exception in cron/nightly_gzip when it tries to print
 1229       the usage message.  (LP: #1291038)
 1231     - Fixed a bug in ListAdmin._handlepost that would crash when trying to
 1232       preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
 1233       is False.  (LP: #1282365)
 1235     - The from_is_list header munging feature introduced in Mailman 2.1.16 is
 1236       no longer erroneously applied to Mailman generated notices.
 1237       (LP: #1279667)
 1239     - Changed the message from the confirm CGI to not indicate approval is
 1240       required for an acceptance of an invitation.  (LP: #1277744)
 1242     - Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
 1243       (LP: #1267003)
 1245     - Added recognition for another simple warning to bounce processing.
 1246       (LP: #1263247)
 1248     - Fixed a few failing tests in tests/test_handlers.py.  (LP: #1262950)
 1250     - Fixed bin/arch to not create scrubbed attachments for messages skipped
 1251       when processing the --start= option.  (LP: #1260883)
 1253     - Fixed email address validation to do a bit better in obscure cases.
 1254       (LP: #1258703)
 1256     - Fixed a bug which caused some authentication cookies to expire too soon
 1257       if AUTHENTICATION_COOKIE_LIFETIME is non-zero.  (LP: #1257112)
 1259     - Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
 1260       (LP: #1243343)
 1262   Miscellaneous
 1264     - Added to the contrib directory, a script from Alain Williams to count
 1265       posts in a list's archive.
 1267 2.1.17 (23-Nov-2013)
 1269   New Features
 1271     - Handling of posts gated from usenet to a list via the Mail <-> News
 1272       gateway is changed.  Formerly, no list membership, moderation or
 1273       *_these_nonmembers checks were done.  Now, if the sender of the usenet
 1274       post is a moderated member or a nonmember matching a *_these_nonmembers
 1275       filter, those checks will be done and actions applied.  Nonmember posts
 1276       from senders not matching a *_these_nonmembers filter are still accepted
 1277       as before.  (LP: #1252575)
 1279     - There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS.  Since it
 1280       is not possible to know which non-standard headers in a message might
 1281       reveal sender information, we now remove all headers from incoming posts
 1282       to anonymous lists except those which match regular expressions in this
 1283       list. The default setting keeps non X- headers except those known to
 1284       reveal sender information, Mailman added X- headers and x-Spam- headers.
 1285       See the description in Defaults.py for more information.  (LP: #1246039)
 1287   i18n
 1289     - The Japanese message catalog has been updated by SATOH Fumiyasu.
 1290       (LP: #1248855)
 1292   Bug Fixes and other patches
 1294     - Added a reopen command to the sample init.d script in misc/mailman.in.
 1295       (LP: #1251917)
 1297     - Fixed a misspelling in Tagger.py causing an "unexpected keyword argument
 1298       'Delete'" exception.  (LP: #1251495)
 1300     - Fixed contrib/qmail-to-mailman.py to work with a user other than
 1301       'mailman' and to recognize more listname-* addresses.  (LP: #412293)
 1303     - Fixed a possible UnicodeDecodeError in bin/sync_members.  (LP: #1243343)
 1305     - Fixed Makefile to not include $DESTDIR in paths compiled into .pyc
 1306       files for traceback purposes.  (LP: #1241770)
 1308 2.1.16 (16-Oct-2013)
 1310   New Features
 1312     - There is a new list attribute from_is_list to either rewrite the From:
 1313       header of posts replacing the posters address with that of the list or
 1314       wrap the message in an outer message From: the list for compatability
 1315       with DMARC and or ADSP.  There is a new mm_cfg.py setting
 1316       DEFAULT_FROM_IS_LIST to control the default for new lists, and the
 1317       existing REMOVE_DKIM_HEADERS setting has been extended to allow removing
 1318       those headers only for certain from_is_list lists.  This feature must
 1319       be enabled by setting ALLOW_FROM_IS_LIST to Yes in mm_cfg.py.  See the
 1320       description of these settings in Defaults.py for more detail.  This
 1321       feature is experimental in 2.1.16, and it is subject to change or to
 1322       become just one of the two methods in a subsequent release. People
 1323       interested in this feature are encouraged to try it and report their
 1324       experiences to the mailman-users@python.org list.
 1326     - There is a new DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting which if set
 1327       in mm_cfg.py will display a set of radio buttons in the admindb held
 1328       message summary to select how the held messages are sorted and grouped
 1329       for display. The exact setting determines the default grouping and
 1330       sorting.  See the description in Defaults.py for details.
 1332     - Setting digest_size_threshhold to zero now means no digests will be
 1333       sent based on size instead of a digest being sent with every post.
 1334       (LP: #558274)
 1336     - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
 1337       a dynamically generated, hidden hash in the listinfo subscribe form and
 1338       check it upon submission.  Setting this will prevent automated processes
 1339       (bots) from successfully POSTing web subscribes without first retrieving
 1340       and parsing the form from the listinfo page.  The form must also be
 1341       submitted no later than FORM_LIFETIME nor no earlier than
 1342       SUBSCRIBE_FORM_MIN_TIME after retrieval.  Note that enabling this will
 1343       break any static subscribe forms on your site.  See the description in
 1344       Defaults.py for more info.  (LP: #1082746)
 1346     - add_members now has an option to add members with mail delivery disabled
 1347       by admin.  (LP: #1070574)
 1349     - IncomingRunner now logs rejected messages to the vette log.
 1350       (LP: #1068837)
 1352     - The name of the mailmanctl master lock file is now congigurable via the
 1353       mm_cfg.py setting MASTER_LOCK_FILE.  (LP: #1082308)
 1355     - list_lists now has an option to list only lists with public archives.
 1356       (LP: #1082711)
 1358   Contributed programs
 1360     - A new import_majordomo_into_mailman.pl script has been contributed by
 1361       Geoff Mayes.  (LP: #1129742)
 1363     - A new "sitemap" bash script has been contributed by Tomasz Chmielewski
 1364       <mangoo@wpkg.org> to generate a sitemap.xml file of an installation's
 1365       public archives for submission to search engines.
 1367   i18n
 1369     - The Danish translation has been updated thanks to Tom Christensen.
 1371     - Fixed a string in the Czech message catalog.  (LP: #1234567)
 1373     - A Farsi (Persian) translation has been added thanks to Javad Hoseini and
 1374       Mahyar Moghimi.
 1376     - Fixed several misspelled or garbled string replacements in the Spanish
 1377       message catalog.  (LP: #1160138)
 1379     - pt_BR message catalog has two new and an updated message per Hugo Koji
 1380       Kobayashi.  (LP: #1138578)
 1382     - German message catalog has been updated per Ralf Hildebrandt.
 1384     - Corrected typo in templates/it/private.html.
 1386   Bug Fixes and other patches
 1388     - Fixed a crash in SpamDetect.py which caused messages with unparseable
 1389       RFC 2047 encoded headers to be shunted.  (LP: #1235101)
 1391     - Fixed cron/disabled to send a fresh cookie when notifying disabled
 1392       members.  (LP: #1203200)
 1394     - Added "message_id" to the interpolation dictionary for the Article.html
 1395       template.  (LP: #725498)
 1397     - Changed the admin GUI to report only the bad entries in a list of email
 1398       addresses if any are bad.  (LP: #558253)
 1400     - Added logging for template errors in HyperArch.py.  (LP: #558254)
 1402     - Added more explanation to the bad owner address message from
 1403       bin/newlist.  (LP: #1200763)
 1405     - Fixed a bug causing the admin web interface to fail CSRF checking if
 1406       the list name contains a '+' character.  (LP: #1190802)
 1408     - Fixed bin/mailmanctl -s to not remove the master lock if it can't be
 1409       determined to be truly stale.  (LP: #1189558)
 1411     - It is no longer possible to add 'invalid' addresses to the ban_list
 1412       and the *_these_nonmembers filters from the check boxes on the admindb
 1413       interface.  (LP: #1187201)
 1415     - Backported recognition for mail.ru DSNs and minor bug fixes from
 1416       lp:flufl.bounce.  (LP: #1074592, LP: #1079249 and #1079254)
 1418     - Defended against buggy web servers that don't include an empty
 1419       QUERY_STRING in the CGI environment.  (LP: #1160647)
 1421     - The Switchboard.finish() method now logs the text of the exception when
 1422       it fails to unlink/preserve a .bak file.  (LP: #1165589)
 1424     - The pending (un)subscriptions waiting approval are now sorted by email
 1425       address in the admindb interface as intended.  (LP: #1164160)
 1427     - The subscribe log entry for a bin/add_members subscribe now identifies
 1428       bin/add_members as the source.  (LP: #1161642)
 1430     - Fixed a bug where the Subject: of the user notification of a
 1431       bin/remove_members unsubscribe was not in the user's language.
 1432       (LP: #1161445)
 1434     - Fixed a bug where BounceRunner could create and leave behind zero length
 1435       bounce-events files.  (LP: #1161610)
 1437     - Added recognition for another Yahoo bounce format.  (LP: #1157961)
 1439     - Changed configure's method for getting Python's include directory from
 1440       distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
 1441       distutils.sysconfig.get_python_inc().  (LP: #1098162)
 1443     - Added an Auto-Generated: header to password reminders.  (LP: #558240)
 1445     - Fixed a bug where non-ascii characters in the real name in a subscription
 1446       request could throw a UnicodeEncodeError upon subscription approval and
 1447       perhaps in other situations too.  (LP: #1047100)
 1449     - The query fragments send_unsub_notifications_to_list_owner and
 1450       send_unsub_ack_to_this_batch will now assume default values if not set
 1451       in mass unsubscribe URLs.  (LP: #1032378)
 1453     - Replaced utf-8 encoded characters in newly added German templates with
 1454       HTML entities. (LP: #1018208)
 1456 2.1.15 (13-Jun-2012)
 1458   Security
 1460     - Strengthened the validation of email addresses.
 1462     - An XSS vulnerability, CVE-2011-0707, has been fixed.
 1464     - The web admin interface has been hardened against CSRF attacks by adding
 1465       a hidden, encrypted token with a time stamp to form submissions and not
 1466       accepting authentication by cookie if the token is missing, invalid or
 1467       older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one
 1468       hour.  Posthumous thanks go to Tokio Kikuchi for this implementation
 1469       which is only one of his many contributions to Mailman prior to his
 1470       death from cancer on 14 January 2012.
 1472   New Features
 1474     - Added a password reminder button to the private archive login page.
 1475       Backported from the 2.2 branch.
 1477     - There is a new list attribute regular_exclude_ignore set from mm_cfg.py
 1478       DEFAULT_REGULAR_EXCLUDE_IGNORE.  This defaults to True even though the
 1479       prior behavior is equivalent to False.  A True setting will ignore an
 1480       exclude list if the poster is not a member of that list.  The False
 1481       setting can result in list members not receiving posts if the nonmember
 1482       post is not accepted by the exclude list.  Backported from 2.2 branch.
 1484     - Eliminated the list cache from the qrunners.  Indirect self-references
 1485       caused lists to never be dropped from the cache which in turn caused
 1486       the qrunners to grow very large in installations with many lists or
 1487       multiple large lists.  Bug #862683.
 1489     - The user options 'list my other subscriptions' page now indicates for
 1490       each list if the subscription is 'nomail' or 'digest'.  Bug #793669.
 1492     - A new list poster password has been implemented.  This password may only
 1493       be used in Approved: or X-Approved: headers for pre-approving posts.
 1494       Using this password for that purpose precludes compromise of a more
 1495       valuable password sent in plain text email.  Bug #770581.
 1497     - A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
 1498       If this is set to a non-zero value, web authentication cookies will
 1499       expire that many seconds following their last use.  Its default value is
 1500       zero to preserve current behavior.
 1502     - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control
 1503       how much of the original message is included in automatic responses to
 1504       email commands.  The default is 2 to preserve the prior behavior of
 1505       including the full message.  Setting this to 1 in mm_cfg.py will include
 1506       only the original headers, and 0 will include none of the original.  It
 1507       is recommended to set this to 0 in mm_cfg.py to minimize the effects of
 1508       backscatter.  Bug #265835.
 1510     - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added
 1511       to control the default for respond_to_post_requests for new lists.  It is
 1512       set to Yes for backwards compatibility, but it is recommended that
 1513       serious consideration be given to setting it to No.  Bug #266051.
 1515     - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to
 1516       control whether a message to the -request address without any commands or
 1517       a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP
 1518       is responded to or just logged.  It defaults to Yes which is different
 1519       from prior behavior.  Bug #410236.
 1521     - Two new mm_cfg.py settings, BROKEN_BROWSER_WORKAROUND and
 1522       BROKEN_BROWSER_REPLACEMENTS, have been added to control escaping of
 1523       additional characters beyond the standard <, >, &, and " in the web UI.
 1524       See the documentation of these settings in Defaults.py.  The default
 1525       values for these settings result in no change from the prior release.
 1526       Bug #774588.
 1528   i18n
 1530     - Added some missing German templates from Egon Frerich.
 1532     - Added Greek translation from Antonis Limperis.
 1534     - A few errors in the Basque translation are fixed.  Bug #836861.
 1536     - Fixed a misspelling in the German invite.txt template.  Bug #815444.
 1538     - Fixed a missing format character in the Spanish translation.
 1539       Bug #670988.
 1541     - Thanks go to the following for updating translations for the changes in
 1542       this release.
 1543         Thijs Kinkhorst
 1544         Stefan Förster
 1545         Fabian Wenk
 1547   Bug Fixes and other patches
 1549     - Fixed a bug that could send an admin notice of a held subscription with
 1550       the subject in the user's preferred language instead of the list's
 1551       preferred language and possibly not properly RFC 2047 encoded.
 1552       (LP: #998949)
 1554     - Fixed a possible CPU bound loop in OutgoingRunner if the attempt to
 1555       Connect to the SMTP server throws a socket.error.  (LP: #966531)
 1557     - Fixed a potential crash in the web UI if a language is removed from the
 1558       LC_DESCRIPTIONS dictionary.  (LP: #966565)
 1560     - Added an Auto-Submitted: header to invitations and (un)subscription
 1561       confirmation requests to reduce the possibility of an autoresponder
 1562       confirming the request.  (LP: #265831)
 1564     - Added javascript to the private.html and admlogin.html templates to
 1565       focus the cursor on the entry field.  (LP: #266054)
 1567     - Added CPPFLAGS and LDFLAGS to src/Makefile to support their use.
 1568       (LP: #637652)
 1570     - Stopped removing the trailing slash from the List-Archive: header URL.
 1571       (LP: #964190)
 1573     - A configured version of contrib/courier-to-mailman.py is now created in
 1574       build/contrib/courier-to-mailman.py.  (LP: #999250)
 1576     - Subscription disabled warnings are now sent without a Precedence:
 1577       header.  Bug #808821.
 1579     - Backported 2.2 branch fix for a problem in SpamDetect.py that could
 1580       cause header_filter_rules to fail to match RFC 2047 encoded headers.
 1582     - Fix for bug #629738 could cause a crash in the admindb details display
 1583       if the decoded message body contained characters not in the character
 1584       set of the list's preferred language.  Fixed.  Bug #910440.
 1586     - Added recognition for another Qmail bounce format.
 1588     - Fixed an erroneous seek in the Mailman.Mailbox.Mailbox.AppendMessage
 1589       method that could cause a corrupt mailbox for files opened 'w+'.
 1590       Bug #901957.
 1592     - A held message with a null sender caused a crash in the admindb
 1593       interface.  This is fixed by changing the sender to <missing>.
 1594       Bug #897103.
 1596     - Changed subject prefixing to allow for possible whitespace between an
 1597       'Re' and the following colon when determining how to add the prefix.
 1598       Bug #893290.
 1600     - Fixed a problem where topics regexps would not match RFC 2047 encoded
 1601       Keywords: and/or Subject: headers.  Bug #891676.
 1603     - Fixed misleading response to an email approval of a held message.
 1604       Bug #889968.
 1606     - Added masthead.txt to the list of templates that can be edited via the
 1607       web admin interface.  Bug #266805.
 1609     - Changed the way digest_footer is added to the RFC 1153 (plain) format
 1610       digest for RFC compliance.  Bug #887610.
 1612     - Fixed cron/checkdbs to report unsubscriptions waiting approval.
 1613       Bug #873821.
 1615     - The fix for BUG #266220 (sf1181161) has been enhanced so that if there
 1616       is a pathological HTML part such that the Approved: password text isn't
 1617       found, but it is found after stripping out HTML tags, the post is
 1618       rejected with an informative message.
 1620     - A bug that would cause reset of any new_member_options bits other than
 1621       the four displayed as checkboxes on the list admin General Options page
 1622       whenever the page was updated or bin/config_list attempted to update
 1623       new_member_options has been fixed.  Bug #865825.
 1625     - A problem with the logic avoiding unnecessarily reloading a current list
 1626       object from the config.pck arises if the list is updated by another
 1627       process within the same second that it was last read/written.  That can
 1628       cause the reading of latest version of the list to be skipped.  This has
 1629       been fixed.  Bug #862675.
 1631     - Fixed bin/export.py to accept case insensitive password schemes.
 1632       Bug #833134.
 1634     - Added Tokio Kikuchi's icons to the misc/ and installed icons/
 1635       directories.  Bug #782474.
 1637     - Fixed a problem which could result in raw, undecoded message bodies
 1638       appearing in plain digests and archives.  Bug #787790.
 1640     - Fixed a problem in admindb.py where the character set for the display of
 1641       the message body excerpt was not correctly determined.  Bug #779751.
 1643     - Prevented setting user passwords with leading/trailing whitespace.
 1644       Bug #778088.
 1646     - Mailman now sets the 'secure' flag in cookies set via https URLs.
 1647       Bug #770377.
 1649     - Added a logout link to the admindb interface and made both admin and
 1650       admindb logout effective for a site admin cookie if allowed.
 1651       Bug #769318.
 1653     - Replaced the old Mailman logos and icon that install to Mailman's icons
 1654       directory with the new ones.  If you copy these elsewhere on your
 1655       server, please copy these new ones.
 1657     - Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when
 1658       MTA = 'Postfix'.  Bug #266408.
 1660     - Added a report of the affected members to the warnings issued when
 1661       setting a list with digest members digestable=No and when setting a list
 1662       with non-digest members nondigestable=no.  Bug #761232.
 1664     - Fixed a problem where content filtering could remove the headers from
 1665       an attached message/rfc822 part if the message in that part is
 1666       multipart/alternative and collapse_alternatives is Yes.  Bug #757062.
 1668     - Changed the subscribe CGI to strip leading and trailing whitespace from
 1669       the supplied email address.  Bug #745432.
