"Fossies" - the Fresh Open Source Software Archive 
Member "mailman-2.1.39/NEWS" (13 Dec 2021, 212122 Bytes) of package /linux/misc/mailman-2.1.39.tgz:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "NEWS":
2.1.38_vs_2.1.39.
1 -*- coding: iso-8859-1 -*-
2 Mailman - The GNU Mailing List Management System
3 Copyright (C) 1998-2020 by the Free Software Foundation, Inc.
4 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
5
6 Here is a history of user visible changes to Mailman.
7
8 2.1.39 (13-Dec-2021)
9
10 Bug Fixes and other patches
11
12 - User matching for CSRF tokens is no longer case sensitive., and a
13 potential NamerError in logging is fixed. (LP: #1954694)
14
15 2.1.38 (30-Nov-2021)
16
17 Security
18
19 - A potential CSRF attack against a list admin from a list member or
20 moderator has been blocked. CVE-2021-44227 (LP: #1952384)
21
22 Bug Fixes and other patches
23
24 - NotAMemberError exception from the user options page when the user has
25 been asynchronously unsubscribed is fixed. (LP: #1951769)
26
27 2.1.37 (12-Nov-2021)
28
29 Bug Fixes and other patches
30
31 - A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833)
32
33 2.1.36 (12-Nov-2021)
34
35 Security
36
37 - A potential XSS attack via the user options page has been reported by
38 Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
39
40 - A potential for for a list moderator to carry out an off-line brute force
41 attack to obtain the list admin password has been reported by Andre
42 Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
43 CVE-2021-43332 (LP: #1949403)
44
45 2.1.35 (19-Oct-2021)
46
47 Security
48
49 - A potential for for a list member to carry out an off-line brute force
50 attack to obtain the list admin password has been reported by Andre
51 Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
52 CVE-2021-42096 (LP: #1947639)
53
54 - A CSRF attack via the user options page could allow takeover of a users
55 account. This is fixed. CVE-2021-42097 (LP: #1947640)
56
57 Bug Fixes and other patches
58
59 - Fixed an issue where sometimes the wrapper message for DMARC mitigation
60 Wrap Message has no Subject:. (LP: #1915655)
61
62 - Plain text message bodies with Content-Disposition: and no declared
63 charset are no longer scrubbed. (LP: #1917968)
64
65 - CommandRunner now recodes message bodies in the charset of the user's
66 or list's language to avoid a possible UnicodeError when including the
67 message body in the reply. (LP: #1921682)
68
69 - Delivery disabled by bounce notices to admins now have 'disabled'
70 properly translated. (LP: #1922843)
71
72 - DMARC policy discovery ignores domains with multiple DMARC records per
73 RFC 7849, (LP: 1931029)
74
75 2.1.34 (26-Jun-2020)
76
77 i18n
78
79 - The Spanish translation has been updated by Omar Walid Llorente.
80
81 Bug Fixes and other patches
82
83 - The fix for LP: #1859104 can result in ValueError being thrown on
84 attempts to subscribe to a list. This is fixed and extended to apply
85 REFUSE_SECOND_PENDING to unsubscription as well. (LP: #1878458)
86
87 - DMARC mitigation no longer misses if the domain name returned by DNS
88 contains upper case. (LP: #1881035)
89
90 - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent
91 mailbombing of a member of a list with private rosters by repeated
92 subscribe attempts. (LP: #1883017)
93
94 - Very long filenames for scrubbed attachments are now truncated.
95 (LP: #1884456)
96
97 2.1.33 (07-May-2020)
98
99 Security
100
101 - A content injection vulnerability via the private login page has been
102 fixed. CVE-2020-15011 (LP: #1877379)
103
104 2.1.32 (05-May-2020)
105
106 i18n
107
108 Fixed a typo in the Spanish translation and updated mailman.pot and
109 the message catalog for 2.1.31 security fix.
110
111 2.1.31 (05-May-2020)
112
113 Security
114
115 - A content injection vulnerability via the options login page has been
116 discovered and reported by Vishal Singh. This is fixed. CVE-2020-12108
117 (LP: #1873722)
118
119 i18n
120
121 - The Spanish translation has been updated by Omar Walid Llorente.
122
123 Bug Fixes and other patches
124
125 - Bounce recognition for a non-compliant Yahoo format is added.
126
127 - Archiving workaround for non-ascii in string.lowercase in some Python
128 packages is added.
129
130 2.1.30 (13-Apr-2020)
131
132 New Features
133
134 - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
135 list setting that can be used to apply dmarc_moderation_action to mail
136 From: addresses listed or matching listed regexps. This can be used
137 to modify mail to addresses that don't accept external mail From:
138 themselves.