 1671     - Changed the maximum number of arguments for the who command to be
 1672       considered administrivia from 2 to 1 to help avoid false positives.
 1673       Bug #739524.
 1675     - Added the list name as 'display-name' in added Sender: headers to help
 1676       mitigate Outlook et al 'on behalf of' displays.  Bug #736849.
 1678     - Fixed a typo in the usage() definition cron/gate_news.  Bug #721015.
 1680     - Fixed an uncaught KeyError when poster tries to cancel a post which was
 1681       already handled.  Bug #266224.
 1683     - Held message user notifications now come From: list-owner instead of
 1684       list-bounces.  Bug #714424.
 1686     - Issue an HTTP 404 status for private archive file not found.
 1688     - @listname entries in *_these_nonmembers are no longer case sensitive.
 1689       Bug #705715.
 1691     - Changed bin/rmlist to also remove heldmsg files for the removed list and
 1692       fixed a problem with removal of stale locks for the list.  Bug #700528.
 1694     - Fixed a bug where content filtering could leave a multipart message or
 1695       part with just one sub-part. These should be recast to just the sub-part.
 1696       Bug #701558.
 1698     - Fixed a bug that could erroneously handle posts from addresses in
 1699       *_these_nonmembers and send held/rejected notices to bogus addresses when
 1700       The From or other sender header is RFC 2047 encoded.  Bug #702516.
 1702     - Updated contrib/mm-handler-2.1.10 to better handle lists with names that
 1703       look like admin addresses.  Bug #697161.
 1705     - Added bounce recognition for a bogus Dovecot MDN.  Bug #693134.
 1707     - Fixed a problem where an emailed command in the Subject: header with a
 1708       non-ascii l10n of an 'Re:' prefix is ignored.  Bug #685261.
 1710     - Fixed a problem with approving a post by email when the body of the
 1711       approval mail is base64 encoded.  Bug #677115.
 1713     - Fixed the host name in the From: address of the owner notification from
 1714       bin/add_members.  Bug #666181.
 1716 2.1.14 (20-Sep-2010)
 1718   Security
 1720     - Two potential XSS vulnerabilities have been identified and fixed.
 1722   New Features
 1724     - A new feature for controlling the addition/replacement of the Sender:
 1725       header in outgoing mail has been implemented.  This allows a list owner
 1726       to set include_sender_header on the list's General Options page in the
 1727       admin GUI.  The default for this setting is Yes which preserves the prior
 1728       behavior of removing any pre-existing Sender: and setting it to the
 1729       list's -bounces address.  Setting this to No stops Mailman from adding or
 1730       modifying the Sender: at all.
 1732       Additionally, there is a new Defaults.py/mm_cfg.py setting
 1733       ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
 1734       to remove the include_sender_header setting from General Options, and
 1735       thus preserve the prior behavior completely.
 1737     - Bounce processing has been enhanced so that if a bounce is returned to a
 1738       list from a non-member who is a member of a regular_include_list, the
 1739       bounce will be processed as a bounce for the included list.
 1741   i18n
 1743     - Fixed a missing format character in the German bin/mailmanctl docstring.
 1745     - Updated Dutch translation from Jan Veuger.
 1747     - Updated Japanese Translation from Tokio Kikuchi.
 1749     - Updated Finnish translation from Joni Töyrylä.
 1751     - Made a few corrections to some Polish templates.  Bug #566731.
 1753     - Made a minor change to the Chinese (China) message catalog.  Bug #545772.
 1755     - Changed a few DOCTYPE directives in templates for compliance.
 1756       Bug #500952 and Bug #500955.
 1758   Bug Fixes and other patches
 1760     - Made minor wording improvements and typo corrections in some messages.
 1761       Bug #426979.
 1763     - Fixed i18n._() to catch exceptions due to bad formats.  Bug #632660.
 1765     - Fixed admindb interface to decode base64 and quoted-printable encoded
 1766       message body excerpts for display.  Bug #629738.
 1768     - Fixed web CGI tracebacks to properly report sys.path.  Bug #615114.
 1770     - Changed the member options login page unsubscribe request to include the
 1771       requesters IP address in the confirmation request.  Bug #610527.
 1773     - Changed fix_url to lock the list if not locked.  Bug #610364.
 1775     - Made a minor change to the English subscribeack.txt (welcome message)
 1776       template to emphasize that a password is only required to unsubscribe
 1777       *without confirmation*.
 1779     - Fixed an issue in admindb that could result in a KeyError and "we hit a
 1780       bug" response when a moderator acts on a post that had been handled by
 1781       someone else after the first moderator had retrieved it.  Bug #598671.
 1783     - Fixed a bug which would fail to show a list on the admin and listinfo
 1784       overview pages if its web_page_url contained a :port.  Bug # 597741.
 1786     - Fixed bin/genaliases to not throw TypeError when MTA = None.
 1787       Bug #587657.
 1789     - Provided the ability to specify in mm_cfg.py a local domain (e.g.
 1790       'localhost') for the local addresses in the generated virtual-mailman
 1791       when MTA = 'Postfix'.  See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py.
 1792       Bug #328907.
 1794     - Made a minor change to the removal of an Approved: pseudo-header from
 1795       a text/html alternative to allow for an inserted '\xA0' before the
 1796       password.
 1798     - Fixed Content Filtering collapse_alternatives to work on deeply nested
 1799       multipart/alternative parts.  Bug #576675.
 1801     - We now accept/remove X-Approved: and X-Approve: headers in addition to
 1802       Approved: and Approve: for pre-approving posts.  Bug #557750.
 1804     - Reordered the 'cancel' and 'subscribe' buttons on the subscription
 1805       confirmation web page so the default action upon 'enter' will be the
 1806       subscribe button in browsers that pick the first button.  Bug #530654.
 1808     - Fixed a bug in the admindb interface that could apply a moderator
 1809       action to a message not displayed.  Bug #533468.
 1811     - Added a traceback to the log message produced when processing the
 1812       digest.mbox throws an exception.
 1814     - Added a urlhost argument to the MailList.MailList.Create() method to
 1815       allow bin/newlist and the the create CGI to pass urlhost so the host
 1816       will be correct in the listinfo link on the emptyarchive page.
 1817       Bug #529100.
 1819     - Added the List-Post header to the default list of headers retained in
 1820       messages in the MIME digest.  Bug #526143.
 1822     - When daemonizing mailmanctl, we now ensure terminal files are closed.
 1824     - Fixed a bug in pipermail archiving that caused fallback threading by
 1825       subject to fail.  Bug #266572.
 1827     - We now give an HTTP 401 status for authentication failures from admin,
 1828       admindb, private, options and roster CGIs, and an HTTP 404 status from
 1829       all the CGIs for an invalid list name.
 1831     - Backported the listinfo template change from the 2.2 branch to fix
 1832       Bug #514050.
 1834     - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
 1835       would result in a munged URL if authentication was required. Bug #266164.
 1837     - Fixed a bug where check_perms would throw an OSError if an entry in
 1838       Mailman's lists/ directory was not a directory.  Bug #265613.
 1840     - Fixed a bug where a message with an Approved: header held by a handler
 1841       that precedes Approve (SpamDetect by default) would not have the
 1842       Approved: header removed if the held message was approved.  Bug #501739.
 1844 2.1.13 (22-Dec-2009)
 1846   i18n
 1848     - Updated Dutch message catalog from Jan Veuger.
 1850     - Added Asturian translation from Marcos Costales and the Asturian
 1851       Language Team.
 1853   Bug Fixes and other patches
 1855     - Added "white-space: pre-wrap" style for <pre> tag in archives.
 1856       Bug #266467.
 1858     - Added vette logging for rejected and discarded (un)subscribe requests.
 1860     - Fixed a bug in admindb.py that could erroneously discard an unsubscribe
 1861       request as a duplicate.
 1863     - Decoded RFC 2047 encoded message subjects for a few reports.
 1864       Bug #266428.
 1866     - Fixed the French, Spanish and Hebrew translations which improperly
 1867       translated the 'coding:' line in bin/config_list output.
 1869     - Fixed the auto-responder to treat messages to -confirm, -join, -leave,
 1870       -subscribe and -unsubscribe as requests rather than posts.  Bug #427962.
 1872     - Configure/make no longer builds Japanese and Korean codecs in
 1873       pythonlib if Python already has them.
 1875     - Inadvertently setting a null site or list password allowed access
 1876       to a list's web admin interface without authentication.  Fixed by
 1877       not accepting null passwords.
 1879     - Changed VERP_CONFIRM_REGEXP  in Defaults.py to work if the replying
 1880       MUA folds the To: header and in cases where the list name includes '+'.
 1882     - Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.
 1884     - Replies to commands sent to list-request now come From: list-owner
 1885       instead of list-bounces.
 1887     - Mailman no longer folds long sub-part headers in multipart messages.
 1888       In addition, Mailman no longer escapes From_ lines in the body of
 1889       messages sent to regular list members, although MTA's may do it anyway.
 1890       This is to avoid breaking signatures per Bug #265967.
 1892     - XSS protection in the web interface went too far in escaping HTML
 1893       entities.  Fixed.
 1895     - Removed or anonymized additional headers in posts to anonymous lists.
 1897     - Fixed a bug that could cause incorrect threading of replies to archived
 1898       messages that arrive with timestamps in the same second.
 1900     - Scrubbed HTML attachments containing tab characters would get the tabs
 1901       replaced by a string of '&nbsp' without a semicolon.  Fixed.
 1903     - Caught a TypeError in content filtering, collapse alternatives that
 1904       occurred with a malformed message if a multipart/alternative part
 1905       wasn't multi-part.  Reported in comments to bug #266230.
 1907     - Fixed a few things in bin/update:
 1908       - Changed some old messages for more current meaning.
 1909       - Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
 1910       - Fixed 2.0.x template migration to not die if the templates/ tree
 1911         contains subdirectories from a version control system.
 1913     - Fixed a bug that would show a list on the admin and listinfo overview
 1914       pages if its web_page_url host contained the current host as a
 1915       substring.  Bug #342162.
 1917     - Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
 1918       if the string contained an HTML entity > 255 and also characters in the
 1919       128-255 range.  Bug #341594.
 1921     - Added recognition for more bounces.
 1923     - Updated contrib/mmdsr to report preserved messages and to use mktemp to
 1924       create temp files.
 1926 2.1.12 (23-Feb-2009)
 1928   Bug fixes and other patches
 1930     - Fix compatibility with Python 2.6.
 1932     - Fixed a bug in admin.py which would result in chunked pages of the
 1933       membership list for members whose address begins with a non-alphanumeric
 1934       character to not be visible or retrievable.
 1936     - Changed ListAdmin.py to make rejected post messages From: the -owner
 1937       address instead of the -bounces address.
 1939     - With MTA = 'Postfix', if the STANZA END for a list being removed is
 1940       missing or munged, the remainder of the aliases and/or virtual-mailman
 1941       file is lost.  Fixed.
 1943     - Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
 1944       requests have not been migrated properly.  This is fixed.
 1945       Bug #266106 (sf998384).
 1947     - Changed cron/gate_news to continue processing the remaining lists on
 1948       certain errors that can be caused by configuration of a particular list.
 1949       Bug #265941 (sf775100).
 1951     - Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
 1952       in the To: or Cc: header differed in case from the case-preserved member
 1953       address.  Bug #297795.
 1955     - Fixed a problem in SecurityManager that caused it to not find the
 1956       cookie when CheckCookie was not given a user and the user in the cookie
 1957       had a %xx encoded character.  Bug # 299220.
 1959     - Fixed a minor fromusenet reporting issue in the contributed mmdsr
 1960       script.
 1962     - Fixed a minor issue in cron/gate_news that could cause a list's
 1963       watermark to not be completely updated.
 1965     - Fixed an issue that prevented editing the options.html template from
 1966       the web admin interface. SF Bug #2164798.
 1968     - Fixed a problem in Decorate which could throw a TypeError on conversion
 1969       to unicode of a header/footer that was already unicode because of
 1970       interpolating a unicode value.
 1972     - Fixed an issue where list creation would report bad owner email
 1973       instead of bad listname when the list name had non-ascii characters.
 1974       SF Bug #2126489.
 1976     - Fixed an issue where in some circumstances HyperArch.py would translate
 1977       ' at ' into the wrong language ultimately throwing a UnicodeDecodeError
 1978       when the translation was decoded with a different character set.
 1979       Bug #308152.
 1981     - Corrected a typo in Mailman/Gui/Privacy.py. Bug #309757.
 1983     - Changed the pattern used to recognize URLs in messages for the pipermail
 1984       archive in order to try to do a better job of making hyperlinks.
 1985       Bug #310124.
 1987     - Added missing --bare option to French translation of list_lists help.
 1988       Bug #312119.
 1990     - Fixed a long standing error that stopped relative hrefs from being
 1991       generated for links on Mailman's web pages.
 1993     - Changed the admindb interface so that when messages are rejected from
 1994       the summary page, the reject reason is the rejection message from the
 1995       Errors.HoldMessage subclass instead of the generic "No reason given".
 1997     - Fixed the admin Membership List Find member function so the 'letter'
 1998       links to a chunked result would still be limited to the Find member
 1999       search. SF patch #1532081.
 2001     - Changed scripts/driver to return a 405 status for non GET, POST, HEAD
 2002       methods. SF patch #1578756.
 2004     - Fixed a bug in admindb.py in the implementation of replacing "No Reason
 2005       Given" with the default rejection reason.  Bug #325016.
 2007     - Changed Gui/Topics.py to validate regexps in VERBOSE mode.  Bug #327008.
 2009     - Worked around a potential problem in HyperArch.py with unicode character
 2010       set arguments.  Bug #328353.
 2012     - Recognize a couple more bounces.
 2014     - Fixed a bug introduced in 2.1.11 which would attempt to store bounce info
 2015       for a member just deleted if bounce_you_are_disabled_warnings is zero.
 2017   i18n
 2019     - Updated Dutch, Catalan and Polish translations.
 2021   Miscellaneous
 2023     - Added Lindsay Haisley's courier_to_mailman.py to the contrib directory.
 2025     - Added John Dennis' (RedHat) FHS patch to the contrib directory.
 2027 2.1.11 (30-Jun-2008)
 2029   New Features
 2031     - Added a new cron/cull_bad_shunt script to cull and optionally
 2032       archive old entries from the bad and shunt queues. This is controlled
 2033       by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default
 2034       7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine
 2035       how long to keep bad and shunt queue entries and optionally, where to
 2036       archive removed entries.
 2038     - Prepended list name to bounce log unrecognized bounce messages.
 2040     - Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
 2041       with default value '[-+_.=a-z0-9]'.  This Python regular expression
 2042       character class specifies the characters allowed in list names.  The
 2043       motivation for this is the fact that previously, a list named, e.g.,
 2044       xxx&yyy could be created and MTA aliases generated that would cause
 2045       The MTA to execute yyy as a command.  There is a possible security issue
 2046       here, but it is not believed to be exploitable in any meaningful way.
 2048   Bug fixes and other patches
 2050     - Changed the preservation of unparseable messages to be conditional on
 2051       the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and
 2052       changed the queue directory in which messages are preserved from 'shunt'
 2053       to 'bad'.
 2055     - Fixed a bug introduced in 2.1.10 that caused some email subscribe
 2056       requests to be shunted (1966837).
 2058     - Fixed a problem with bin/update erroneously moving templates from
 2059       templates/xx to lists/xx if a list has the same name as a language
 2060       code.  Also fixed the absolute path to lists/ (1418670 ).
 2062     - Changed Utils.ValidateEmail to not allow specials (particularly ':')
 2063       in unquoted local parts (1956393).
 2065     - Changed bin/update to remove .bak files erroneously left behind in
 2066       qfiles/*/ by a 2.1.9 bug.
 2068     - Added 's' to %(listname) in templates/ia/admlogin.html and
 2069       templates/sl/help.txt (1682990).
 2071     - Use newer template variable for site-owner address in
 2072       templates/ko/newlist.txt and templates/ru/newlist.txt (1578766).
 2074     - Corrections to Spanish translation submitted by Wikimedia Foundation
 2075       (1433262) and Debian.
 2077     - Corrections to German translation submitted by Ralf Doeblitz (916196).
 2079     - Correction to French translation submitted by Maxime Carron (1588617).
 2081     - Correction to Portuguese translation submitted by Gabriel P. Silva
 2082       (1733057).
 2084     - Add #! line to fblast.py test script (1578740).
 2086     - Fixed unescaped '%' in templates/nl/newlist.txt (1719017).
 2088     - Changed non-ascii characters in some templates/*/*.html files to HTML
 2089       entities.
 2091     - Fixed a problem in Decorate.py that could result in a multipart
 2092       message with no part headers for the original body part (1991348).
 2094     - Improved recognition of some bounce messages.
 2096     - Rearranged calls to the list setBounceInfo() method in Bouncer.py
 2097       to accommodate MemberAdaptors that store bounce info outside the
 2098       list instance.
 2100     - Fixed CookHeaders.py which in some cases with new style prefixing
 2101       would insert an extra space between the prefix and the subject.
 2103     - Changed OldStyleMemberships.py to remove the member from one_last_digest
 2104       when changing from regular to digest delivery to avoid the possibility
 2105       of a duplicate digest in some circumstances.
 2107     - Patched Danish message catalog for proper use of HTML entities per
 2108       Jonas Smedegaard (1999966).
 2110     - Improved bounce loop detection and handling in BounceRunner.py.
 2112     - Merged the Catalan i18n from the Mailman Catalan Translation Team.
 2114     - German translation updated by Peer Heinlein.
 2116     - Added check for gateway_to_news before holding for ModeratedNewsgroup.
 2118     - At some point, cron/senddigests and bin/update were inadvertently
 2119       'preconfigured'. This has been fixed.
 2121     - Brazilian Portuguese translation updated by Diego Francisco
 2122       de Gastal Morales.
 2124     - Added 'listname' to the replacements for the archidxfoot.html template.
 2126   Miscellaneous
 2128     - Brad Knowles' mailman daily status report script updated to 0.0.18.
 2130 2.1.10 (21-Apr-2008)
 2132   Security
 2134     - The 2.1.9 fixes for CVE-2006-3636 were not complete.  In particular,
 2135       some potential cross-site scripting attacks were not detected in
 2136       editing templates and updating the list's info attribute via the web
 2137       admin interface.  This has been assigned CVE-2008-0564 and has been
 2138       fixed.  Thanks again to Moritz Naumann for assistance with this.
 2140     - There is a new mm_cfg.py/Defaults.py variable
 2141       OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list
 2142       owner can change a member's password from the member's options page.