139
140 - There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
141 obtains a list of the names of all the all the lists in the installation
142 in order to determine the maximum length of a legitimate list name. It
143 does this on every web access and on sites with a very large number of
144 lists, this can have performance implications. See the description in
145 Defaults.py for more information.
146
147 - Thanks to Ralf Jung there is now the ability to add text based captchas
148 (aka textchas) to the listinfo subscribe form. See the documentation
149 for the new CAPTCHA setting in Defaults.py for how to enable this. Also
150 note that if you have custom listinfo.html templates, you will have to
151 add a <mm-captcha-ui> tag to those templates to make this work. This
152 feature can be used in combination with or instead of the Google
153 reCAPTCHA feature added in 2.1.26.
154
155 - Thanks to Ralf Hildebrandt the web admin Membership Management section
156 now has a feature to sync the list's membership with a list of email
157 addresses as with the bin/sync_members command.
158
159 - There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This
160 controls the dropping of addresses from the Cc: header in delivered
161 messages by the duplicate avoidance process. (LP: #1845751)
162
163 - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
164 a second request to subscribe to a list when there is already a pending
165 confirmation for that user. This can be set to Yes to prevent
166 mailbombing of a third party by repeatedly posting the subscribe form.
167 (LP: #1859104)
168
169 i18n
170
171 - The Japanese translation has been updated by Yasuhito FUTATSUKI.
172
173 - The German translation has been updated by Ludwig Reiter.
174
175 - The Spanish translation has been updated by Omar Walid Llorente.
176
177 - The Brazilian Portugese translation has been updated by Emerson de Mello.
178
179 Bug Fixes and other patches
180
181 - Fixed the confirm CGI to catch a rare TypeError on simultaneous
182 confirmations of the same token. (LP: #1785854)
183
184 - Scrubbed application/octet-stream MIME parts will now be given a
185 .bin extension instead of .obj. CVE-2020-12137 (LP: #1886117)
186
187 - Added bounce recognition for a non-compliant opensmtpd DSN with
188 Action: error. (LP: #1805137)
189
190 - Corrected and augmented some security log messages. (LP: #1810098)
191
192 - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
193 (LP: #1818205)
194
195 - Leading/trailing spaces in provided email addresses for login to private
196 archives and the user options page are now ignored. (LP: #1818872)
197
198 - Fixed the spelling of the --no-restart option for mailmanctl.
199
200 - Fixed an issue where certain combinations of charset and invalid
201 characters in a list's description could produce a List-ID header
202 without angle brackets. (LP: #1831321)
203
204 - With the Postfix MTA and virtual domains, mappings for the site list
205 -bounces and -request addresses in each virtual domain are now added
206 to data/virtual-mailman (-owner was done in 2.1.24). (LP: #1831777)
207
208 - The paths.py module now extends sys.path with the result of
209 site.getsitepackages() if available. (LP: #1838866)
210
211 - A bug causing a UnicodeDecodeError in preparing to send the confirmation
212 request message to a new subscriber has been fixed. (LP: #1851442)
213
214 - The SimpleMatch heuristic bounce recognizer has been improved to not
215 return most invalid email addresses. (LP: #1859011)
216
217 2.1.29 (24-Jul-2018)
218
219 Bug Fixes
220
221 - Fixed the listinfo and admin overview pages that were broken by
222 LP: #1780874. (LP: #1783417)
223
224 2.1.28 (23-Jul-2018)
225
226 Security
227
228 - A content spoofing vulnerability with invalid list name messages in
229 the web UI has been fixed. CVE-2018-13796 (LP: #1780874)
230
231 New Features
232
233 - It is now possible to edit HTML and text templates via the web admin
234 UI in a supported language other than the list's preferred_language.
235 Thanks to Yasuhito FUTATSUKI.
236
237 i18n
238
239 - The Japanese translation has been updated by Yasuhito FUTATSUKI.
240
241 - The German translation has been updated by Ralf Hildebrandt.
242
243 - The Esperanto translation has been updated by Rubén Fernández Asensio.
244
245 Bug fixes and other patches
246
247 - The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
248 not working. This is fixed. (LP: #1779774)
249
250 - Escaping of HTML entities for the web UI is now done more selectively.
251 (LP: #1779445)
252
253 2.1.27 (22-Jun-2018)
254
255 Security
256
257 - Existing protections against malicious listowners injecting evil
258 scripts into listinfo pages have had a few more checks added.
259 JVN#00846677/JPCERT#97432283/CVE-2018-0618
260
261 - A few more error messages have had their values HTML escaped.
262 JVN#00846677/JPCERT#97432283/CVE-2018-0618
263
264 - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
265 the same as one generated at the same time for a different list and
266 IP address. While this is not thought to be exploitable in any way,
267 the generation has been changed to avoid this. Thanks to Ralf Jung.
268
269 New Features
270
271 - An option has been added to bin/add_members to issue invitations
272 instead of immediately adding members. (LP: #1773064)
273
274 - A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to
275 enable blocking web subscribes from IPv4 addresses listed in Spamhaus
276 SBL, CSS or XBL. It will work with IPv6 addresses if Python's
277 py2-ipaddress module is installed. The module can be installed via pip
278 if not included in your Python.
279
280 - Thanks to Jim Popovitch, Mailman has a new 'security' log and logs
281 authentication failures to the various web CGI functions. The logged
282 data include the remote IP and can be used to automate blocking of IPs
283 with something like fail2ban. Since Mailman 2.1.14, these have returned
284 an http 401 status and the information should be logged by the web
285 server, but this new log makes that more convenient. Also, the
286 'mischief' log entries for 'hostile listname' noe include the remote IP
287 if available.
288
289 - Thanks to Jim Popovitch, admin notices of (un)subscribes now may give
290 the source of the action. This consists of a %(whence)s replacement
291 that has been added to the admin(un)subscribeack.txt templates. Thanks
292 to Yasuhito FUTATSUKI for updating the non-English templates and help
293 with internationalizing the reasons.
294
295 - Thanks to Jim Popovitch, there is a new
296 BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web
297 subscribes for addresses in domains listed in the Spamhaus DBL.
298
299 i18n
300
301 - The Japanese translation has been updated by Yasuhito FUTATSUKI.
302
303 - The Russian translation has been updated by Danil Smirnov.
304
305 - A partial Esperanto translation has been added. Thanks to
306 Rubén Fernández Asensio.
307
308 - Fixed a '# -*- coding:' line in the Russian message catalog that was
309 mistakenly translated to Russian. (LP: #1777342)
310
311 Bug fixes and other patches
312
313 - Some messages from bin/arch were not issued in the charset of the system
314 locale when DISABLE_COMMAND_LOCALE_CSET is No. Thanks to Yasuhito
315 FUTATSUKI this is now fixed. (LP: #1768892)
316
317 - The message displayed in the browser when accessing a Mailman CGI when
318 mm_cfg.py can't be imported due to some exception other than ImportError
319 has been improved. (LP: #1760506)
320
321 - The reimplementation of DELIVERY_RETRY_WAIT in 2.1.26 could cause extra
322 dequeueing and requeueing in the out queue by OutgoingRunner. This is
323 fixed. (LP: #1762871)
324
325 - A Python 2.7 dependency introduced in the ToDigests handler in Mailman
326 2.1.24 has been removed. (LP: #1755317)
327
328 - Bad values in a list's topics will no longer break everything that
329 might instantiate the list. (LP: #1754516)
330
331 - A Python 2.7 dependency introduced with the reCAPTCHA feature in 2.1.26
332 has been removed. (LP: #1752658)
333
334 - The reCAPTCHA feature requires JavaScript. If JavaScript is not enabled,
335 a message will be displayed on the subscribe form that JavaScript is
336 required. (LP: #1769374)
337
338 - Quoting in the mailman-config command has been changed from double to
339 single quotes to allow double-quoted parameters. (LP: #1774986)
340
341 - Approving a held subscription for a user with a 'different' preferred
342 language no longer corrupts the results page. (LP: #1777222)
343
344 - An issue with garbled descriptions on listinfo and admin overview pages
345 and the heading of a list's listinfo page due to incompatible character
346 sets has been fixed thanks to Yasuhito FUTATSUKI.
347
348 Miscellaneous
349
350 - Added to the contrib directory, a script from Jim Popovitch to generate
351 Sitemap files for a list's archive.
352
353 2.1.26 (04-Feb-2018)
354
355 Security
356
357 - An XSS vulnerability in the user options CGI could allow a crafted URL
358 to execute arbitrary javascript in a user's browser. A related issue
359 could expose information on a user's options page without requiring
360 login. These are fixed. Thanks to Calum Hutton for the report.
361 CVE-2018-5950 (LP: #1747209)
362
363 New Features
364
365 - Thanks to David Siebörger who adapted an existing patch by Andrea
366 Veri to use Google reCAPTCHA v2 there is now the ability to add
367 reCAPTCHA to the listinfo subscribe form. There are two new mm_cfg.py
368 settings for RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY, the values
369 for which you obtain for your domain(s) from Google at
370 <https://www.google.com/recaptcha/admin>.
371
372 - Thanks to Lindsay Haisley, there is a new bin/mailman-config command
373 to display various information about this Mailman version and how it
374 was configured.