 2143       This defaults to No and should be changed to Yes only if list owners
 2144       are trusted to not change a member's password, log in as the member
 2145       and make global membership changes.
 2147   New Features
 2149     - Changed cmd_who.py to list all members if authorization is with the
 2150       list's admin or moderator password and to accept the password if the
 2151       roster is public.  Also changed the web roster to show hidden members
 2152       when authorization is by site or list's admin or moderator password
 2153       (1587651).
 2155     - Added the ability to put a list name in accept_these_nonmembers
 2156       to accept posts from members of that list (1220144).
 2158     - Added a new 'sibling list' feature to exclude members of another list
 2159       from receiving a post from this list if the other list is in the To: or
 2160       Cc: of the post or to include members of the other list if that list is
 2161       not in the To: or Cc: of the post (Patch ID 1347962).
 2163     - Added the admin_member_chunksize attribute to the admin General Options
 2164       interface (Bug 1072002, Partial RFE 782436).
 2166 Internationalization
 2168     - Added the Hebrew translation from Dov Zamir.  This includes addition of
 2169       a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table.  The
 2170       add_language() function defaults direction to 'ltr' to not break
 2171       existing mm_cfg.py files.
 2173     - Added the Slovak translation from Martin Matuska.
 2175     - Added the Galician translation from Frco. Javier Rial Rodríguez.
 2177   Bug fixes and other patches
 2179     - Added bounce recognition for several additional bounce formats.
 2181     - Fixed CommandRunner.py to decode a quoted-printable or base64 encoded
 2182       message part (1829061).
 2184     - Fixed Scrubber.py to avoid loss of an implicit text/plain message part
 2185       with no Content-* headers in a MIME multipart message (759841).  Fixed
 2186       several other minor scrubber issues (1242450).
 2188     - Added Date and Message-ID headers to the confirm reply message that
 2189       Mailman adds to the admin notification (1471318).
 2191     - Fixed Cgi/options.py to not present the "empty" topic to user.
 2193     - Fixed Handlers/CalcRecips.py to not process topics if topics are
 2194       disabled for the list.  This caused users who had previously subscribed
 2195       to topics and elected to not receive non-matching posts to receive no
 2196       messages after topics were disabled for the list.
 2198     - Fixed MaildirRunner.py to handle hyphenated list names.
 2200     - Fixed a bug in MimeDel.py (content filtering) which caused
 2201       *_filename_extensions to not match if the extension in the message was
 2202       not all lower case.
 2204     - Fixed versions.py to not call a non-existant method when converting held
 2205       posts from Mailman 1.0.x lists.
 2207     - Added a test to configure to detect a missing python-devel package on
 2208       some RedHat systems.
 2210     - Fixed bin/dumpdb to once again be able to dump marshals (broken since
 2211       2.1.5) (963137).
 2213     - Worked around a bug in the Python email library that could cause Mailman
 2214       to not get the correct value for the sender of a message from an RFC
 2215       2231 encoded header causing spurious held messages.
 2217     - Fixed bin/check_perms to detect certain missing permissions on the
 2218       archives/private/ and archives/private/<list>/database/ directories.
 2220     - Improved exception handling in cron/senddigests.
 2222     - Changed the admindb page to not show the "Discard all messages marked
 2223       Defer" checkbox when there are only (un)subscribes and no held messages.
 2224       Also added a separator and heading for "Held Messages" like the ones for
 2225       "Subscribe Requests" and "Unsubscribe Requests".  Suppressed the
 2226       "Database Updated" message when coming from the login page.  Also
 2227       removed the "Discard all messages marked Defer" checkbox from the
 2228       details page where it didn't work (1562922, 1000699).
 2230     - Fixed admin.py so null VARHELP category is handled (1573393).
 2232     - Fixed OldStyleMemberships.py to preserve delivery statuses BYADMIN
 2233       and BYUSER on a straight change of address (1642388).  Also fixed a
 2234       bug that could result in a member key with uppercase in the domain.
 2236     - Fixed bin/withlist so that -r can take a full package path to a
 2237       callable.
 2239     - Removal of DomainKey/DKIM signatures is now controlled by Defaults.py
 2240       mm_cfg.py variable REMOVE_DKIM_HEADERS (default = No).  Also, if
 2241       REMOVE_DKIM_HEADERS = Yes, an Authentication-Results: header will be
 2242       removed if present.
 2244     - The DeprecationWarning issued by Python 2.5 regarding string exceptions
 2245       is supressed.
 2247     - format=flowed and delsp=yes are now preserved for message bodies when
 2248       message headers/footers are added and attachments are scrubbed
 2249       (1495122).
 2251     - Queue runner processing is improved to log and preserve for analysis in
 2252       the shunt queue certain bad queue entries that were previously logged
 2253       but lost.  Also, entries are preserved when an attempt to shunt throws
 2254       an exception (1656289).
 2256     - The admin Membership List pages have been changed in that the email
 2257       address which forms a part of the various CGI data keys is now
 2258       urllib.quote()ed. This allows changing options for and unsubbing an
 2259       address which contains a double-quote character, but it may require
 2260       changes to scripts that screen-scrape the web admin interface to
 2261       produce a membership list so they will report an unquoted address.
 2263     - The fix for bug 1181161 in 2.1.7 was incomplete.  The Approve(d): line
 2264       wasn't always found in quoted-printable encoded parts and was never
 2265       found in base64 encoded parts.  This is now fixed.
 2267     - Fixed a mail loop if a list owner puts the list's -bounces or -admin
 2268       address in the list's owner attribute (1834569).
 2270     - Fixed the mailto: link in archived messages to prefix the subject with
 2271       Re: and to put the correct message-id in In-Reply-To (1621278, 1834281).
 2273     - Coerced list name arguments to lower case in the change_pw, inject,
 2274       list_admins and list_owners command line tools (patch 1842412).
 2276     - Fixed cron/disabled to test if bounce info is stale before disabling
 2277       a member when the threshold has been reduced.
 2279     - It wasn't noted here, but in 2.1.9, queue runner processing was made
 2280       more robust by making backups of queue entries when they were dequeued
 2281       so they could be recovered in the event of a system failure.  This
 2282       opened the possibility that if a message itself caused a runner to
 2283       crash, a loop could result that would endlessly reprocess the message.
 2284       This has now been fixed by adding a dequeue count to the entry and
 2285       moving the entry aside and logging the fact after the third dequeue of
 2286       the same entry.
 2288     - Fixed the command line scripts add_members, sync_members and
 2289       clone_member to properly handle banned addresses (1904737).
 2291     - Fixed bin/newlist to add the list's preferred language to the list's
 2292       available_languages if it is other than the server's default language
 2293       (1906368).
 2295     - Changed the first URL in the RFC 2369 List-Unsubscribe: header to go
 2296       to the options login page instead of the listinfo page.
 2298     - Changed the options login page to not issue the "No address given" error
 2299       when coming from the List-Unsubscribe and other direct links.  Also
 2300       changed to remember the user's language selection when redisplaying the
 2301       page following an error.
 2303     - Changed cmd_subscribe.py to properly accept (no)digest without a
 2304       password and to recognize (no)digest and address= case insensitively.
 2306     - Fixed a problem where GuiBase._getValidValue() would truncate a
 2307       floating point Number type to an int if the value was a float instead
 2308       of a numeric string. This affected setting floating point values with
 2309       config_list.
 2311   Miscellaneous
 2313     - Brad Knowles' mailman daily status report script updated to 0.0.17.
 2315     - An updated mm-handler (mm-handler-2.1.10) that can help reduce
 2316       backscatter has been added to the contrib directory.
 2318 2.1.9 (12-Sep-2006)
 2320   Security
 2322     - A malicious user could visit a specially crafted URI and inject an
 2323       apparent log message into Mailman's error log which might induce an
 2324       unsuspecting administrator to visit a phishing site.  This has been
 2325       blocked.  Thanks to Moritz Naumann for its discovery.
 2327     - Fixed denial of service attack which can be caused by some
 2328       standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.
 2330     - Several cross-site scripting issues have been fixed.  Thanks to Moritz
 2331       Naumann for their discovery.  CVE-2006-3636
 2333     - Fixed an unexploitable format string vulnerability.  Discovery and fix
 2334       by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
 2335       Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.
 2337   Internationalization
 2339     - New languages: Arabic, Vietnamese.
 2341   Bug fixes and other patches
 2343     - Fixed Decorate.py so that characters in message header/footer which
 2344       are not in the character set of the list's language are ignored rather
 2345       than causing shunted messages (1507248).
 2347     - Switchboard.py - Closed very tiny holes at the upper ends of queue
 2348       slices that could result in unprocessable queue entries.  Improved FIFO
 2349       processing when two queue entries have the same timestamp.
 2351 2.1.8 (15-Apr-2006)
 2353   Security
 2355     - A cross-site scripting hole in the private archive script of 2.1.7
 2356       has been closed.  Thanks to Moritz Naumann for its discovery.
 2358   Bug fixes and other patches
 2360     - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
 2361       and several others.
 2363     - Updated email library to 2.5.7 which will encode payload into qp/base64
 2364       upon setting.  This enabled backing out the scrubber related patches
 2365       including 'X-Mailman-Scrubbed' header in 2.1.7.
 2367     - Fix SpamDetect.py potential hold/reject loop problem.
 2369     - A warning message from email package to the stderr can cause error
 2370       in Logging because stderr may be detached from the process during
 2371       the qrunner run.  We chose not to output errors to stderr but to
 2372       the logs/error if the process is running under mailmanctl subprocess.
 2374     - DKIM header cleansing was separated from Cleanse.py and added to
 2375       -owner messages too.
 2377     - Fixes: Lose Topics when go directly to topics URL (1194419).
 2378       UnicodeError running bin/arch (1395683).  edithtml.py missing import
 2379       (1400128).  Bad escape in cleanarch.  Wrong timezone in list archive
 2380       index pages (1433673).  bin/arch fails with TypeError (1430236).
 2381       Subscription fails with some Language combinations (1435722).
 2382       Postfix delayed notification not recognized (863989).  2.1.7 (VERP)
 2383       mistakes delay notice for bounce (1421285).  show_qfiles: 'str'
 2384       object has no attribute 'as_string' (1444447).  Utils.get_domain()
 2385       wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
 2387   Miscellaneous
 2389     - Brad Knowles' mailman daily status report script updated to 0.0.16.
 2391 2.1.7 (31-Dec-2005)
 2393   Security
 2395     - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
 2396       message instead of just quietly dropping ./ and ../ from URLs.
 2398     - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
 2399       been solved in Mailman 2.1.6, there may be more cases where
 2400       ToDigest.send_digests() can block regular delivery.  We put the
 2401       send_digests() calling part in a try/except clause and leave a message
 2402       in the error log if something happened in send_digests().  Daily call of
 2403       cron/senddigests will provide more detail to the site administrator.
 2405     - List administrators can no longer change the user's option/subscription
 2406       globally.  Site admin can change these only if
 2407       mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
 2409     - <script> tags are HTML-escaped in the edithtml CGI script.
 2411     - Since the probe message for disabled users may reach unintended
 2412       recipients, the password is excluded from sendProbe() and probe.txt.
 2413       Note that the default value of VERP_PROBE has been set to `No' from
 2414       2.1.6., thus this change doesn't affect the default behavior.
 2416   New Features
 2418     - Always remove DomainKey (and similar) headers from messages sent to the
 2419       list. (1287546)
 2421     - List owners can control the content filter behavior when collapsing
 2422       multipart/alternative parts to its first subpart.  This allows the
 2423       option of letting the HTML part pass through after other content
 2424       filtering is done.
 2426   Internationalization
 2428     - New language: Interlingua.
 2430   Bug fixes and other patches
 2432     - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
 2433       safer operation.
 2435     - Fixed the bug where Scrubber.py munges quoted-printable by introducing
 2436       the 'X-Mailman-Scrubbed' header which marks that the payload is
 2437       scrubber-munged.  The flag is referenced in ToDigest.py, ToArchive.py,
 2438       Decorate.py and Archiver.  A similar problem in ToDigest.py where the
 2439       plain digest is generated is also fixed.
 2441     - Fixed Syslog.py to write quopri encoded messages when it fail to write
 2442       8-bit characters.
 2444     - Fixed MTA/Postfix.py to check aliases group permission in check_perms
 2445       and fixed mailman-install document on this matter (1378270).
 2447     - Fixed private.py to go to the original URL after authorization
 2448       (1080943).
 2450     - Fixed bounce log score messages to be more consistent.
 2452     - Fixed bin/remove_members to accept no arguments when both --fromall and
 2453       --file= options are specified.
 2455     - Changed cgi-bin and mail wrapper "group not found" error message to be
 2456       more descriptive of the actual problem.
 2458     - The list's ban_list now applies to address changes, admin mass
 2459       subscribes and invites, and to confirmations/approvals of address
 2460       changes, subscriptions and invitations.
 2462     - quoted-printable and base64 encoded parts are decoded before passing to
 2463       HTML_TO_PLAIN_TEXT_COMMAND (1367783).
 2465     - Approve: header is removed from posts, and treated the same as the
 2466       Approved: header. (1355707)
 2468     - Fixed the removal of the line following Approve[d]: line in body of
 2469       post.  (1318883)
 2471     - The Approve[d]: <password> header is removed from all text/* parts in
 2472       addition the initial text/plain part.  It must still be the first
 2473       non-blank line in the first text/plain part or it won't be found or
 2474       removed at all. (1181161)
 2476     - Posts are now logged in post log file with the true sender, not
 2477       listname-bounces. (1287921)
 2479     - Correctly initialize and remember the list's default_member_moderation
 2480       attribute in the web list creation page. (1263213)
 2482     - PEP263 charset is added to the config_list output. (1343100)
 2484     - Fixed header_filter_rules getting lost if accessed directly and
 2485       authentication was needed by login page. (1230865)
 2487     - Obscure email when the poster doesn't set full name in 'From:' header.
 2489     - Preambles and epilogues are taken into account when calculating message
 2490       sizes for holding purposes. (Mark Sapiro)
 2492     - Logging/Logger.py unicode transform option. (1235567)
 2494     - bin/update crashes with bogus files. (949117)
 2496     - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
 2498 2.1.6 (30-May-2005)
 2500   Security
 2502     - Critical security patch for path traversal vulnerability in private
 2503       archive script  (CAN-2005-0202).
 2505     - Added the ability for Mailman generated passwords (both member and list
 2506       admin) to be more cryptographically secure.  See new configuration
 2508       ADMIN_PASSWORD_LENGTH.  Also added a new bin/withlist script called
 2509       reset_pw.py which can be used to reset all member passwords.  Passwords
 2510       generated by Mailman are now 8 characters by default for members, and 10
 2511       characters for list administrators.
 2513     - A potential cross-site scripting hole in the driver script has been
 2514       closed.  Thanks to Florian Weimer for its discovery.  Also, turn
 2515       STEALTH_MODE on by default.
 2517   Internationalization
 2519     - Chinese languages are now supported.  They have been moved from 'big5'
 2520       and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
 2521       spec.  Note, however, that the character sets were changed from 'Big5'
 2522       or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
 2523       Python 2.3 and earlier.  You may have to install Chinese capable codecs
 2524       (like CJKCodecs) separately to handle the incoming messages which are in
 2525       local charsets, or upgrade your Python to 2.4 or newer.
 2527   Behavior or defaults changes
 2529     - VERP_PROBES is disabled by default.
 2531     - bin/withlist can be run without a list name, but only if -i is given.
 2532       Also, withlist puts the directory it's found in at the end of sys.path,
 2533       making it easier to run withlist scripts that live in $prefix/bin.
 2535     - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
 2536       lets the user provide the web and email hostnames for the new mailing
 2537       list.  This is a better way to specify the domain for the list, rather
 2538       than the old 'mylist@hostname' syntax (which is still supported for
 2539       backward compatibility, but deprecated).
 2541   Compatibility
 2543     - Python 2.4 compatibility issue: time.strftime() became strict about the
 2544       'day of year' range.  (1078482)
 2546   New Features
 2548     - New feature: automatic discards of held messages.  List owners can now
 2549       set how many days to hold the messages in the moderator request queue.
 2550       cron/checkdb will automatically discard old messages.  See the
 2551       max_days_to_hold variable in the General Options and
 2552       DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py.  This defaults to 0
 2553       (i.e. disabled). (790494)
 2555     - New feature: subject_prefix can be configured to include a sequence
 2556       number which is taken from the post_id variable.  Also, the prefix is
 2557       always put at the start of the subject, i.e. "[list-name] Re: original
 2558       subject", if mm_cfg.OLD_STYLE_PREFIXING is set No.  The default style
 2559       is "Re: [list-name]" if numbering is not set, for backward compatibility.
 2560       If the list owner is using numbering feature by "%d" directive, the new
 2561       style, "[list-name 123] Re:", is always used.
 2563     - List owners can now cusomize the non-member rejection notice from
 2564       admin/<listname>/privacy/sender page. (1107169)
 2566     - Allow editing of the welcome message from the admin page (1085501).
 2568     - List owners can now use Scrubber to get the attachments scrubbed (held
 2569       in the web archive), if the site admin permits it in mm_cfg.py.  New
 2570       variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
 2571       SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
 2572       behavior.  (904850)
 2574   Documentation
 2576     - Most of the installation instructions have been moved to a latex
 2577       document.  See doc/mailman-install/index.html for details.
 2579   Bug fixes and other patches
 2581     - Mail-to-news gateway now strips subject prefix off from a response
 2582       by a mail user if news_prefix_subject_too is not set.
 2584     - Date and Message-Id headers are added for digests. (1116952)
 2586     - Improved mail address sanity check.  (1030228)
 2588     - SpamDetect.py now checks attachment header.  (1026977)
 2590     - Filter attachments by filename extensions.  (1027882)
 2592     - Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
 2593       1020013 (fix spam filter removed), 665569 (newer Postfix bounce
 2594       detection), 970383 (moderator -1 admin requests pending), 873035
 2595       (subject handling in -request mail), 799166/946554 (makefile
 2596       compatibility), 872068 (add header/footer via unicode), 1032434
 2597       (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
 2598       (fix pipermail URL), 948152 (Out of date link on Docs),  1099138
 2599       (Scrubber.py breaks on None part),  1099840/1099840 (deprecated %
 2600       insertion),  880073/933762 (List-ID RFC compliance),  1090439 (passwd
 2601       reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
 2602       1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
 2603       permission after editing html)
 2605 2.1.5 (15-May-2004)
 2607     - The admindb page has a checkbox that allows you to discard all held
 2608       messages that are marked Defer.  On heavy lists with lots of spam holds,
 2609       this makes clearing them much faster.