375
376 i18n
377
378 - The Japanese message catalog has been updated for added strings by
379 Yasuhito FUTATSUKI.
380
381 - The German translation of a couple of templates has been updated by
382 Thomas Hochstein.
383
384 - The Japanese translation of Defaults.py.in has been updated by
385 Yasuhito FUTATSUKI.
386
387 Bug fixes and other patches
388
389 - Fixed an i18n bug in the reCAPTCHA feature. (LP: #1746189)
390
391 - Added a few more environment variables to the list of those passed
392 to CGIs to support an nginx/uwsgi configuration. (LP #1744739)
393
394 - Mailman 2.1.22 introduced a Python 2.7 dependency that could affect
395 bin/arch processing a message without a valid Date: header. The
396 dependency has been removed. (LP: #1740543)
397
398 - Messages held for header_filter_rules now show the matched regexp in
399 the hold reason. (LP: #1737371)
400
401 - When updating the group and mode of a .db file with Mailman's Postfix
402 integration, a missing file is ignored. (LP: #1734162)
403
404 - The DELIVERY_RETRY_WAIT setting is now effective. (LP: #1729472)
405
406 2.1.25 (26-Oct-2017)
407
408 New Features
409
410 - The admindb held subscriptions listing now includes the date of the
411 most recent request from the address. (LP: #1697097)
412
413 Accessibility
414
415 - The admin Membership List now includes text for screen readers which
416 identifies the function of each checkbox. CSS is added to the page to
417 visually hide the text but still allow screen readers to read it.
418 Similar text has been added to some radio buttons on the admindb pages.
419
420 i18n
421
422 - The Russian translation has been updated by Sergey Matveev.
423 (LP: #1708016)
424
425 Bug fixes and other patches
426
427 - Thanks to Jim Popovitch, certain failures in DNS lookups of DMARC policy
428 will now result in mitigations being applied. (LP: #1722013)
429
430 - The default DMARC reject reason now properly replaces %(listowner)s.
431 (LP: #1718962)
432
433 - The web roster page now shows case preserved email addresses.
434 (LP: #1707447)
435
436 - Changed the SETGID wrappers to only pass those items in the environment
437 that are needed by the called scripts. (LP: #1705736)
438
439 - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
440 virtual-mailman(.db) files are readable by Postfix and the .db files are
441 owned by the Mailman user. (LP: #1696066)
442
443 - Defended against certain web attacks that cause exceptions and "we hit
444 a bug" responses when POST data or query fragments contain multiple
445 values for the same parameter. (LP: #1695667)
446
447 - The fix for LP: #1614841 caused a regression in the options CGI. This
448 has been fixed. (LP: #1602608)
449
450 - Added a -a option to the (e)grep commands in contrib/mmdsr to account
451 for logs that may have non-ascii and be seen as binary.
452
453 - Fixed the -V option to bin/list_lists to not show lists whose host is a
454 subdomain of the given domain. (LP: #1695610)
455
456 2.1.24 (02-Jun-2017)
457
458 Security
459
460 - A most likely unexploitable XSS attach that relies on the Mailman web
461 server passing a crafted Host: header to the CGI environment has been
462 fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam.
463
464 New Features
465
466 - There is a new RCPT_BASE64_HEADER_NAME setting. If this is set to a
467 non-empty string, that string is the name of a header that will be added
468 to personalized and VERPed deliveries with value equal to the base64
469 encoding of the recipient's email address. This is intended to enable
470 identification of the recipient otherwise redacted from "spam report"
471 feedback loop messages.
472
473 - cron/senddigests has a new -e/--exceptlist option to send pending
474 digests for all but a named list. (LP: #1619770)
475
476 - The values for DEFAULT_DIGEST_FOOTER and DEFAULT_MSG_FOOTER have been
477 changed to use a standard signature separator for DEFAULT_MSG_FOOTER
478 and to remove the unneded line of underscores from DEFAULT_DIGEST_FOOTER.
479 (LP: #266269)
480
481 i18n
482
483 - The Polish html templates have been recoded to use html entities
484 instead of non-ascii characters.
485
486 - The Basque (Euskara) translation has been updated by Gari Araolaza.
487
488 - The German "details for personalize" page has been updated by
489 Christian F Buser.
490
491 - The Japanese translation has been updated by Yasuhito FUTATSUKI.
492
493 Bug fixes and other patches
494
495 - The list-owner@virtual.domain addresses are now added to virtual-mailman
496 as they are exposed in 'list created' emails. (LP: #1694384)
497
498 - The 'list run by' addresses in web page footers are now just the
499 list-owner address. (LP: #1694384)
500
501 - Changed member_verbosity_threshold from a >= test to a strictly > test
502 to avoid the issue of moderating every post when the threshold = 1.
503 (LP: #1693366)
504
505 - Subject prefixing has been improved to always have a space between
506 the prefix and the subject even with non-ascii in the prefix. This
507 will sometimes result in two spaces when the prefix is non-ascii but
508 the subject is ascii, but this is the lesser evil. (LP: #1525954)
509
510 - Treat message and digest headers and footers as empty if they contain
511 only whitespace. (LP: #1673307)
512
513 - Ensured that added message and digest headers and footers always have
514 a terminating new-line. (LP: #1670033)
515
516 - Fixed an uncaught TypeError in the subscribe CGI. (LP: #1667215)
517
518 - Added recognition for a newly seen mailEnable bounce.