 2611     - The qrunner system has changed to use only one file per message.
 2612       However the configuration variable METADATA_FORMAT has been removed, and
 2613       support for SAVE_MSGS_AS_PICKLES has been changed.  The latter no longer
 2614       writes messages as plain text.  Instead, they are stored as pickles of
 2615       plain strings, using the text pickle format.  This still makes them
 2616       non-binary files readable and editable by humans.
 2618       bin/dumpdb also works differently.  It will print out the entire pickle
 2619       file (with more verbosity) and if used with 'python -i', it binds msg to
 2620       a list of all objects found in the pickle file.
 2622       Removed from Defaults.py: PENDINGDB_LOCK_TIMEOUT,
 2626     - The bounce processor has been redesigned so that now when an address's
 2627       bounce score reaches the threshold, that address will be sent a probe
 2628       message.  Only if the probe bounces will the address be disabled.  The
 2629       score is reset to zero when the probe is sent.  Also, bounce events are
 2630       now kept in an event file instead of in memory.  This should help
 2631       contain the bloat of the BounceRunner.
 2633       New supporting variables in Defaults.py: VERP_PROBE_FORMAT,
 2636       REGISTER_BOUNCES_EVERY is promoted to a Defaults.py variable.
 2638     - The pending database has been changed from a global pickle file, to a
 2639       unique pickle file per mailing list.
 2641     - The 'request' database file has changed from a marshal, to the more
 2642       secure pickle format.
 2644     - Disallow multiple password retrievals.
 2646     - SF patch #810675 which adds a "Discard all messages marked Defer" button
 2647       for faster admindb maintenance.
 2649     - The email package is updated to version 2.5.5.
 2651     - New language: Turkish.
 2653     - Bugs and patches: 869644, 869647 (NotAMemberError for old cookie data),
 2654       878087 (bug in Slovenian catalog), 899263 (ignore duplicate pending
 2655       ids), 810675 (discard all defers button)
 2657 2.1.4 (31-Dec-2003)
 2659     - Close some cross-site scripting vulnerabilities in the admin pages
 2660       (CAN-2003-0965).
 2662     - New languages: Catalan, Croatian, Romanian, Slovenian.
 2664     - New mm_cfg.py/Defaults.py variable PUBLIC_MBOX which allows the site
 2665       administrator to disable public access to all the raw list mbox files
 2666       (this is not a per-list configuration).
 2668     - Expanded header filter rules under Privacy -> Spam Filters.  Now you can
 2669       specify regular expression matches against any header, with specific
 2670       actions tied to those matches.
 2672     - Rework the SMTP error handling in SMTPDirect.py to avoid scoring bounces
 2673       for all recipients when a permanent error code is returned by the mail
 2674       server (e.g. because of content restrictions).
 2676     - Promoted SYNC_AFTER_WRITE to a Default.py/mm_cfg.py variable and
 2677       make it control syncing on the config.pck file.  Also, we always flush
 2678       and sync message files.
 2680     - Reduce archive bloat by not storing the HTML body of Article objects in
 2681       the Pipermail database.  A new script bin/rb-archfix was added to clean
 2682       up older archives.
 2684     - Proper RFC quoting for List-ID descriptions.
 2686     - PKGDIR can be passed to the make command in order to specify a different
 2687       directory to unpack the distutils packages in misc.  (SF bug 784700).
 2689     - Improved logging of the origin of subscription requests.
 2691     - Bugs and patches: 832748 (unsubscribe_policy ignored for unsub button on
 2692       member login page), 846681 (bounce disabled cookie was always out of
 2693       date), 835870 (check VIRTUAL_HOST_OVERVIEW on through the web list
 2694       creation), 835036 (global address change when the new address is already
 2695       a member of one of the lists), 833384 (incorrect admin password on a
 2696       hold message confirmation attachment would discard the message), 835012
 2697       (fix permission on empty archive index), 816410 (confirmation page
 2698       consistency), 834486 (catch empty charsets in the scrubber), 777444 (set
 2699       the process's supplemental groups if possible), 860135 (ignore
 2700       DiscardMessage exceptions during digest scrubbing), 828811 (reduce
 2701       process size for list and admin overviews), 864674/864676 (problems
 2702       accessing private archives and rosters with admin password), 865661
 2703       (Tokio Kikuchi's i18n patches), 862906 (unicode prefix leak in admindb),
 2704       841445 (setting new_member_options via config_list), n/a (fixed email
 2705       command 'set delivery')
 2707 2.1.3 (28-Sep-2003)
 2709     Performance, Reliability, Security
 2711         - Closed a cross-site scripting exploit in the create cgi script.
 2713         - Improvements in the performance of the bounce processor.
 2714           Now, instead of processing each bounce immediately (which
 2715           can cause severe lock contention), bounce events are queued.
 2716           Every 15 minutes by default, the queued bounce events are
 2717           processed en masse, on a list-per-list basis, so that each
 2718           list only needs to be locked once.
 2720         - When some or all of a message's recipients have temporary
 2721           delivery failures, the message is moved to a "retry" queue.
 2722           This queue wakes up occasionally and moves the file back to
 2723           the outgoing queue for attempted redelivery.  This should
 2724           fix most observed OutgoingRunner 100% cpu consumption,
 2725           especially for bounces to local recipients when using the
 2726           Postfix MTA.
 2728         - Optional support for fsync()'ing qfile data after writing.
 2729           Under some catastrophic system failures (e.g. power lose),
 2730           it would be possible to lose messages because the data
 2731           wasn't sync'd to disk.  By setting SYNC_AFTER_WRITE to True
 2732           in Mailman/Queue/Switchboard.py, you can force Mailman to
 2733           fsync() queue files after flushing them.  The benefits are
 2734           debatable for most operating environments, and you must
 2735           ensure that your Python has the os.fsync() function defined
 2736           before enabling this feature (it isn't, even on all
 2737           Unix-like operating systems).
 2739     Internationalization
 2741         - New languages Ukrainian, Serbian, Danish, Euskara/Basque.
 2743         - Fixes to template lookup.  Lists with local overriding
 2744           templates would find the wrong template.
 2746         - .mo files (for internationalization) are now generated at
 2747           build time instead of coming as part of the source
 2748           distribution.
 2750     Documentation
 2752         - A first draft of member documentation by Terri Oda.  There
 2753           is also a Japanese translation of this manual by Ikeda Soji.
 2755     Archiver / Pipermail
 2757         - In the configuration variables PUBLIC_EXTERNAL_ARCHIVER, and
 2758           PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been added to
 2759           the list of allowable substitution variables.
 2761         - The timezone is now taken into account when figuring the
 2762           posting date for an article.
 2764     Scripts / Cron
 2766         - Fixes to cron/disabled for NotAMemberError crashes.
 2768         - New script bin/show_qfiles which prints the contents of .pck
 2769           message files.  New script bin/discard which can be used to
 2770           mass discard held messages.
 2772         - Fixes to cron/mailpasswds to account for old password-less
 2773           subscriptions.
 2775         - bin/list_members has grown two new options: --invalid/-i
 2776           prints only the addresses in the member database that are
 2777           invalid (which could have snuck in via old releases);
 2778           --unicode/-u prints addresses which are stored as Unicode
 2779           objects instead of as normal strings.
 2781     Miscellaneous
 2783         - Fixes to problems in some configurations where Python wouldn't
 2784           be able to find its standard library.
 2786         - Fixes to the digest which could cause MIME-losing missing
 2787           newlines when parts are scrubbed via the content filters.
 2789         - In the News/Mail gateway admin page, the configuration variable
 2790           nntp_host can now be a name:port pair.
 2792         - When messages are pulled from NNTP, the member moderation checks
 2793           are short-circuited.
 2795         - email 2.5.4 is included.  This fixes an RFC 2231 bug, among
 2796           possibly others.
 2798         - Fixed some extra spaces that could appear in the List-ID header.
 2800         - Fixes to ensure that invalid email addresses can't be invited.
 2802         - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should now work.
 2804         - Fixes so that shunted message file names actually match
 2805           those logged in log/errors.
 2807         - An improved pending action cookie generation algorithm has
 2808           been added.
 2810         - Fixes to the DSN bounce detector.
 2812         - The usual additional u/i, internationalization, unicode, and
 2813           other miscellaneous fixes.
 2815 2.1.2 (22-Apr-2003)
 2817     - New languages Portuguese (Portugal) and Polish.
 2819     - Many convenient constants have been added to the Defaults.py
 2820       module to (hopefully) make it more readable.
 2822     - Email addresses which contain 8-bit characters in them are now
 2823       rejected and won't be subscribed.  This is not the same as 8-bit
 2824       characters in the realname, which is still allowed.
 2826     - The X-Originating-Email header is removed for anonymous lists.
 2827       Hotmail apparently adds this header.
 2829     - When running make to build Mailman, you can specify $DESTDIR to
 2830       the install target to specify an alternative location for
 2831       installation, without influencing the paths stored in
 2832       e.g. Defaults.py.  This is useful to package managers.
 2834     - New Defaults.py variable DELIVERY_RETRY_WAIT which controls how
 2835       long the outgoing qrunner will wait before it retries a
 2836       tempfailure delivery.
 2838     - The semantics for the extend.py hook to MailList objects has
 2839       changed slightly.  The hook is now called before attempting to
 2840       lock and load the database.
 2842     - Mailman now uses the email package version 2.5.1
 2844     - bin/transcheck now checks for double-%'s
 2846     - bin/genaliases grew a -q / --quiet flag
 2848     - cron/checkdbs grew a -h / --help option.
 2850     - The -c / --change-msg option has been removed from bin/add_members
 2852     - bin/msgfmt.py has been added, taken from Python 2.3's Tools/i18n
 2853       directory.  The various .mo files are now no longer distributed
 2854       with Mailman.  They are generated at build time instead.
 2856     - A new file misc/sitelist.cfg which can be used with
 2857       bin/config_list provides a small number of recommended settings
 2858       for your site list.  Be sure to read it over before applying!
 2859       sitelist.cfg is installed into the data directory.
 2861     - Many bug fixes, including these SourceForge bugs closed and
 2862       patches applied: 677668, 690448, 700538, 700537, 673294, 683906,
 2863       671294, 522080, 521124, 534297, 699900, 697321, 695526, 703941,
 2864       658261, 710678, 707608, 671303, 717096, 694912, 707624, 716755,
 2865       661138, 716754, 716702, 667167, 725369, 726415
 2868 2.1.1 (08-Feb-2003)
 2870     Lots of bug fixes and language updates.  Also:
 2872     - Closed a cross-site scripting vulnerability in the user options page.
 2874     - Restore the ability to control which headers show up in messages
 2875       included in plaintext and MIME digests.  See the variables
 2877       Defaults.py.
 2879     - Messages included in the plaintext digests are now sent through
 2880       the scrubber to remove (and archive) attachments.  Otherwise,
 2881       attachments would screw up plaintext digests.  MIME digests
 2882       include the attachments inline.
 2884 2.1 final (30-Dec-2002)
 2886     Last minute bug fixes and language updates.
 2888 2.1 rc 1 (24-Dec-2002)
 2890     Bug fixes and language updates.  Also,
 2892     - Lithuanian support has been added.
 2894     - bin/remove_members grew --nouserack and --noadminack switches
 2896     - configure now honors --srcdir
 2898 2.1 beta 6 (09-Dec-2002)
 2900     Lots and lots of bug fixes, and translation updates.  Also,
 2902     - ARCHIVER_OBSCURES_EMAILADDRS is now set to true by default.
 2904     - QRUNNER_SAVE_BAD_MESSAGES is now set to true by default.
 2906     - Bounce messages which were recognized, but in which no member
 2907       addresses were found are no longer forwarded to the list
 2908       administrator.
 2910     - bin/arch grew a --wipe option which first removes the entire old
 2911       archive before regenerating the new one.
 2913     - bin/mailmanctl -u now prints a warning that permission problems
 2914       could appear, such as when trying to delete a list through the
 2915       web that has some archives in it.
 2917     - bin/remove_members grew --nouserack/-n and -noadminack/-N options.
 2919     - A new script bin/list_owners has been added for printing out
 2920       list owners and moderators.
 2922     - Dates in the web version of archived messages are now relative
 2923       to the local timezone, and include the timezone names, when
 2924       available.
 2926 2.1 beta 5 (19-Nov-2002)
 2928     As is typical for a late beta release, this one includes the usual
 2929     bug fixes, tweaks, and massive new features (just kidding).
 2931     IMPORTANT: If you are using Pipermail, and you have any archives
 2932     that were created or added to in 2.1b4, you will need to run
 2933     bin/b4b5-archfix, followed by bin/check_perms to fix some serious
 2934     performance problems.  From you install directory, run
 2935     "bin/b4b5-archfix --help" for details.
 2937     - The personalization options have been tweaked to provide more
 2938       control over mail header and decoration personalizations.  In
 2939       2.1b4, when personalization was enabled, the To and Cc headers
 2940       were always overwritten.  But that's usually not appropriate for
 2941       anything but announce lists, so now these headers aren't changed
 2942       unless "Full personalization" is enabled.
 2944     - You now need to go to the General category to enable emergency
 2945       moderation.
 2947     - The order of the hold modules in the GLOBAL_PIPELINE has
 2948       changed, again.  Now Moderate comes before Hold.
 2950     - Estonian language support has been added.
 2952     - All posted messages should now get decorated with headers and
 2953       footers in a MIME-safe way.  Previously, some MIME type messages
 2954       didn't get decorated at all.
 2956     - bin/arch grew a -q/--quiet option
 2958     - bin/list_lists grew a -b/--bare option
 2960 2.1 beta 4 (26-Oct-2002)
 2962     The usual assortment of bug fixes and language updates, some u/i
 2963     tweaks, as well as the following:
 2965     - Configuring / building / installing
 2966         o Tightened up some configure checks; it will now bark loudly
 2967           if you don't have the Python distutils package available
 2968           (some Linux distros only include distutils in their "devel"
 2969           packages).
 2971         o Mailman's username/group security assertions are now done by
 2972           symbolic name instead of numeric id.  This provides a level
 2973           of indirection that makes it much easier to move or package
 2974           Mailman.  --with-mail-gid and --with-cgi-gid are retained,
 2975           but they control the group names used instead.
 2977     - Command line scripts
 2978         o A new script, bin/transcheck that language teams can use to
 2979           check their .po files.
 2981         o bin/list_members grew a --fullnames/-f option to print the
 2982           full names along with the addresses.
 2984         o cron/senddigests grew --help/-h and --listname/-l options.
 2986         o bin/fix_url.py grew some command line options to support moving
 2987           a list to a specific virtual domain.
 2989     - Pipermail / archiving
 2990         o Reworked the directory layout for archive attachments to be
 2991           less susceptible to inode overload.  Attachments are now
 2992           placed in
 2994           archives/private/<listname>/attachments/<YYYYMMDD>/<msgidhash>
 2996         o Internationalization support in the archiver has been improved.
 2998     - Internationalization
 2999         o New languages: Swedish.
 3001     - Mail handling
 3002         o Content filtering now has a pass_mime_type variable, which
 3003           is a whitelist of MIME types to allow in postings.  See the
 3004           details of the variable in the Content Filtering category
 3005           for more information.
 3007         o If a member has enabled their DontReceiveDuplicates option,
 3008           we'll also strip their addresses from the Cc headers in the
 3009           copy of the message sent to the list.  This helps keep the
 3010           Cc lines from growing astronomically.
 3012         o Bounce messages are now forwarded to the list administrators
 3013           both if they are unrecognized, and if no list member's
 3014           address could be extracted.
 3016         o Content filtering now has a filter_action variable which
 3017           controls what happens when a message matches the content
 3018           filter rules.  The default is still to discard the message.
 3020         o When searching for an Approve/Approved header, the first
 3021           non-whitespace line of the body of the message is also
 3022           checked, if the body has a MIME type of text/plain.
 3024         o If a list is personalized, and the list's posting address is
 3025           not included in a Reply-To header, the posting address is
 3026           copied into a Cc header, otherwise there was no (easy) way a
 3027           recipient could reply back to the list.
 3029         o Added a MS Exchange bounce recognizer.
 3031         o New configuration variable news_moderation which allows the
 3032           mail->news gateway to properly post to moderated newsgroups.
 3034         o Messages sent to a list's owners now comes from the site
 3035           list to prevent mail loops when list owners or moderators
 3036           having bouncing addresses.
 3038     - Miscellaneous
 3039         o mailanctl prevents runaway restarts by imposing a maximum
 3040           restart value (defaulting to 10) for restarting the
 3041           qrunners.  If you hit this limit, do "mailmanctl stop"
 3042           followed by "mailmanctl start".
 3044         o The Membership Management page's search feature now includes
 3045           searching on members real names.
 3047         o The start of a manual for list administrators is given in
 3048           Python HOWTO format (LaTeX).  It's in doc/mailman-admin.tex
 3049           but it still needs lots of fleshing out.
 3051         o More protections against creating a list with an invalid name.
 3053 2.1 beta 3 (09-Aug-2002)
 3055     The usual assortment of bug fixes and language updates.
 3057     - New languages: Dutch, Portuguese (Brazil)
 3059     - New configure script options: --with-mailhost, --with-urlhost,
 3060       --without-permcheck.  See ./configure --help for details.
 3062     - The encoding of Subject: prefixes is controlled by a new list
 3063       option encode_ascii_prefixes.  This is useful for languages with
 3064       character sets other than us-ascii.  See the Languages admin
 3065       page for details.
 3067     - A new list option news_prefix_subject_too controls whether
 3068       postings gated from mail to news should have the subject prefix
 3069       added to their Subject: header.
 3071     - The algorithm for upgrading the moderation controls for a
 3072       Mailman 2.0.x list has changed.  The change should be
 3073       transparent, but you'll want to double check the moderation
 3074       controls after upgrading from MM2.0.x.  This should have no
 3075       effect for upgrades from a previous MM2.1 beta.
 3077       See the UPGRADING file for details.
 3079     - On the Mass Subscribe admin page, a text box has been added so
 3080       that the admin can add a custom message to be prepended to the
 3081       welcome/invite notification.
 3083     - On the admindb page, a link is included to more easily reload
 3084       the page.
 3086     - The Sendmail.py delivery module is sabotaged so that it can't be
 3087       used naively.  You need to read the comments in the file and
 3088       edit the code to use this unsafe module.
 3090     - When a member sends a `help' command to the request address,
 3091       the url to their options page is included in the response.
 3093     - Autoresponses, -request command responses, and posting hold
 3094       notifications are inhibited for any message that has a
 3095       Precedence: {bulk|list|junk} header.  This is to avoid mail
 3096       loops between email 'bots.  If the original message has an
 3097       X-Ack: yes header, the response is sent.
 3099       Responses are also limited to a maximum number per day, as
 3100       defined in the site variable MAX_AUTORESPONSES_PER_DAY.  This is
 3101       another guard against 'bot loops, and it defaults to 10.
 3103     - When a Reply-To: header is munged to include both the original
 3104       and the list address, the list address is always added last.
 3106     - The cron/mailpasswds script has grown a -l/--listname option.
 3108     - The cron/disabled script has grown options to send out
 3109       notifications for reasons other than bounce-disabled.  It has
 3110       also grown a -f/--force option.  See cron/disabled --help for
 3111       details.
 3113     - The bin/dumpdb script has grown a -n/--noprint option.
 3115     - An experimental new mechanism for processing incoming messages
 3116       has been added.  If you can configure your MTA to do qmail-style
 3117       Maildir delivery, Mailman now has a MaildirRunner qrunner.  This
 3118       may turn out to be much more efficient and scalable, but for
 3119       MM2.1, it will not be officially supported.  See Defaults.py.in
 3120       and Mailman/Queue/MaildirRunner.py for details.
 3122 2.1 beta 2 (05-May-2002)
 3124     Lots of bug fixing, and the following new features and changes:
 3126     - A "de-mime" content filter feature has been added.  This
 3127       oft-requested feature allows you to specify MIME types that
 3128       Mailman should strip off of any messages before they're posted
 3129       to the list.  You can also optionally convert text/html to
 3130       text/plain (by default, through lynx if it's available).
 3132     - Changes to the way the RFC 2919 and 2369 headers (i.e. the
 3133       List-*: headers) are added:
 3134           o List-Id: is always added
 3135           o List-Post:, List-Help:, List-Subscribe:,
 3136             List-Unsubscribe:, and List-Archive: are only added to
 3137             posting messages.
 3138           o X-List-Administrivia: is only added to messages Mailman
 3139             creates and sends out of its own accord.
 3141       Also, if the site administrator allows it, list owners can
 3142       suppress the addition of all the List-*: headers.  List owners
 3143       can also separately suppress the List-Post: header for
 3144       announce-only lists.
 3146     - A new framework for email commands has been added.  This allows
 3147       you to easily add, delete, or change the email commands that
 3148       Mailman understands, on a per-site, per-list, or even per-user
 3149       basis.
 3151     - Users can now change their digest delivery type from MIME to
 3152       plain text globally, for all lists they are subscribed to.
 3154     - No language select pulldowns are shown if the list only supports
 3155       one language.
 3157     - More mylist-admin eradication.
 3159     - Several performance improvements in the bounce qrunner, one of
 3160       which is to make it run only once per minute instead of once per
 3161       second.
 3163     - Korean language support as been added.
 3165     - Gatewaying from news -> mail uses its connections to the nntpd
 3166       more efficiently.
 3168     - In bin/add_members, -n/--non-digest-members-file command line
 3169       switch is deprecated in favor of -r/--regular-members-file.
 3171     - bin/sync_members grew a -g/--goodbye-msg switch.
 3173 2.1 beta 1 (16-Mar-2002)
 3175     In addition to the usual bug fixes, performance improvements, and
 3176     GUI changes, here are the highlights:
 3178     - MIME and other message handling
 3179         o More robustness against badly MIME encapsulated messages: if
 3180           a MessageParseError is raised during the initial parse, the
 3181           message can either be discarded or saved in qfiles/bad,
 3182           depending on the value of the new configuration variable
 3185         o There is a new per-user option that can be used to avoid
 3186           receipt of extra copies, when a member of the list is also
 3187           explicitly CC'd.
 3189         o Always add an RFC 2822 Date: header if missing, since not
 3190           all MTAs insert one automatically.
 3192         o The Sender: and Errors-To: headers are no longer added to
 3193           outgoing messages.
 3195         o Headers and footers are always added by concatenation, if
 3196           the message is not MIME and if the list's charset is a
 3197           superset of us-ascii.
 3199     - List administration
 3200         o An `invitation' feature has been added.  This is selectable
 3201           as a radio button on the mass subscribe page.  When
 3202           selected, users are invited to join instead of immediately
 3203           joined, i.e. they get a confirmation message.
 3205         o You can now enable and disable list owner notifications for
 3206           disabled-due-to-bouncing and removal-due-to-bouncing
 3207           actions.  The site config variables
 3209           DEFAULT_BOUNCE_NOTIFY_OWNER_ON_REMOVAL control the default
 3210           behavior.
 3212         o List owners can now decide whether they receive unrecognized
 3213           bounce messages or not (i.e. messages that the bounce
 3214           processor doesn't recognize).  Site admins can set the
 3215           default value for this flag with the config variable
 3218         o The admindb summary page gives the option of clearing the
 3219           moderation flag of members who are on quarantined.
 3221         o The action to take when a moderated member posts to a list
 3222           is now configurable.  The message can either be held,
 3223           rejected (bounced), or discarded.  If the message is
 3224           rejected, a rejection notice string can be given.
 3226         o In the General admin page, you can now set the default value
 3227           for five per-user flags: concealing the user's email
 3228           address, acknowledging posts sent by the user, copy
 3229           suppression, not-me-too selection, and the default digest
 3230           type.  Site admins can set the default bit field with the
 3231           new DEFAULT_NEW_MEMBER_OPTIONS variable.
 3233         o A new "Emergency brake" feature for turning on moderation of
 3234           all list postings.  This is useful for when flamewars break
 3235           out, and the list needs a cooling off period.  Messages
 3236           containing an Approved: header with the list owner password
 3237           are still allowed through, as are messages approved through
 3238           the admindb interface.
 3240         o When a moderated message is approved for the list, add an
 3241           X-Mailman-Approved-At: header which contains the timestamp
 3242           of the approval action (changed from X-Moderated: with a
 3243           different format).
 3245         o Lists can now be converted to using a less error prone
 3246           mechanism for variable substitution syntax in headers and
 3247           footers.  Instead of %(var)s strings, you'd use $var
 3248           strings.  You must use "bin/withlist -r convert" to enable
 3249           this.
 3251         o When moderating held messages, the header text box and the
 3252           message excerpt text box are now both read-only.
 3254         o You can't delete the site list through the web.
 3256         o When creating new lists through the web, you have the option
 3257           of setting the "default member moderation" flag.
 3259     - Security and privacy
 3260         o New feature: banned subscription addresses.  Privacy
 3261           options/subscription rules now have an additional list box
 3262           which can contain addresses or regular expressions.
 3263           Subscription requests from any matching address are
 3264           automatically rejected.
 3266         o Membership tests which compare message headers against list
 3267           rosters are now more robust.  They now check, by default
 3268           these header in order: From:, unixfrom, Reply-To:, Sender:.
 3269           If any match, then the membership test succeeds.
 3271         o ALLOW_SITE_ADMIN_COOKIES is a new configuration variable
 3272           which says whether to allow AuthSiteAdmin cookies or not.
 3273           Normally, when a list administrator logs into a list with
 3274           the site password, they are issued a cookie that only allows
 3275           them to do administration for this one list.  By setting
 3276           ALLOW_SITE_ADMIN_COOKIES to 1, the user only needs to
 3277           authenticate to one list with the site password, and they
 3278           can administer any mailing list.
 3280           I'm not sure this feature is wise, so the default value for
 3281           ALLOW_SITE_ADMIN_COOKIES is 0.
 3283         o Marc MERLIN's new recipes for secure Linuxes have been
 3284           updated.
 3286         o DEFAULT_PRIVATE_ROSTER now defaults to 1.
 3288         o Passwords are no longer included in the confirmation pages.
 3290     - Internationalization
 3291         o With the approval of Tamito KAJIYAMA, the Japanese codecs
 3292           for Python are now included automatically, so you don't need
 3293           to download and install these separate.  It is installed in
 3294           a Mailman-specific place so it won't affect your larger
 3295           Python installation.
 3297         o The configure script will produce a warning if the Chinese
 3298           codes are not installed.  This is not a fatal error.
 3300         o Russian templates and catalogs have been added.
 3302         o Finnish templates and catalogs have been added.
 3304     - Scripts and utilities
 3305         o New program bin/unshunt to safely move shunted messages back
 3306           into the appropriate processing queue.
 3308         o New program bin/inject for sending a plaintext message into
 3309           the incoming queue from the command line.
 3311         o New cron script cron/disabled for periodically culling the
 3312           disabled membership.
 3314         o bin/list_members has grown some new command line switches
 3315           for filtering on different criteria (digest mode, disable
 3316           mode, etc.)
 3318         o bin/remove_members has grown the --fromall switch.
 3320         o You can now do a bin/rmlist -a to remove an archive even
 3321           after the list has been deleted.
 3323         o bin/update removes the $prefix/Mailman/pythonlib directory.
 3325         o bin/withlist grows a --all/-a flag so the --run/-r option
 3326           can be applied to all the mailing lists.  Also, interactive
 3327           mode is now the default if -r isn't used.  You don't need to
 3328           run this script as "python -i bin/withlist" anymore.
 3330         o There is a new script contrib/majordomo2mailman.pl which
 3331           should ease the transition from Majordomo to Mailman.
 3333     - MTA integration
 3334         o Postfix integration has been made much more robust, but now
 3335           you have to set POSTFIX_ALIAS_CMD and POSTFIX_MAP_CMD to
 3336           point to the postalias and postmap commands respectively.
 3338         o VERP-ish delivery has been made much more efficient by
 3339           eliminating extra disk copies of messages for each recipient
 3340           of a VERP delivery.  It has also been made more robust in
 3341           the face of failures during chunk delivery.  This required a
 3342           rewrite of SMTPDirect.py and one casualty of that rewrite
 3343           was the experimental threaded delivery.  It is no longer
 3344           supported (but /might/ be resurrected if there's enough
 3345           demand -- or a contributed patch :).
 3347         o A new site config variable SMTP_MAX_SESSIONS_PER_CONNECTION
 3348           specifies how many consecutive SMTP sessions will be
 3349           conducted down the same socket connection.  Some MTAs have a
 3350           limit on this.
 3352         o Support for VERP-ing confirmation messages.  These are less
 3353           error prone since the Subject: header doesn't need to be
 3354           retained, and they allow a more user friendly (and i18n'd)
 3355           Subject: header.  VERP_CONFIRM_FORMAT, VERP_CONFIRM_REGEXP,
 3356           and VERP_CONFIRMATIONS control this feature (only supported
 3357           for invitation confirmations currently, but will be expanded
 3358           to the other confirmations).
 3360         o Several new list-centric addresses have been added:
 3361           -subscribe and -unsubscribe are synonyms for -join and
 3362           -leave, respectively.  Also -confirm has been added to
 3363           support VERP'd confirmations.
 3365     - Archiver
 3366         o There's now a default page for the Pipermail archive link
 3367           for when no messages have yet been posted to the list.
 3369         o Just the mere presence of an X-No-Archive: is enough to
 3370           inhibit archiving for this message; the value of the header
 3371           is now ignored.
 3373     - Configuring, building, installing
 3374         o Mailman now has a new favicon, donated by Terry Oda.  Not
 3375           all web pages are linked to the favicon yet though.
 3377         o The add-on email package is now distributed and installed
 3378           automatically, so you don't need to do this.  It is
 3379           installed in a Mailman-specific place so it won't affect
 3380           your larger Python installation.
 3382         o The default value of VERP_REGEXP has changed.
 3384         o New site configuration variables BADQUEUE_DIR and
 3385           QRUNNER_SAVE_BAD_MESSAGES which describe where to save
 3386           messages which are not properly MIME encoded.
 3388         o configure should be more POSIX-ly conformant.
 3390         o The Mailman/pythonlib directory has been removed, but a new
 3391           $prefix/pythonlib directory has been added.
 3393         o Regression tests are now installed.
 3395         o The second argument to add_virtual() calls in mm_cfg.py are
 3396           now optional.
 3398         o DEFAULT_FIRST_STRIP_REPLY_TO now defaults to 0.
 3400         o Site administrators can edit the Mailman/Site.py file to
 3401           customize some filesystem layout policies.
 3404 2.1 alpha 4 (31-Dec-2001)
 3406     - The administrative requests database page (admindb) has been
 3407       redesigned for better usability when there are lots of held
 3408       postings.  Changes include:
 3409         o A summary page which groups held messages by sender email
 3410           address.  On this page you can dispose of all the sender's
 3411           messages in one action.  You can also view the details of
 3412           all the sender's messages, or the details of a single
 3413           message.  You can also add the sender to one of the list's
 3414           sender filters.
 3416         o A details page where you can view all messages, just those
 3417           for a particular sender, or just a single held message.
 3418           This details page is laid out the same as the old admindb
 3419           page.
 3421         o The instructions have been shorted on the summary and
 3422           details page, with links to more detailed explanations.
 3424     - Bounce processing
 3425         o Mailman now keeps track of the reason a member's delivery
 3426           has been disabled: explicitly by the administrator,
 3427           explicitly by the user, by the system due to excessive
 3428           bounces, or for (legacy) unknown reasons.
 3430         o A new bounce processing algorithm has been implemented (we
 3431           might actually understand this one ;).  When an address
 3432           starts bouncing, the member gets a "bounce score".  Hard
 3433           (fatal) bounces score 1.0, while soft (transient) bounces
 3434           score 0.5.
 3436           List administrators can specify a bounce threshold above
 3437           which a member gets disabled.  They can also specify a time
 3438           interval after which, if no bounces are received from the
 3439           member, the member's bounce score is considered stale and is
 3440           thrown away.
 3442         o A new cron script, cron/disabled, periodically sends
 3443           notifications to members who are bounce disabled.  After a
 3444           certain number of warnings the member is deleted from the
 3445           list.  List administrators can control both the number of
 3446           notifications and the amount of time between notifications.
 3448           Notifications include a confirmation cookie that the member
 3449           can use to re-enable their subscription, via email or web.
 3451         o New configuration variables to support the bounce processing
 3457     - Privacy and security
 3458         o Sender filters can now be regular expressions.  If a line
 3459           starts with ^ it is taken as a (raw string) regular
 3460           expression, otherwise it is a literal email address.
 3462         o Fixes in 2.0.8 ported forward: prevent cross-site scripting
 3463           exploits.
 3465     - Mail delivery
 3466         o Aliases have all been changed so that there's more
 3467           consistency between the alias a message gets delivered to,
 3468           and the script & queue runner that handles the message.
 3470           I've also renamed the mail wrapper script to `mailman' from
 3471           `wrapper' to avoid collisions with other MLM's.  You /will/
 3472           need to regenerate your alias files with bin/genaliases, and
 3473           you may need to update your smrsh (Sendmail) configs.a
 3475           Bounces always go to listname-bounces now, since
 3476           administration has been separated from bounce processing.
 3477           listname-admin is obsolete.
 3479         o VERP support!  This greatly improves the accuracy of bounce
 3480           detection.  Configuration variables which control this feature
 3483           latter two must be tuned to your MTA.
 3485         o A new alias mailman-loop@dom.ain is added which directs all
 3486           output to the file $prefix/data/owner-bounces.mbox.  This is
 3487           used when sending messages to the site list owners, as the
 3488           final fallback for bouncing messages.
 3490         o New configuration variable POSTFIX_STYLE_VIRTUAL_DOMAINS
 3491           which should be set if you are using the Postfix MTA and
 3492           want Mailman to play nice with Postfix-style virtual
 3493           domains.
 3495     - Miscellaneous
 3496         o Better interoperability with Python 2.2.
 3498         o MailList objects now record the date (in seconds since
 3499           epoch) that they were created.  This is in a hidden
 3500           attribute `created_at'.
 3502         o bin/qrunner grows a -s/--subproc switch which is usually
 3503           used only when it's started from mailmanctl.
 3505         o bin/newlist grows a -l/--language option so that the list's
 3506           preferred language can be set from the command line.
 3508         o cron changes: admin reminders go out at 8am local time instead
 3509           of 10pm local time.
 3511     - Pipermail archiver
 3512         o MIME attachments are scrubbed out into separate files which
 3513           can be viewed by following a link in the original article.
 3514           Article contains an indication of the size of the
 3515           attachment, its type, and other useful information.
 3517         o New script bin/cleanarch which can be used to `clean' an
 3518           .mbox archive file by fixing unescaped embedded Unix From_
 3519           lines.
 3521         o New configuration variable ARCHIVE_SCRUBBER in
 3522           Defaults.py.in which names the module that Pipermail should
 3523           use to scrub articles of MIME attachments.
 3525         o New configuration variable ARCHIVE_HTML_SANITIZER which
 3526           describes how the scrubber should handle text/html
 3527           attachments.
 3529         o PUBLIC_ARCHIVE_URL has change its semantics.  It is now an
 3530           absolute url, with the hostname and listname parts
 3531           interpolated into it on a per-list basis.
 3533         o Pipermail should now provide the proper character set in the
 3534           Content-Type: header for archived articles.
 3536     - Internationalization
 3537         o Czech translations by Dan Ohnesorg.
 3539         o The Hungarian charset has be fixed to be iso-8859-2.
 3541         o The member options login page now has a language selection
 3542           widget.
 3544     - Building, configuration
 3545         o email-0.96 package is required (see the misc directory).
 3547         o New recipes for integrating Mailman and Sendmail,
 3548           contributed by David Champion.
 3551 2.1 alpha 3 (22-Oct-2001)
 3553     - Realname support
 3554         o Mailman now tracks a member's Real Name in addition to their
 3555           email address.
 3557         o List members can now supply their Real Names when
 3558           subscribing via the web.  Their Real Names are parsed from
 3559           any thru-email subscriptions.
 3561         o Members can change their Real Names on their options page,
 3562           and admins can change members' Real Names on the membership
 3563           pages.  Mass subscribing accepts "email@dom.ain (Real Name)"
 3564           and "Real Name <email@dom.ain>" entries, for both
 3565           in-text-box and file-upload mass subscriptions.
 3567     - Filtering and Privacy
 3568         o Reply-To: munging has been enhanced to allow a wider range
 3569           of list policies.  You can now pre-strip any Reply-To:
 3570           headers before adding list-specific ones (i.e. you can
 3571           override or extend existing Reply-To: headers).  If
 3572           stripping, the old headers are no longer saved on
 3573           X-Reply-To:
 3575         o New sender moderation rules.  The old `posters',
 3576           `member_only_posting', `moderated' and `forbidden_posters'
 3577           options have been removed in favor of a new moderation
 3578           scheme.  Each member has a personal moderation bit, and
 3579           non-member postings can be automatically accepted, held for
 3580           approval, rejected (bounced) or discarded.