519
520 - Fixed an uncaught NotAMemberError when a member is removed before a
521 probe bounce for the member is returned. (LP: #1664729)
522
523 - Fixed a TypeError thrown in the roster CGI when called with a listname
524 containing a % character. (LP: #1661810)
525
526 - Fixed a NameError issue in bin/add_members with
527 DISABLE_COMMAND_LOCALE_CSET = yes. (LP: #1647450)
528
529 - The CleanseDKIM handler has been removed from OWNER_PIPELINE. It isn't
530 needed there and has adverse DMARC implications for messages to -owner
531 of an anonymous list. (LP: #1645901)
532
533 - Fixed an issue with properly RFC 2047 encoding the display name in the
534 From: header for messages with DMARC mitigations. (LP: #1643210)
535
536 - Fixed an issue causing UnicodeError in sending digests following a
537 change of a list's preferred_language. (LP: #1644356)
538
539 - Enhanced the fix for race conditions in MailList().Load(). (LP: #266464)
540
541 - Fixed a typo in Utils.py that could have resulted in a NameError in
542 logging an unlikely occurrence. (LP: #1637745)
543
544 - Fixed a bug which created incorrect "view more members" links at the
545 bottom of the admin Membership List pages. (LP: #1637061)
546
547 - The 2.1.23 fix for LP: #1604544 only fixed the letter links at the top
548 of the Membership List. The links at the bottom have now been fixed.
549
550 - paths.py now adds dist-packages as well as site-packages to sys.path.
551 (LP: #1621172)
552
553 - INIT INFO has been added to the sample init.d script. (LP: #1620121)
554
555 2.1.23 (27-Aug-2016)
556
557 Security
558
559 - CSRF protection has been extended to the user options page. This was
560 actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and
561 intended for Mailman 2.1.15, but that fix wasn't completely merged at the
562 time. The full fix also addresses the admindb, and edithtml pages as
563 well as the user options page and the previously fixed admin pages.
564 Thanks to Nishant Agarwala for reporting the issue. CVE-2016-6893
565 (LP: #1614841)
566
567 New Features
568
569 - For header_filter_rules matching, RFC 2047 encoded headers, non-encoded
570 headers and header_filter_rules patterns are now all decoded to unicode.
571 Both XML character references of the form &#nnnn; and unicode escapes
572 of the form \Uxxxx in patterns are converted to unicodes as well. Both
573 headers and patterns are normalized to 'NFKC' normal form before
574 matching, but the normalization form can be set via a new NORMALIZE_FORM
575 mm_cfg setting. Also, the web UI has been updated to encode characters
576 in text fields that are invalid in the character set of the page's
577 language as XML character references instead of '?'. This should help
578 with entering header_filter_rules patterns to match 'odd' characters.
579 This feature is experimental and is problematic for some cases where it
580 is desired to have a header_filter_rules pattern with characters not in
581 the character set of the list's preferred language. For patterns
582 without such characters, the only change in behavior should be because
583 of unicode normalization which should improve matching. For other
584 situations such as trying to match a Subject: with CJK characters (range
585 U+4E00..U+9FFF) on an English language (ascii) list, one can enter a
586 pattern like '^subject:.*[一-鿿]' or
587 '^subject:.*[\u4e00;-\u9fff;]' to match a Subject with any character in
588 the range, and it will work, but depending on the actual characters and
589 the browser, submitting another, even unrelated change can garble the
590 original entry although this usually occurs only with ascii pages and
591 characters in the range \u0080-\u00ff. The \Uxxxx unicode escapes must
592 have exactly 4 hex digits, but they are case insensitive. (LP: #558155)
593
594 - Thanks to Jim Popovitch REMOVE_DKIM_HEADERS can now be set to 3 to
595 preserve the original headers as X-Mailman-Original-... before removing
596 them.
597
598 - Several additional templates have been added to those that can be edited
599 via the web admin GUI. (LP: #1583387)
600
601 - SMTPDirect.py can now do SASL authentication and STARTTLS security when
602 connecting to the outgoiung MTA. Associated with this are new
603 Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and
604 SMTP_USE_TLS. (LP: #558281)
605
606 - There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which
607 can be set to 1 to enable verbose smtplib debugging to Mailman's error
608 log to help with debugging 'low level smtp failures'. (LP: #1573074)
609
610 - A list's nonmember_rejection_notice attribute will now be the default
611 rejection reason for a held non-member post in addition to it's prior
612 role as the reson for an automatically rejected non-member post.