 3582         o When membership rosters are private, responses to
 3583           subscription (and other) requests are made more generic so
 3584           that these processes can't be covertly mined for hidden
 3585           addresses.  If a subscription request comes in for a user
 3586           who is already subscribed, the user is notified of potential
 3587           membership mining.
 3589         o When a held message is approved via the admindb page, an
 3590           X-Moderated: header is added to the message.
 3592         o List admins can now set an unsubscribe policy which requires
 3593           them to approve of member unsubscriptions.
 3595     - Web U/I
 3596         o All web confirmations now require a two-click procedure,
 3597           where the first click gives them a page that allows them to
 3598           confirm or cancel their subscription.  It is bad form for an
 3599           email click (HTTP GET) to have side effects.
 3601         o Lots of improvements for clarity.
 3603         o The Privacy category has grown three subcategories.
 3605         o The General options page as a number of subsection headers.
 3607         o The Passwords and Languages categories are now on separate
 3608           admin pages.
 3610         o The admin subcategories are now formated as two columns in
 3611           the top and bottom legends.
 3613         o When creating a list through the web, you can now specify
 3614           the initial list of supported languages.
 3616         o The U/I for unsubscribing a member on the admin's membership
 3617           page should be more intuitive now.
 3619         o There is now a separate configuration option for whether the
 3620           goodbye_msg is sent when a member is unsubscribed.
 3622     - Performance
 3623         o misc/mailman is a Unix init script, appropriate for
 3624           /etc/init.d, and containing chkconfig hooks for systems that
 3625           support it.
 3627         o bin/mailmanctl has been rewritten; the `restart' command
 3628           actually works now.  It now also accepts -s, -q, and -u
 3629           options.
 3631         o bin/qrunner has been rewritten too; it can serve the role of
 3632           the old cron/qrunner script for those who want classic
 3633           cron-invoked mail delivery.
 3635         o Internally, messages are now stored in the qfiles directory
 3636           primarily as pickles.  List configuration databases are now
 3637           stored as pickles too (i.e. config.pck).  bin/dumpdb knows
 3638           how to display both pickles and marshals.
 3640     - Mail delivery
 3641         o If a user's message is held for approval, they are sent a
 3642           notification message containing a confirmation cookie.  They
 3643           can use this confirmation cookie to cancel their own
 3644           postings (if they haven't already been approved).
 3646         o When held messages are forwarded to an explicit address
 3647           using the admindb page, it is done so  in a message/rfc822
 3648           encapsulation.
 3650         o When a message is first held for approval, the notification
 3651           sent to the list admin is a 3-part multipart/mixed.  The
 3652           first part holds the notification message, the second part
 3653           hold the original message, and the third part hold a cookie
 3654           confirmation message, to which the admin can respond to
 3655           approve or discard the message via email.
 3657         o In the mail->news gateway, you can define mail headers that
 3658           must be modified or deleted before the message can be posted
 3659           to the nntp server.
 3661         o The list admin can send an immediate urgent message to the
 3662           entire list membership, bypassing digest delivery.  This is
 3663           done by adding an Urgent: header with the list password.
 3664           Urgent messages with an invalid password are rejected.
 3666         o Lists can now optionally personalize email messages, if the
 3667           site admin allows it.  Personalized messages mean that the
 3668           To: header includes the recipient's address instead of the
 3669           list's address, and header and footer messages can contain
 3670           user-specific information.  Note that only regular
 3671           deliveries can currently be personalized.
 3673         o Message that come from Usenet but that have broken MIME
 3674           boundaries are ignored.
 3676         o If the site administrator agrees, list owners have the
 3677           ability to disable RFC 2369 List-* headers.
 3679         o There is now an API for an external process to post a
 3680           message to a list.  This posting process can also specify an
 3681           explicit list of recipients, in effect turning the mailing
 3682           list into a "virtual list" with a fluid membership.  See
 3683           Mailman/Post.py for details.
 3685     - Building/testing/configuration
 3686         o mimelib is no longer required, but you must install the
 3687           email package (see the tarball in the misc directory).
 3689         o An (as yet) incomplete test suite has been added.  Don't try
 3690           running it in a production environment!
 3692         o Better virtual host support by adding a mapping from the
 3693           host name given in cgi's HTTP_HOST/SERVER_NAME variable to
 3694           the email host used in list addresses.  (E.g. www.python.org
 3695           maps to @python.org).
 3697         o Specifying urls to external public archivers is more
 3698           flexible.
 3700         o The filters/ subdirectory has been removed.
 3702         o There is now a `site list' which is a mailing list that must
 3703           be created first, and from which all password reminders
 3704           appear to come from.  It is recommended that this list be
 3705           called "mailman@your.site".
 3707         o bin/move_list is no longer necessary (see the FAQ for
 3708           detailed instructions on renaming a list).
 3710         o A new script bin/fix_url.py can be used with bin/withlist to
 3711           change a list's web_page_url configuration variable (since
 3712           it is no longer modifiable through the web).
 3714     - Internationalization
 3715         o Support for German, Hungarian, Italian, Japanese, and
 3716           Norwegian have been added.
 3718     - Miscellaneous
 3719         o Lots of new bounce detectors.  Bounce detectors can now
 3720           discard temporary bounce messages by returning a special
 3721           Stop value.
 3723         o bin/withlist now sports a -q/--quiet flag.
 3725         o bin/add_members has a new -a/--admin-notify flag which can
 3726           be used to inhibit list owner notification for each
 3727           subscription.
 3729     - Membership Adaptors
 3730         o Internally, mailing list memberships are accessed through a
 3731           MemberAdaptor interface.  This would allow for integrating
 3732           membership databases with external sources (e.g. Zope or
 3733           LDAP), although the only MemberAdaptor currently implemented
 3734           is a "classic" adaptor which stores the membership
 3735           information on the MailList object.
 3737         o There's a new pipeline handler module called FileRecips.py
 3738           which could be used to get all regular delivery mailing list
 3739           recipients from a Sendmail-style :include: file (see List
 3740           Extensibility bullet below).
 3742           This work was sponsored by Control.com
 3744     - List Extensibility
 3745         o A framework has been added which can be used to specialize
 3746           and extend specific mailing lists.  If there is a file
 3747           called lists/<yourlist>/extend.py, it is execfile()'d after
 3748           the MailList object is instantiated.  The file should
 3749           contain a function extend() which will be called with the
 3750           MailList instance.  This function can do all sorts of deep
 3751           things, like modify the handler pipeline just for this list,
 3752           or even strip out particular admin GUI elements (see below).
 3754         o All the admin page GUI elements are now separate
 3755           components.  This provides greater flexibility for list
 3756           customization.  Also, each GUI element will be given an
 3757           opportunity to handle admin CGI form data.
 3759           This work was sponsored by Control.com
 3761     - Topic Filters
 3762         o A new feature has been added called "Topic Filters".  A list
 3763           administrator can create topics, which are essentially
 3764           regular expression matches against Subject: and Keyword:
 3765           headers (including such pseudo-headers if they appear in the
 3766           first few lines of the body of a message).
 3768           List members can then `subscribe' to various topics, which
 3769           allows them to filter out any messages that don't match a
 3770           topic, or to filter out any message that does match a
 3771           topic.  This can be useful for high volume lists where not
 3772           everyone will be interested in every message.
 3774           This work was sponsored by Control.com
 3776 2.1 alpha 2 (11-Jul-2001)
 3778     - Building
 3779         o mimelib 0.4 is now required.  Get it from
 3780           http://mimelib.sf.net.  If you've installed an earlier
 3781           version of mimelib, you must upgrade.
 3783         o /usr/local/mailman is now the default installation
 3784           directory.  Use configure's --prefix switch to change it
 3785           back to the default (/home/mailman) or any other
 3786           installation directory of your choice.
 3788     - Security
 3789         o Better definition of authentication domains.  The following
 3790           roles have been defined: user, list-admin, list-moderator,
 3791           creator, site-admin.
 3793         o There is now a separate role of "list moderator", which has
 3794           access to the pending requests (admindb) page, but not the
 3795           list configuration pages.
 3797         o Subscription confirmations can now be performed via email or
 3798           via URL.  When a subscription is received, a unique (sha)
 3799           confirm URL is generated in the confirmation message.
 3800           Simply visiting this URL completes the subscription process.
 3802         o In a similar manner, removal requests (via web or email
 3803           command) no longer require the password.  If the correct
 3804           password is given, the removal is performed immediately.  If
 3805           no password is given, then a confirmation message is
 3806           generated.
 3808     - Internationalization
 3809         o More I18N patches.  The basic infrastructure should now be
 3810           working correctly.  Spanish templates and catalogs are
 3811           included, and English, French, Hungarian, and Big5 templates
 3812           are included.
 3814         o Cascading specializations and internationalization of
 3815           templates.  Templates are now search for in the following
 3816           order: list-specific location, domain-specific location,
 3817           site-wide location, global defaults.  Each search location
 3818           is further qualified by the language being displayed.  This
 3819           means that you only need to change the templates that are
 3820           different from the global defaults.
 3822           Templates renamed: admlogin.txt => admlogin.html
 3823           Templates added: private.html
 3825     - Web UI
 3826         o Redesigned the user options page.  It now sits behind an
 3827           authentication so user options cannot be viewed without the
 3828           proper password.  The other advantage is that the user's
 3829           password need not be entered on the options page to
 3830           unsubscribe or change option values.  The login screen also
 3831           provides for password mail-back, and unsubscription w/
 3832           confirmation.
 3834           Other new features accessible from the user options page
 3835           include: ability to change email address (with confirmation)
 3836           both per-list and globally for all list on virtual domain;
 3837           global membership password changing; global mail delivery
 3838           disable/enable; ability to suppress password reminders both
 3839           per-list and globally; logout button.
 3841           [Note: the handle_opts cgi has gone away]
 3843         o Color schemes for non-template based web pages can be defined
 3844           via mm_cfg.
 3846         o Redesign of the membership management page.  The page is now
 3847           split into three subcategories (Membership List, Mass
 3848           Subscription, and Mass Removal).  The Membership List
 3849           subcategory now supports searching for member addresses by
 3850           regular expression, and if necessary, it groups member
 3851           addresses first alphabetically, and then by chunks.
 3853           Mass Subscription and Mass Removal now support file upload,
 3854           with one address per line.
 3856         o Hyperlinks from the logos in the footers have been removed.
 3857           The sponsors got too much "unsubscribe me!" spam from
 3858           desperate user of Mailman at other sites.
 3860         o New buttons on the digest admin page to send a digest
 3861           immediately (if it's non-empty), to start a new digest
 3862           volume with the next digest, and to select the interval with
 3863           which to automatically start a new digest volume (yearly,
 3864           monthly, quarterly, weekly, daily).
 3866           DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration
 3867           variable, initially set to give a new digest volume monthly.
 3869         o Through-the-web list creation and removal, using a separate
 3870           site-wide authentication role called the "list creator and
 3871           destroyer" or simply "list creator".  If the configuration
 3872           variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by
 3873           default, it's 0), then list admins can delete their own
 3874           lists.
 3876           This feature requires an adaptor for the particular MTA
 3877           you're using.  An adaptor for Postfix is included, as is a
 3878           dumb adaptor that just emails mailman@yoursite with the
 3879           necessary Sendmail style /etc/alias file changes.  Some MTAs
 3880           like Exim can be configured to automatically recognize new
 3881           lists.  The adaptor is selected via the MTA option in
 3882           mm_cfg.py
 3884     - Email UI
 3885         o In email commands, "join" is a synonym for
 3886           "subscribe". "remove" and "leave" are synonyms for
 3887           "unsubscribe".  New robot addresses are support to make
 3888           subscribing and unsubscribing much easier:
 3890           mylist-join@mysite
 3891           mylist-leave@mysite
 3893         o Confirmation messages have a shortened Subject: header,
 3894           containing just the word "confirm" and the confirmation
 3895           cookie.  This should help for MUAs that like to wrap long
 3896           Subject: lines, messing up confirmation.
 3898         o Mailman now recognizes an Urgent: header, which, if it
 3899           contains the list moderator or list administrator password,
 3900           forces the message to be delivered immediately to all
 3901           members (i.e. both regular and digest members).  The message
 3902           is also placed in the digest.  If the password is incorrect,
 3903           the message will be bounced back to the sender.
 3905     - Performance
 3906         o Refinements to the new qrunner subsystem which preserves
 3907           FIFO order of messages.
 3909         o The qrunner is no longer started from cron.  It is started
 3910           by a Un*x init-style script called bin/mailmanctl (see
 3911           below).  cron/qrunner has been removed.
 3913     - Command line scripts
 3914         o bin/mailmanctl script added, which is used to start, stop,
 3915           and restart the qrunner daemon.
 3917         o bin/qrunner script added which allows a single sub-qrunner
 3918           to run once through its processing loop.
 3920         o bin/change_pw script added (eases mass changing of list
 3921           passwords).
 3923         o bin/update grows a -f switch to force an update.
 3925         o bin/newlang renamed to bin/addlang; bin/rmlang removed.
 3927         o bin/mmsitepass has grown a -c option to set the list
 3928           creator's password.  The site-wide `create' web page is
 3929           linked to from the admin overview page.
 3931         o bin/newlist's -o option is removed.  This script also grows
 3932           a way of spelling the creation of a list in a specific
 3933           virtual domain.
 3935         o The `auto' script has been removed.
 3937         o bin/dumpdb has grown -m/--marshal and -p/--pickle options.
 3939         o bin/list_admins can be used to print the owners of a mailing list.
 3941         o bin/genaliases regenerates from scratch the aliases and
 3942           aliases.db file for the Postfix MTA.
 3944     - Archiver
 3945         o New archiver date clobbering option, which allows dates to
 3946           only be clobber if they are outrageously out-of-date
 3947           (default setting is 15 days on either side of received
 3948           timestamp).  New configuration variables:
 3953           The archived copy of messages grows an X-List-Received-Date:
 3954           header indicating the time the message was received by
 3955           Mailman.
 3957         o PRIVATE_ARCHIVE_URL configuration variable is removed (this
 3958           can be calculated on the fly, and removing it actually makes
 3959           site configuration easier).
 3961     - Miscellaneous
 3962         o Several new README's have been added.
 3964         o Most syslog entries for the qrunner have been redirected to
 3965           logs/error.
 3967         o On SIGHUP, qrunner will re-open all its log files and
 3968           restart all child processes.  See "bin/mailmanctl restart".
 3970     - Patches and bug fixes
 3971         o SF patches and bug fixes applied: 420396, 424389, 227694,
 3972           426002, 401372 (partial), 401452.
 3974         o Fixes in 2.0.5 ported forward:
 3975             Fix a lock stagnation problem that can result when the
 3976             user hits the `stop' button on their browser during a
 3977             write operation that can take a long time (e.g. hitting
 3978             the membership management admin page).
 3980         o Fixes in 2.0.4 ported forward:
 3981             Python 2.1 compatibility release.  There were a few
 3982             questionable constructs and uses of deprecated modules
 3983             that caused annoying warnings when used with Python 2.1.
 3984             This release quiets those warnings.
 3986         o Fixes in 2.0.3 ported forward:
 3987             Bug fix release.  There was a small typo in 2.0.2 in
 3988             ListAdmin.py for approving an already subscribed member
 3989             (thanks Thomas!).  Also, an update to the OpenWall
 3990             security workaround (contrib/securelinux_fix.py) was
 3991             included.  Thanks to Marc Merlin.
 3993 2.1 alpha 1 (04-Mar-2001)
 3995     - Python 2.0 or newer required.  Also required is `mimelib' a new
 3996       library for handling MIME documents.  This will be bundled in
 3997       future releases, but for now, you must download and install it
 3998       (using Python's distutils) from
 4000       http://barry.wooz.org/software/Code/mimelib-0.2.tar.gz
 4002       You need mimelib 0.2 or better.
 4004     - Redesigned qrunner subsystem.  Now there are multiple message
 4005       queues, and considerable flexibility in file formats for
 4006       integration with external systems.  The current crop of queues
 4007       include:
 4009       archive -- for posting messages to an archiver
 4010       commands -- for incoming email commands and bounces
 4011       in -- for list-destined incoming email
 4012       news -- for messages outgoing to a nntp server
 4013       out -- for messages outgoing to a smtp server
 4014       shunt -- for messages that trigger unexpected exceptions in Mailman
 4015       virgin -- for messages that are generated by Mailman
 4017       cron/qrunner is now a long running script that forks off
 4018       sub-runners for each of the above queues.  qrunner still plays
 4019       nice with cron, but it is expected to be started by init at some
 4020       point in the future.  Some support exists for parallel
 4021       processing of messages in the queues.
 4023     - Support for internationalization support merged in.  Original
 4024       work done by Juan Carlos Rey Anaya and Victoriano Giralt.  I've
 4025       tested about 90% of the web side, 50% of the email, and 50% of
 4026       the command line / cron scripts.
 4028       New scripts: bin/newlang, bin/rmlang
 4030     - New delivery script `auto' for automatic integration with the
 4031       Postfix MTA.
 4033     - A bunch of new bounce detectors.
 4035     Changes ported from Mailman 2.0.2 and 2.0.1:
 4037     - A fix for a potential privacy exploit where a clever list
 4038       administrator could gain access to user passwords.  This doesn't
 4039       allow them to do much more harm to the user then they normally
 4040       could, but they still shouldn't have access to the passwords.
 4042     - In the admindb page, don't complain when approving a
 4043       subscription of someone who's already on the list (SF bug
 4044       #222409 - Thomas Wouters).
 4046       Also, quote for HTML the Subject: text printed for held
 4047       messages, otherwise messages with e.g. "Subject: </table>" could
 4048       royally screw page formatting.
 4050     - Docstring fix bin/newlist to remove mention of "immediate"
 4051       argument (Thomas Wouters).
 4053     - Fix for bin/update when PREFIX != VAR_PREFIX (SF bug #229794 --
 4054       Thomas Wouters).
 4056     - Bug fix release, namely fixes a buglet in bin/withlist affecting
 4057       the -l and -r flags; also a problem that can cause qrunner to
 4058       stop processing mail after disk-full events (SourceForge bug
 4059       127199).