613 (LP: #1572330)
614
615 i18n
616
617 - The French translation of 'Dutch' is changed from 'Hollandais' to
618 'Néerlandais' per Francis Jorissen.
619
620 - Some German language templates that were incorrectly utf-8 encoded have
621 been recoded as iso-8859-1. (LP: #1602779)
622
623 - Japanese translation and documentation in messages/ja has been updated by
624 Yasuhito FUTATSUKI.
625
626 Bug fixes and other patches
627
628 - The admin Membership List letter links could be incorrectly rendered as
629 Unicode strings following a search. (LP: #1604544)
630
631 - We no longer throw an uncaught TypeError with certain defective crafted
632 POST requests to Mailman's CGIs. (LP: #1602608)
633
634 - Scrubber links in archives are now in the list's preferred_language
635 rather than the poster's language. (LP: #1586505)
636
637 - Improved logging of banned subscription and address change attempts.
638 (LP: #1582856)
639
640 - In rare circumstances a list can be removed while the admin or listinfo
641 CGI or bin/list_lists is running causing an uncaught MMUnknownListError
642 to be thrown. The exception is now caught and handled. (LP: #1582532)
643
644 - Set the Date: header in the wrapper message when from_is_list or
645 dmarc_moderation_action is Wrap Message. (LP: #1581215)
646
647 - A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the
648 null string if it wants to avoid using this. (LP: #1578450)
649
650 - The white space to the left of the admindb Logout link is no longer
651 part of the link. (LP: #1573623)
652
653 2.1.22 (17-Apr-2016)
654
655 i18n
656
657 - Fixed a typo in the German options.html template. (LP: #1562408)
658
659 - An error in the Brazilian Portugese translation of Quarterly has been
660 fixed thanks to Kleber A. Benatti.
661
662 - The Brazilian Portugese translation has been updated by Emerson Ribeiro
663 de Mello.
664
665 Bug fixes and other patches
666
667 - All addresses in data/virtual-mailman are now properly appended with
668 VIRTUAL_MAILMAN_LOCAL_DOMAIN and duplicates are not generated if the
669 site list is in a virtual domain. (LP: #1570630)
670
671 - DMARC mitigations will now find the From: domain to the right of the
672 rightmost '@' rather than the leftmost '@'. (LP: #1568445)
673
674 - DMARC mitigations for a sub-domain of an organizational domain will now
675 use the organizational domain's sp= policy if any. (LP: #1568398)
676
677 - Modified NewsRunner.py to ensure that messages gated to Usenet have a
678 non-blank Subject: header and when munging the Message-ID to add the
679 original to References: to help with threading. (LP: #557955)
680
681 - Fixed the pipermail archiver to do a better job of figuring the date of
682 a post when its Date: header is missing, unparseable or has an obviously
683 out of range date. This should only affect bin/arch as ArchRunner has
684 code to fix dates at least if ARCHIVER_CLOBBER_DATE_POLICY has not been
685 set to 0 in mm_cfg.py. If posts have been added in the past to a list's
686 archive using bin/arch and an imported mbox, running bin/arch again could
687 result is some of those posts being archived with a different date.
688 (LP: #1555798)
689
690 - Fixed an issue with CommandRunner shunting a malformed message with a
691 null byte in the body. (LP: #1553888)
692
693 - Don't collapse multipart with a single sub-part inside multipart/signed
694 parts. (LP: #1551075)
695
696 2.1.21 (28-Feb-2016)
697
698 New Features
699
700 - There is a new dmarc_none_moderation_action list setting and a
701 DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
702 apply Munge From or Wrap Message actions to posts From: domains that
703 publish DMARC p=none. The intent is to eliminate failure reports to
704 the domain owner for messages that would be munged or wrapped if the
705 domain published a stronger DMARC policy. See the descriptions in
706 Defaults.py, the web UI and the bug report for more. (LP: #1539384)
707
708 - Thanks to Jim Popovitch there is now a feature to automatically turn
709 on moderation for a malicious list member who attempts to flood a list
710 with spam. See the details for the Privacy options ... -> Sender
711 filters -> member_verbosity_threshold and member_verbosity_interval
712 settings in the web admin UI and the documentation in Defaults.py for
713 the DEFAULT_MEMBER_VERBOSITY_* and VERBOSE_CLEAN_LIMIT settings for
714 information.
715
716 - bin/list_members now has options to display all moderated or all
717 non-moderated members.
718
719 - There is now a mm_cfg.py setting GLOBAL_BAN_LIST which is like the
720 individual list's ban_list but applies globally to all subscribe
721 requests. See the description in Defaults.py for more details.
722
723 i18n
724
725 - The Japanese translation has been updated by Yasuhito FUTATSUKI.