 4061 2.0 final (21-Nov-2000)
 4063     No changes from rc3.
 4065 2.0 release candidate 3 (16-Nov-2000)
 4067     - By popular demand, Reply-To: munging policy is now to always
 4068       override any Reply-To: header in the original message, if
 4069       reply_goes_to_list is set to "This list" or "Explicit Address"
 4071     - bin/newlist given -q/--quiet flag instead of the <immediate>
 4072       positional argument
 4074     - Hopefully last fix to DEFAULT_URL not ending in a slash
 4075       sensitivity
 4077     - 2.0rc2 buglets fixed:
 4078         o newlist argument parsing
 4079         o updating with unlocked lists
 4080         o HyperArch.py traceback when there's no
 4081           Content-Transfer-Encoding: header
 4083     - SourceForge bugs fixed:
 4084         122358 (qmail-to-mailman.py listname case folding)
 4086     - SourceForge patches applied:
 4087         102373 (qmail-to-mailman.py listname case folding)
 4089 2.0 release candidate 2 (10-Nov-2000)
 4091     - Documentation updates: start in the doc/ directory.
 4093     - bin/withlist accepts additional command line arguments when used
 4094       with the --run flag; bin/mmsitepass and bin/newlist accept
 4095       -h/--help flags
 4097     - bin/newlist has a -o/--output flag to append /etc/aliases
 4098       suggestions to a specified file
 4100     - SourceForge bugs fixed:
 4101         116615 (README.BSD update), 117015 (duplicate messages on
 4102         moderated posts), 117548 (exception in HyperArch.py), 117682
 4103         (typos), 121185 (vsnprintf signature), 121591 and 122017
 4104         (bogus link after web unsubscribe), 121811 (`subscribe' in
 4105         Subject: doesn't get archived)
 4107     - SourceForge patches applied:
 4108         101812 (securelinux_fix.py contrib), 102097 (fix for bug
 4109         117548), 102211 (additional args for withlist), 102268 (case
 4110         insensitive Content-Transfer-Encoding:)
 4112 2.0 release candidate 1 (23-Oct-2000)
 4114     - Bug fixes and security patches.
 4116     - Better html rendition of articles in non us-ascii charsets
 4117       (Jeremy Hylton).  See VERBATIM_ENCODING variable in
 4118       Defaults.py.in for customization.
 4120 2.0 beta 6 (22-Sep-2000)
 4122     - Building
 4123         o Tested with Python 1.5.2, Python 1.6, and Python 2.0 beta 1.
 4124           Conducted on RH Linux 6.1 only, but should work
 4125           cross-platform.
 4127         o Configure now accepts --with-username, --with-groupname,
 4128           --with-var-prefix flags.  See `configure --help' or the
 4129           INSTALL file for details.
 4131         o Setting the CFLAGS environment variable before invoking
 4132           configure now works.
 4134         o The icons are now copied into $prefix/icons at install time.
 4135           Patch by David Champion.
 4137     - Standards
 4138         o Compliance with RFC 2369 (List-*: headers).  Patch by
 4139           Darrell Fuhriman.  List-ID: header is kept for historical
 4140           reasons.
 4142         o Fixes by Jeremy Hylton to Pipermail in support of non-ASCII
 4143           charsets, based on the Content-Type: and encoded-words in
 4144           the original message.  Mail headers are now decoded as per
 4145           RFC 2047.
 4147         o Many more bounce formats are detected: Microsoft's SMTPSVC,
 4148           Compuserve, GroupWise, SMTP32, and the more generic
 4149           SimpleMatch (which catches lots of similar but slightly
 4150           different formats).
 4152     - Defaults
 4153         o Email addresses can now be obscured in Pipermail archives by
 4154           setting mm_cfg.ARCHIVER_OBSCURES_EMAILADDRS to 1 (obscuring
 4155           is turned off by default).  Patch provided by Chris Snell.
 4157         o The default NNTP host can now be set by editing
 4158           mm_cfg.DEFAULT_NNTP_HOST.  Patch by David Champion.
 4160         o The default archiving mode (public/private) can now be set
 4161           by editing mm_cfg.DEFAULT_ARCHIVE.  Patch by Ted Cabeen.
 4163     - Web UI
 4164         o The variable details pages in the administrators interface
 4165           is now `live', i.e. there's a submit button on the details
 4166           page.
 4168         o A link to the administrative interface is placed in the
 4169           footer of the general user pages (authentication still
 4170           required, of course!)
 4172         o The user options change results page has a link back to the
 4173           user's main page.
 4175         o In the admindb page (for dealing with held postings), the
 4176           default forward address is now listname-owner instead of
 4177           listname-admin.  This avoids bounce detection on the
 4178           forwarded message.
 4180     - Miscellaneous
 4181         o Fixed config.db corruption problem when disk-full errors are
 4182           encountered.
 4184         o Command line scripts accept list names case-insensitively.
 4186         o bin/remove_members takes a -a flag to remove all members of
 4187           a list in one fell swoop.
 4189         o List admin passwords must be non-empty.
 4191         o Mailman generated passwords are slightly more mnemonic, and
 4192           shouldn't have confusing character selections (i.e. `i'
 4193           only, but no `1' or `l').
 4195         o Crossposting to two gated mailing lists should be fixed.
 4197         o Many other bug fixes and minor web UI improvements.
 4199 2.0 beta 5 (01-Aug-2000)
 4201     - Bug fix release.  This includes a fix for a small security hole
 4202       which could be exploited to gain mailman group access by a local
 4203       user (not a mail or web user).
 4205     - As part of the fix for the "cookie reauthorization" bug, only
 4206       session cookies are used now.  This means that administrative
 4207       and private archive cookies expire only when the browser session
 4208       is quit, however an explicit "Logout" button has been added.
 4210 2.0 beta 4 (06-Jul-2000)
 4212     - Bug fix release.
 4214 2.0 beta 3 (29-Jun-2000)
 4216     - Delivery mechanism (qrunner) refined to support immediate
 4217       queuing, queuing directly from MTA, and queuing on any error
 4218       along the delivery pipeline.  This means 1) that huge lists
 4219       can't time out the MTA's program delivery channel; 2) it is much
 4220       harder to completely lose messages; 3) eventually, qrunner will
 4221       be elaborated to meter delivery to the MTA so as not to swamp
 4222       it.  The tradeoff is in more disk I/O since every message coming
 4223       into the system (and most that are generated by the system) live
 4224       on disk for some part of their journey through Mailman.
 4226       For now, see the Default.py variables QRUNNER_PROCESS_LIFETIME
 4227       and QRUNNER_MAX_MESSAGES for primitive resource management.
 4229       The API to the pipeline handler modules has changed.  See
 4230       Mailman/Handlers/HandlerAPI.py for details.
 4232     - Revamped admindb web page: held messages are split into headers
 4233       and bodies so they are easier to vette; admins can now also
 4234       preserve a held message (for spam evidence gathering) or forward
 4235       the message to a specified email address; disposition of held
 4236       messages can be deferred; held messages have a more context
 4237       meaningful default rejection message.
 4239     - Change to the semantics for `acceptable_aliases' list
 4240       configuration variable, based on suggestions by Harald Meland.
 4242     - New mm_cfg.py variables NNTP_USERNAME and NNTP_PASSWORD can be
 4243       set on a site-wide basis if connection to your nntpd requires
 4244       authentication.
 4246     - The list attribute `num_spawns' has been removed.  The mm_cfg.py
 4247       variables MAX_SPAWNS, and DEFAULT_NUM_SPAWNS removed too.
 4249     - LIST_LOCK_LIFETIME cranked to 5 hours and LIST_LOCK_TIMEOUT
 4250       shortened to 10 seconds.  QRUNNER_LOCK_LIFETIME cranked up to 10
 4251       hours.  This should decrease the changes for bogus and harmful
 4252       lock breaking.
 4254     - Resent-to: is now one of the headers checked for explicit
 4255       destinations.
 4257     - Tons more bounce formats are recognized.  The API to the bounce
 4258       modules has changed.
 4260     - A rewritten LockFile module which should fix most (hopefully all)
 4261       bugs in the locking machinery.  Many improvements suggested by
 4262       Thomas Wouters and Harald Meland.
 4264     - Experimental support (disabled by default) for delivering SMTP
 4265       chunks to the MTA via multiple threads.  Your Python executable
 4266       must have been compiled with thread support enabled, and you
 4267       must set MAX_DELIVERY_THREADS in mm_cfg.py.  Note that this may
 4268       not improve your overall system performance.
 4270     - Some changes and additions to scripts: bin/find_member now
 4271       supports a -w/--owner flag to match regexps against mailing list
 4272       owners; bin/find_member now supports multiple regexps;
 4273       cron/gate_news command line option changes; new script
 4274       bin/dumbdb for debugging purposes; bin/clone_member can now also
 4275       remove the old address and change change the list owner
 4276       addresses.
 4278     - The News/Mail gateway admin page has a button that lets you do
 4279       an explicit catchup of the newsgroup.
 4281     - The CVS repository has been moved out to SourceForge.  For more
 4282       information, see the project summary at
 4284       http://sourceforge.net/project/?group_id=103
 4286     - Lots 'o bug fixes and some performance improvements.
 4288 2.0 beta 2 (07-Apr-2000)
 4290     - Rewritten gate_news cron script which should be more efficient
 4291       and avoid race and locking problems.  Each list now maintains
 4292       its own watermark, and when you use the admin CGI script to turn
 4293       on gating from Usenet->mail, an automatic mass catch up is done
 4294       to avoid flooding the mailing list.  cron/gate_news's command
 4295       line interface has also changed.  See its docstring for
 4296       details.
 4298     - A new cron script called qrunner has been added to retry message
 4299       deliveries that fail because of temporary smtpd problems.
 4301     - New command line script called bin/list_lists which does exactly
 4302       that: lists all the mailing lists on the system (much like the
 4303       listinfo CGI does).
 4305     - bin/withlist is now directly executable, however if you want to
 4306       use python -i, you must still explicitly invoke it.
 4307       bin/withlist also now cleans up after itself by unlocking any
 4308       locked lists.  It does NOT save any dirty lists though - you
 4309       must do this explicitly.
 4311     - $prefix permissions (and all subdirs) must now be 02775.
 4312       bin/check_perms has been updated to fix all the subdir
 4313       permissions.
 4315     - "make update" (a.k.a. bin/update) is run automatically when you
 4316       do a "make install"
 4318     - The CGI driver script now puts information about the Python
 4319       environment into the logs/error file (but not the diagnostic web
 4320       page).
 4322     - Bug fixes and some performance improvements
 4324 2.0 beta 1 (19-Mar-2000)
 4326     - Python 1.5.2 (or newer) is now required.
 4328     - A new bundled auto-responder has been added.  You can now
 4329       configure an autoresponse text for each list's primary
 4330       addresses:
 4332         listname@yourhost.com -- the general posting address
 4333         listname-request@...  -- the automated "request bot" address
 4334         listname-admin@...    -- the human administrator address
 4336     - The standard UI now includes three logos at the bottom of the
 4337       page: Dragon's Mailman logo, the Python Powered logo, and the
 4338       GNU logo.  All point to their respective home pages.
 4340     - It is now possible to set the Reply-To: field on lists to an
 4341       arbitrary address.  NOTE: Reply-To: munging is generally
 4342       considered harmful!  However for some read-only lists, it is
 4343       useful to direct replies to a parallel discussion list.
 4345     - There is a new message delivery architecture which uses a
 4346       pipeline processor for incoming and internally generated
 4347       messages.  Mailman no longer contains a bundled bulk-mailer;
 4348       instead message delivery is handled completely by the MTA.  Most
 4349       MTAs give a high enough priority to connections from the
 4350       localhost that mail will not be lost because of system load, but
 4351       this is not guaranteed (or handled) by Mailman currently.  Be
 4352       careful also if your smtpd is on a different host than the
 4353       Mailman host.  In practice, mail lossage has not be observed.
 4355       For this reason cron/run_queue is no longer needed (see the
 4356       UPGRADING file for details).
 4358       Also, you can choose whether you want direct smtp delivery, or
 4359       delivery via the command line to a sendmail-compatible daemon.
 4360       You can also easily add your own delivery module.  See
 4361       Mailman/Defaults.py for details.
 4363     - A similar pipeline architecture for the parsing of bounce
 4364       messages has been added.  Most common bounce formats are now
 4365       handled, including Qmail, Postfix, and DSN.  It is now much
 4366       easier to add new bounce detectors.
 4368     - The approval pending architecture has also been revamped.
 4369       Subscription requests and message posts waiting for admin
 4370       approval are no longer kept in the config.db file, but in a
 4371       separate requests.db file instead.
 4373     - Finally made consistent the use of Sender:/From:/From_ in the
 4374       matching of headers for such things as member-post-only.  Now,
 4375       if USE_ENVELOPE_SENDER is true, Sender: will always be chosen
 4376       over From:, however the default has been changed to
 4377       USE_ENVELOPE_SENDER false so that From: is always chosen over
 4378       Sender:.  In both cases, if no header is found, From_ (i.e. the
 4379       envelope sender is used).  Note that the variable is now
 4380       misnamed!  Most people want From: matching anyway and any are
 4381       easily spoofable.
 4383     - New scripts bin/move_list, bin/config_list
 4385     - cron/upvolumes_yearly, cron/upvolumes_monthly, cron/archive,
 4386       cron/run_queue all removed.  Edit your crontab if you used these
 4387       scripts.  Other scripts removed: contact_transport, deliver,
 4388       dumb_deliver.
 4390     - Several web UI improvements, especially in the admin page.
 4392     - Remove X-pmrqc: headers to prevent return reciepts for Pegasus
 4393       mail users.
 4395     - Security patch when using external archivers.
 4397     - Honor "X-Archive: No" header by not putting this message in the
 4398       archive.
 4400     - Changes to the log file format.
 4402     - The usual bug fixes.
 4404 1.1 (05-Nov-1999)
 4406     - All GIFs removed.  See http://www.gnu.org/philosophy/gif.html
 4407       for the reason why.
 4409     - Improvements to the Pipermail archiver which make things faster.
 4410       Primary change is that the .txt files are not gzipped on every
 4411       posted message.  Instead, use the new cron script `nightly_gzip'
 4412       to gzip the .txt file in batches (this means that the .txt file
 4413       will lag behind the on-line archives a little).
 4415     - From the C drivers programs, Python is invoked with the -S
 4416       option.  This tells Python to avoid importing the site module,
 4417       which can improve start up time of the Python process
 4418       considerably.  Note that the command line script invocation has
 4419       not been changed.
 4421     - New configuration variables PUBLIC_EXTERNAL_ARCHIVER and
 4422       PRIVATE_EXTERNAL_ARCHIVER which can contain a shell command
 4423       string for os.popen().  This can be used to invoke an external
 4424       archiver instead of the bundled Pipermail archiver.  See
 4425       Defaults.py for details.
 4427     - new script `bin/find_member' which can be used to search for a
 4428       member by regular expression.
 4430     - More child processes are reaped, which should eliminate most
 4431       occurrences of zombie processes.
 4433     - A few small miscellaneous bug fixes (including PR#99, PR#107)
 4434       and improvements to the file locking algorithms.
 4436 1.0 (30-Jul-1999)
 4438     - Configure script now allows $PREFIX (by default /home/mailman)
 4439       to be permissions 02755.  Also, configure now tests for
 4440       vsnprintf()
 4442     - Workaround, taken from GNU screen, for systems missing
 4443       vsnprintf()
 4445     - Return-Receipt-To: and Disposition-Notification-To: headers are
 4446       always removed from posted messages (they can be used to troll
 4447       for list membership).
 4449     - Workaround for MSIE4.01 (and possibly other versions) bug in the
 4450       handling of cookies.
 4452     - A small collection of other bug fixes.
 4454 1.0rc3 (10-Jul-1999)
 4456     - new script bin/check_perms which checks (and optionally fixes)
 4457       the permissions and group ownerships of the files in your
 4458       Mailman installation.
 4460     - Removed a bottleneck in the archiving code that was causing
 4461       performance problems on highly loaded servers.
 4463     - The code that saves a list's state and configuration database
 4464       has been made more robust.
 4466     - Additional exception handlers have been added in several places
 4467       to alleviate problems with Mailman bombing out when it really
 4468       would be better to print/log a helpful message.
 4470     - The "password" mail command will now mail back the sender's
 4471       subscription password when given with no arguments.
 4473     - The embarrassing subject-prefixing bug present in rc2 has been
 4474       fixed.
 4476     - A small (but nice :) collection of other squashed bugs.
 4478 1.0rc2 (14-Jun-1999)
 4480     - A security flaw in the CGI cookie mechanisms was discovered --
 4481       the Mailman-issued cookies were easily spoofable, implying that
 4482       e.g. admin access to all Mailman lists via the web interface
 4483       could be compromised.  This flaw has now been fixed.
 4485     - Handling of SMTP errors has been improved.
 4487     - Both "Mass Subscription" via web admin interface and
 4488       bin/add_members have been greatly sped up.
 4490     - autoconf check for syslog has been revamped, and is now verified
 4491       to work on SCO OpenServer 5.  If syslog can't be found, the C
 4492       wrappers will compile, but without any syslog calls.
 4494     - Various other bug fixes.
 4496 1.0rc1 (04-May-1999)
 4498     - There is a new Mailman logo, contributed by The Dragon De
 4499       Monsyne.  Please read the INSTALL file for information about
 4500       installing the logo in a place your Web server can find it.
 4502     - USE_ENVELOPE_SENDER is now set to 0 by default.  Turning this on
 4503       caused problems for too many users; lists restricted to
 4504       member-only posts were not matching the addresses correctly.
 4506     - A revamped bin/withlist to be a little more useful.
 4508     - A revamped cron/mailpasswds which groups users by virtual hosts.
 4510     - The usual assortment of bug fixes.
 4512 1.0b11 (03-Apr-1999)
 4514     - Bug fixes and improvements for case preservation of subscribed
 4515       addresses.  The DATA_FILE_VERSION has been bumped to 14.
 4517     - New script bin/withlist, useful for interactive debugging.
 4519 1.0b10 (26-Mar-1999)
 4521     - New script bin/sync_members which can be used to synchronize a
 4522       list's membership against a flat (e.g. sendmail :include: style)
 4523       file.
 4525     - bin/add_members and bin/remove_members now accept addresses on
 4526       the command line with `-' as the value for the -d and -n
 4527       options.
 4529     - Added variable USE_ENVELOPE_SENDER to Defaults.py for site-wide
 4530       configuration of address matching scheme.  With this variable
 4531       set to true, the envelope sender (e.g. Unix "From_" header) is
 4532       used to match addresses, otherwise the From: header is used.