726
727 - Also thanks to Miloslav Trmac and Yasuhito FUTATSUKI, the l10n for
728 Mailman's bin/ commands has been fixed to display using the character
729 set of the user's work station even when Mailman's character set for
730 the language is different. Because this has not been tested over a
731 wide set of locales, there is an mm_cfg.py switch
732 DISABLE_COMMAND_LOCALE_CSET to disable it if it causes problems.
733 (LP: #558167)
734
735 - The Polish translation has been updated by Stefan Plewako.
736
737 - The German translation has been updated by Mirian Margiani and
738 Bernhard Schmidt.
739
740 - The Russian translation has been updated by Danil Smirnov.
741
742 - Several Galician templates that were improperly encoded as iso-8859-1
743 have been fixed. (LP: #1532504)
744
745 - The Brazilian Portugese translation has been updated by Emerson Ribeiro
746 de Mello.
747
748 Bug fixes and other patches
749
750 - If DMARC lookup fails to find a policy, also try the Organizational
751 Domain. Associated with this is a new mm_cfg.py setting
752 DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL which sets the URL used to
753 retrieve the data for the algorithm that computes the Organizational
754 Domain. See https://publicsuffix.org/list/ for info. (LP: #1549420)
755
756 - Modified contrib/mmdsr to correctly report No such list names that
757 contain ".
758
759 - User's "Acknowledge" option will now be honored for posts to anonymous
760 lists. (LP: #1546679)
761
762 - Fixed a typo in the Non-digest options regular_exclude_ignore
763 description thanks to Yasuhito FUTATSUKI.
764
765 - DEFAULT_PASS_MIME_TYPES has been changed to accept text/plain sub-parts
766 from message/rfc822 parts and multipart parts other than mixed and
767 alternative and also accept pgp signatures. This only applies to newly
768 created lists and other than pgp signatures, still only accepts
769 text/plain. (LP: #1517446)
770
771 - Modified contrib/mmdsr to report held and banned subscriptions and DMARC
772 lookups in their own categories.
773
774 - Fixed a bug that could create a garbled From: header with certain DMARC
775 mitigation actions. (LP: #1536816)
776
777 - Treat a poster's address which matches an equivalent_domains address as
778 a list member for the regular_exclude_ignore check. (LP: #1526550)
779
780 - Fixed an issue that sometimes left no white space following
781 subject_prefix. (LP: #1525954)
782
783 - Vette log entries for banned subscriptions now include the source of
784 the request if available. (LP: #1525733)
785
786 - Submitting the user options form for a user who was asynchronously
787 unsubscribed would throw an uncaught NotAMemberError. (LP: #1523273)
788
789 - It was possible under some circumstances for a message to be shunted
790 after a handler rejected or discarded it, and the handler would be
791 skipped upon unshunting and the message accepted. (LP: #1519062)
792
793 - Posts gated to usenet will no longer have other than the target group
794 in the Newsgroups: header. (LP: #1512866)
795
796 - Invalid regexps in *_these_nonmembers, subscribe_auto_approval and
797 ban_list are now logged. (LP: #1507241)
798
799 - Refactored the GetPattern list method to simplify extending @listname
800 syntax to new attributes in the future. Changed Moderate.py to use the
801 GetPattern method to process the *_these_nonmembers lists.
802
803 - Changed CookHeaders to default to using space rather than tab as
804 continuation_ws when folding headers. (LP: #1505878)
805
806 - Fixed the 'pidfile' path in the sample init.d script. (LP: #1503422)
807
808 - Subject prefixing could fail to collapse multiple 'Re:' in an incomming
809 message if they all came after the list's subject_prefix. This is now
810 fixed. (LP: #1496620)
811
812 - Defended against a user submitting URLs with query fragments or POST
813 data containing multiple occurrences of the same variable.
814 (LP: #1496632)
815
816 - Fixed bin/mailmanctl to check its effective rather than real uid.
817 (LP: #1491187)
818
819 - Fixed cron/gate_news to catch EOFError on opening the newsgroup.
820 (LP: #1486263)
821
822 - Fixed a bug where a delayed probe bounce can throw an AttributeError.
823 (LP: #1482940)
824
825 - If a list is not digestable an the user is not currently set to
826 receive digests, the digest options will not be shown on the user's
827 options page. (LP: #1476298)
828
829 - Improved identification of remote clients for logging and subscribe
830 form checking in cases where access is via a proxy server. Thanks to
831 Jim Popovitch. Also updated contrib/mmdsr for log change.
832
833 - Fixed an issue with shunted messages on a list where the charset for
834 the list's preferred_language had been changed from iso-8859-1 to
835 utf-8 without recoding the list's description. (LP: #1462755)
836
837 - Mailman-Postfix integration will now add mailman@domain entries in
838 data/virtual-mailman for each domain in POSTFIX_STYLE_VIRTUAL_DOMAINS
839 which is a host_name of a list. This is so the addresses which are
840 exposed on admin and listinfo overview pages of virtual domains will
841 be deliverable. (LP: #1459236)
842
843 - The vette log entry for DMARC policy hits now contains the list name.
844 (LP: #1450826)
845
846 - If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load
847 balancer or similar in use the POSTing IP might not exactly match the
848 GETting IP. This is now accounted for by not requiring the last
849 octet (16 bits for ipV6) to match. (LP: #1447445)
850
851 - DKIM-Signature:, DomainKey-Signature: and Authentication-Results:
852 headers are now removed by default from posts to anonymous lists.
853 (LP: #1444673)
854
855 - The list admin web UI Mambership List search function often doesn't
856 return correct results for search strings (regexps) that contain
857 non-ascii characters. This is partially fixed. (LP: #1442298)
858
859 2.1.20 (31-Mar-2015)
860
861 Security
862
863 - A path traversal vulnerability has been discovered and fixed. This
864 vulnerability is only exploitable by a local user on a Mailman server
865 where the suggested Exim transport, the Postfix postfix_to_mailman.py
866 transport or some other programmatic MTA delivery not using aliases
867 is employed. CVE-2015-2775 (LP: #1437145)
868
869 New Features
870
871 - There is a new Address Change sub-section in the web admin Membership
872 Management section to allow a list admin to change a list member's
873 address in one step rather than adding the new address, copying settings
874 and deleting the old address. (LP: #266809)
875
876 i18n
877
878 - The Russian translation has been updated by Danil Smirnov.
879
880 - The Polish translation has been updated by Stefan Plewako.
881
882 Bug fixes and other patches
883
884 - A LookupError in SpamDetect on a message with RFC 2047 encoded headers
885 in an unknown character set is fixed. (LP: #1427389)
886
887 - Fixed a bug in CommandRunner that could process the second word of a
888 body line as a command word and a case sensitivity in commands in
889 Subject: with an Re: prefix. (LP: #1426829)
890
891 - Fixed a bug in CommandRunner that threw an uncaught KeyError if
892 the input to the list-request address contained a command word
893 terminated by a period. (LP: #1426825)
894
895 2.2 Branch Backports (released in conjunction with 2.1.19)
896
897 The following New Features and Bug Fixes have been in an "unofficial,
898 never to be released" Mailman 2.2 branch for several years. Until now,
899 they were never implemented on the official 2.1 branch because of their
900 i18n impacts. Given that there have been a number of i18n impacting
901 changes due to DMARC mitigations in the last few releases, it has been
902 decided to backport these as well.
903
904 All of these changes have been running in production on several lists
905 for years without problems other than untranslated strings, so they should
906 be reasonably "bug free".
907
908 New Features
909
910 - There is a new list attribute 'subscribe_auto_approval' which is a list
911 of email addresses and regular expressions matching email addresses
912 whose subscriptions are exempt from admin approval. (LP: #266609)
913
914 - Confirmed member change of address is logged in the 'subscribe' log,
915 and if admin_notify_mchanges is true, a notice is sent to the list
916 owner using a new adminaddrchgack.txt template.
917
918 - Added an 'automate' option to bin/newlist to send the notice to the
919 admin without the prompt.
920
921 - The processing of Topics regular expressions has changed. Previously the
922 Topics regexp was compiled in verbose mode but not documented as such
923 which caused some confusion. Also, the documentation indicated that
924 topic keywords could be entered one per line, but these entries were not
925 handled properly. Topics regexps are now compiled in non-verbose mode
926 and multi-line entries are 'ored'. Existing Topics regexps will be
927 converted when the list is updated so they will continue to work.
928
929 - Added real name display to the web roster. (LP: #266754)
930
931
932 Bug fixes and other patches
933
934 - Changed the response to an invalid confirmation to be more generic.
935 Not all confirmations are subscription requests.
936
937 - Changed the default nonmember_rejection_notice to be more user friendly.
938 (LP: #418728)
939
940 - Added "If you are a list member" qualification to some messages from the
941 options login page. (LP: #266442)
942
943 - Changed the 'Approve' wording in the admindbdetails.html template to
944 'Accept/Approve' for better agreement with the button labels.
945
946 - Added '(by thread)' to the previous and next message links in the
947 archive to emphasize that even if you got to the message from a
948 subject, date or author index, previous and next are still by thread.
949
950 2.1.19 (28-Feb-2015)
951
952 New Features
953
954 - The subscribe_auto_approval feature backported from the 2.2 branch and
955 described above has been enhanced to accept entries of the form
956 @listname to auto approve members of another list. (LP: #1417093)
957
958 - There is a new list attribute dmarc_wrapped_message_text and a
959 DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new
960 lists. This text is added to a message which is wrapped because