 4533       Envelope sender matching seems not to work on many systems.
 4534       This variable is currently defaulted to 1, but may change to 0
 4535       for the final release.
 4537     - Reorganization of the membership management admin page.  Also
 4538       member addresses are linked to their options page.  Only the
 4539       `General' category has the admin password change form.
 4541     - Major reorganization of email command handling and responses.
 4542       `notmetoo' is the preferred email command instead of `norcv',
 4543       although the latter is still accepted as an argument.  If more
 4544       than 5 errors are found in the message, command processing is
 4545       halted.
 4547     - User options page now shows the user their case-preserved
 4548       subscribed address as well.
 4550     - The usual assortment of bug fixes.
 4552 1.0b9 (01-Mar-1999)
 4554     - New bin scripts: clone_member, list_members, add_members (a
 4555       consolidation of convertlist and populate_new_list which have
 4556       been removed).
 4558     - Two new readmes have been added: README.LINUX and README.QMAIL
 4560     - New configure option --with-cgi-ext which can be used if your
 4561       Web server requires extensions on CGI scripts.  The extension
 4562       must include a dot (e.g. --with-cgi-ext=".cgi").
 4564     - Many bug fixes, including the setgid problem that was causing
 4565       mail to be lost on some versions of Linux.
 4567 1.0b8 (14-Jan-1999)
 4569      - Bug fixes and workarounds for certain Linuxes.
 4571      - Illegal addresses are no longer allowed to be subscribed, from
 4572        any interface.
 4574 1.0b7 (31-Dec-1998)
 4576      - Many, many bug fixes.  Some performance improvements for large
 4577        lists.  Some improvements in the Web interfaces.  Some security
 4578        improvements.  Improved compatibility with Python 1.5.
 4580      - bin/convert_list and bin/populate_new_list have been replaced
 4581        by bin/add_members.
 4583      - Admins can now get notification on subscriptions and
 4584        unsubscriptions.  Posts are now logged.
 4586      - The username portion of email addresses are now case-preserved
 4587        for delivery purposes.  All other address comparisions are
 4588        case-insensitive.
 4590      - New default SMTP_MAX_RCPTS that limits the number of "RCPT TO"
 4591        SMTP commands that can be given for a single message.  Most
 4592        MTAs have some hard limit.
 4594      - "Precedence: bulk" header and "List-id:" header are now added
 4595        to all outgoing messages.  The latter is not added if the
 4596        message already has a "List-id:" header.  See RFC 2046 and
 4597        draft-chandhok-listid-02 for details.
 4599      - The standard (as of Python 1.5.2) smtplib.py is now used.
 4601      - The install process now compiles all the .py files in the
 4602        installation.
 4604      - Versions of the Mailman papers given at IPC7 and LISA-98 are
 4605        now included.
 4607 1.0b6 (07-Nov-1998)
 4609      - Archiving is (finally) back in.
 4611      - Administrivia filter added.
 4613      - Mail queue mechanism revamped with better concurrency control.
 4615      - For recipients that have estmp MTAs, set delivery notification
 4616        status so that only delivery failure notices are sent out,
 4617        inhibiting 4 hour and N day warning notices.
 4619      - Now expire old unconfirmed subscription requests, rather than
 4620        keeping them forever.
 4622      - Added proposed standard List-Id: header, and our own
 4623        X-MailmanVersion header.
 4625      - Prevent havoc from attempts to subscribe a list to itself.  (!)
 4627      - Refine mail command processing to prevent loops.
 4629      - Pending subscription DB redone with better locking and cleaner
 4630        interface.
 4632      - posters functionality expanded.
 4634      - Subscription policy more flexible, sensible, and
 4635        site-configurable.
 4637      - Various and sundry bug fixes.
 4639 1.0b5 (27-Jul-1998)
 4641     - New file locking that should be portable and work w/ NFS.
 4643     - Better use of packages.
 4645     - Better error logging and reporting.
 4647     - Less startup overhead.
 4649     - Various and sundry bug fixes.
 4652 1.0b4 (03-Jun-1998)
 4654     - A configure script for easy installation (Barry Warsaw)
 4656     - The ability to install Mailman to locations other than
 4657       /home/mailman (Barry Warsaw)
 4659     - Use cookies on the admin pages (also hides admin pages from
 4660       others) (Scott Cotton)
 4662     - Subscription requests send a request for confirmation, which may
 4663       be done by simply replying to the message (Scott Cotton)
 4665     - Facilities for gating mail to a newsgroup, and for gating a
 4666       newsgroup to a mailing list (John Viega)
 4668     - Contact the SMTP port instead of calling sendmail (primarily for
 4669       portability) (John Viega)
 4671     - Changed all links on web pages to relative links where appropriate.
 4672       (John Viega)
 4674     - Use MD5 if crypt is not available (John Viega)
 4676     - Lots of fixing up of bounce handling (Ken Manheimer)
 4678     - General UI polishing (Ken Manheimer)
 4680     - mm_html: Make it prominent when the user's delivery is disabled
 4681       on his option page. (Ken Manheimer)
 4683     - mallist:DeleteMember() Delete the option setings if any. (Ken
 4684       Manheimer)
 4686 1.0b3 (03-May-1998)
 4688     - mm_message:Deliverer.DeliverToList() added missing newline
 4689       between the headers and message body.  Without it, any sequence
 4690       of initial body lines that _looked_ like headers ("Sir: Please
 4691       excuse my impertinence, but") got treated like headers.
 4693     - Fixed typo which broke subscription acknowledgement message
 4694       (thanks to janne sinkonen for pointing this out promptly after
 4695       release).  (Anyone who applied my intermediate patch will
 4696       probably see this one trigger patch'es reversed-patch
 4697       detector...)
 4699     - Fixed cgi-wrapper.c so it doesn't segfault when invoked with
 4700       improper uid or gid, and generally wrappers are cleaned up a
 4701       bit.
 4703     - Prevented delivery-failure notices for misdirected subscribe-
 4704       confirmation requests from bouncing back to the -request addr,
 4705       and then being treated as failing requests.
 4707       Implemented two measures.  Set the reply-to for the
 4708       confirmation- request to the -request addr, and the sender to be
 4709       the list admin.  This way, bounces go to list admin instead of
 4710       to -request addr.  (Using the errors-to header wasn't
 4711       sufficient.  Thanks, barry, for pointing out the use of sender
 4712       here.)  Second, ignore any mailcommands coming from postmaster
 4713       or non-login system type accounts (mailer-daemon, daemon,
 4714       postoffice, etc.)
 4716     - Reenabled admin setting of web_page_url - crucial for having
 4717       lists use alternate names of a host that occupies multiple
 4718       addresses.
 4720     - Fixed and refined admin-options help mechanism.  Top-level visit
 4721       to general-category (where the "general" isn't in the URL) was
 4722       broken.  New help presentation shows the same row that shows on
 4723       the actual options page.
 4725     - cron/crontab.in crontab template had wrong name for senddigests.
 4727     - Default digest format setting, as distributed, is now non-MIME,
 4728       on urging of reasoned voices asserting that there are still
 4729       enough bad MIME implementations in the world to be a nuisance to
 4730       too many users if MIME is the default.  Sigh.
 4732     - MIME digests now preserve the structure of MIME postings,
 4733       keeping attachments as attachments, etc.  They also are more
 4734       structured in general.
 4736     - Added README instructions explaining how to determine the right
 4737       UID and GID settings for the wrapper executables, and improved
 4738       some of the explanations about exploratory interaction
 4739       w/mailman.
 4741     - Removed the constraint that subscribers have their domain
 4742       included in a static list in the code.  We might want to
 4743       eventually reincorporate the check for the sake of a warning
 4744       message, to give a heads up to the subscriber, but try delivery
 4745       anyway...
 4747     - Added missing titles to error docs.
 4749     - Improved several help details, including particularly explaining
 4750       better how real_name setting is used.
 4752     - Strengthened admonition against setting reply_goes_to_list.
 4754     - Added X-BeenThere header to postings for the sake of prevention
 4755       of external mail loops.
 4757     - Improved handling of bounced messages to better recognize
 4758       members address, and prevent duplicate attempts to react (which
 4759       could cause superfluous notices to administrator).
 4761     - Added __delitem__ method to mm_message.OutgoingMessage, to fix
 4762       the intermediate patch posted just before this one.
 4764     - Using keyword substitution format for more message text (ie,
 4765       "substituting %(such)s into text" % {'such': "something"}) to
 4766       make the substitutions less fragile and, presumably, easier to
 4767       debug.
 4769     - Removed hardwired (and failure-prone) /tmp file logging from
 4770       answer.majordomo_mail, and generally spiffed up following janne
 4771       sinkkonen's lead.
 4773 1.0b2 (13-Apr-1998)
 4774 1.0b1 (09-Apr-1998)
 4776   Web pages much more polished
 4777    - Better organized, text more finely crafted
 4778    - Easier, more refined layout
 4779    - List info and admin interface overviews, enumerate all public lists
 4780      (via, e.g., http://www.python.org/mailman/listinfo - sans the
 4781      specific list)
 4782    - Admin interface broken into sections, with help elaboration for
 4783      complicated configuration options
 4785   Mailing List Archives
 4786    - Integrated with a newer, *much* improved, external pipermail - to be
 4787      found at http://starship.skyport.net/crew/amk/maintained/pipermail.html
 4788    - Private archives protected with mailing list members passwords,
 4789      cookie-fied.
 4791   Spam prevention
 4792    - New spam prevention measures catch most if not all spam without
 4793      operator intervention or general constraints on who can post to
 4794      list:
 4795        require_explicit_destination option imposes hold of any postings
 4796        that do not have the list name in any of the to or cc header
 4797        destination addresses.  This catches the vast majority of random
 4798        spam.
 4799      Other options (forbidden_posters, bounce_matching_headers) provide
 4800      for filtering of known transgressors.
 4801    - Option obscure_addresses (default on) causes mailing list subscriber
 4802      lists on the web to be slightly mangled so they're not directly
 4803      recognizable as email address by web spiders, which might be
 4804      seeking targets for spammers.
 4806   Site configuration arrangement organized - in mailman/mailman/modules:
 4807    - When installing, create a mailman/modules/mm_cfg.py (if there's not
 4808      one already there), using mm_cfg.py.dist as a template.
 4809      mm_default.py contains the distributed defaults, including
 4810      descriptions of the values.  mm_cfg.py does a 'from mm_defaults.py
 4811      import *' to get the distributed defaults.  Include settings in
 4812      mm_cfg.py for any values in mm_defaults.py that need to be
 4813      customized for your site, after the 'from .. import *'.
 4814    See mm_cfg.py.dist for more details.
 4816   Logging
 4817    - Major operations (subscription, admin approval, bounce,
 4818      digestification, cgi script failure tracebacks) logged in files
 4819      using a reliable mechanism
 4820    - Wrapper executables log authentication complaints via syslog
 4822   Wrappers
 4823    - All cgi-script wrapper executables combined in a single source,
 4824      easier to configure.  (Mail and aliases wrappers separate.)
 4826   List structure version migration
 4827    - Provision for automatic update of list structures when moving to a
 4828      new version of the system.  See modules/versions.py.
 4830   Code cleaning
 4831    - Many more module docstrings, __version__ settings, more function
 4832      docstrings.
 4833    - Most unqualified exception catches have been replaced with more
 4834      finely targeted catches, to avoid concealing bugs.
 4835    - Lotsa long lines wrapped (pet peeve:).
 4837   Random details (not complete, sorry):
 4838    - make archival frequency a list option
 4839    - Option for daily digest dispatch, in addition to size threshhold
 4840    - make sure users only get one periodic password notifcation message for
 4841      all the lists they're on (repaired 1.0b1.1 varying-case mistake)
 4842    - Fix rmlist sans-argument bug causing deletion of all lists!
 4843    - doubled generated random passwords to four letters
 4844    - Cleaned lots and lots of notices
 4845    - Lots and lots of html page cleanup, including table-of-contents, etc
 4846    - Admin options sections - don't do the "if so" if the ensuing list
 4847      is empty
 4848    - Prevent list subject-prefix cascade
 4849    - Sources under CVS
 4850    - Various spam filters - implicit-destination, header-field
 4851    - Adjusted permissions for group access
 4852    - Prevent redundant subscription from redundant vetted requests
 4853    - Instituted centralize, robustish logging
 4854    - Wrapper sources use syslog for logging (john viega)
 4855    - Sorting of users done on presentation, not in list.
 4856    - Edit options - give an error for non-existent users, not an options page.
 4857    - Bounce handling - offer 'disable' option, instead of remove, and
 4858      never remove without notifying admin
 4859    - Moved subscribers off of listinfo (and made private lists visible
 4860      modulo authentication)
 4861    - Parameterize default digest headers and footers and create some
 4862    - Put titles on cgi result pages that do not get titles (all?)
 4863    - Option for immediate admin notifcation via email of pending
 4864      requests, as well as periodic
 4865    - Admin options web-page help
 4866    - Enabled grouped and cascading lists despite implicit-name constraint
 4867    - Changed subscribers list so it has its own script (roster)
 4868    - Welcome pages: http://www.python.org/mailman/{admin,listinfo}/
 4870 0.95 (25-Jan-1997)
 4871   - Fixed a bug in sending out digests added when adding disable mime option.
 4872   - Added an option to not notify about bounced posts.
 4873   - Added hook for pre-posting filters.  These could be used to
 4874     auto-strip signatures.  I'm using the feature to auto-strip footers
 4875     that are auto-generated by mail received from another mailing list.
 4877 0.94 (22-Jan-1997)
 4878   - Made admin password work ubiquitously in place of a user password.
 4879   - Added an interface for getting / setting user options.
 4880   - Added user option to disable mime digests (digested people only)
 4881   - Added user option to not receive your own posts (nondigested people only)
 4882   - Added user option to ack posts
 4883   - Added user option to disable list delivery to their box.
 4884   - Added web interface to user options
 4885   - Config number of sendmail spawns on a per-list basis
 4886   - Fixed extra space at beginning of each message in digests...
 4887   - Handled comma separated emails in bounce messages...
 4888   - Added a FindUser() function to MailList.  Used it where appropriate.
 4889   - Added mail interface to setting list options.
 4890   - Added name links to the templates options page
 4891   - Added an option so people can hide their names from the subscription list.
 4892   - Added an answer_majordomo_mail script for people switching...
 4894 0.93 (18/20-Jan-1997)
 4895   -  When delivering to list, don't call sendmail directly.  Write to a file,
 4896      and then run the new deliver script, which forks and exits in the parent
 4897      immediately to avoid hanging when delivering mail for large lists, so that
 4898      large lists don't spend a lot of time locked.
 4899   -  GetSender() no longer assumes that you don't have an owner-xxx address.
 4900   -  Fixed unsubscribing via mail.
 4901   -  Made subscribe via mail generate a password if you don't supply one.
 4902   -  Added an option to clobber the date in the archives to the date the list
 4903      resent the post, so that the archive doesn't get mail from people sending
 4904       bad dates clumped up at the beginning or end.
 4905   -  Added automatic error message processing as an option.  Currently
 4906      logging to /tmp/bounce.log
 4907   -  Changed archive to take a list as an argument, (the old way was broken)
 4908   -  Remove (ignore) spaces in email addresses
 4909   -  Allow user passwords to be case insensitive.
 4910   -  Removed the cleanup script since it was now redundant.
 4911   -  Fixed archives if there were no archives.
 4912   -  Added a Lock() call to Load() and Create().  This fixes the
 4913      problem of loading then locking.
 4914   -  Removed all occurances of Lock() except for the ones in mailing
 4915      list since creating a list
 4916      now implicitly locks it.
 4917   -  Quote single periods in message text.
 4918   - Made bounce system handle digest users fairly.
 4920 0.92 (13/16-Jan-1997)
 4921   -  Added Lock and Unlock methods to list to ensure each operation is atomic
 4922   -  Added a cmd that rms all files of a mailing list (but not the aliases)
 4923   -  Fixed subscribing an unknown user@localhost (confirm this)
 4924   -  Changed the sender to list-admin@... to ensure we avoid mail loops.
 4925   -  check to make sure there are msgs to archive before calling pipermail.
 4926   -  started using this w/ real mailing lists.
 4927   -  Added a cron script that scours the maillog for User/Host unknown errs
 4928   -  Sort membership lists
 4929   -  Always display digest_is_default option
 4930   -  Don't slam the TO list unless you're sending a digest.
 4931   -  When making digest summaries, if missing sender name, use their email.
 4932   -  Hacked in some protection against crappy dates in pipermail.py
 4933   -  Made it so archive/digest volumes can go up monthly for large large lists.
 4934   -  Number digest messages
 4935   -  Add headers/footers to each message in digest for braindead mailers
 4936   -  I removed some forgotten debug statements that caused server errors
 4937          when a CGI script sent mail.
 4938   -  Removed loose_matches flag, since everything used it.
 4939   -  Fixed a problem in pipermail if there was no From line.
 4940   -  In upvolume_ scripts, remove INDEX files as we leave a volume.
 4941   -  Threw a couple of scripts in bin for generating archives from majordomo's
 4942      digest-archives.  I wouldn't recommend them for the layman, though, they
 4943      were meant to do a job quickly, not to be usable.
 4945 0.91 (23-Dec-1996)
 4946   -  broke code into mixins for managability
 4947   -  tag parsing instead of lots of gsubs
 4948   -  tweaked pipermail (see comments on pipermail header)
 4949   -  templates are now on a per-list basis as intended.
 4950   -  request over web that your password be emailed to you.
 4951   -  option so that web subscriptions require email confirmation.
 4952   -  wrote a first pass at an admin interface to configurable variables.
 4953   -  made digests mime-compliant.
 4954   -  added a FakeFile class that simulates enough of a file object on a
 4955         string of text to fool rfc822.Message in non-seek mode.
 4956   -  changed OutgoingMessage not to require its args in constructor.
 4957   -  added an admin request DB interface.
 4958   -  clearly separated the internal name from the real name.
 4959   -  replaced lots of ugly, redundant code w/ nice code.
 4960         (added Get...Email() interfaces, GetScriptURL, etc...)
 4961   -  Wrote a lot of pretty html formatting functions / classes.
 4962   -  Fleshed out the newlist command a lot.  It now mails the new list
 4963         admin, and auto-updates the aliases file.
 4964   -  Made multiple owners acceptable.
 4965   -  Non-advertised lists, closed lists, max header length, max msg length
 4966   -  Allowed editing templates from list admin pages.
 4967   -  You can get to your info page from the web even if the list is closed.
 4970 Local Variables:
 4971 mode: indented-text
 4972 indent-tabs-mode: nil
 4973 End: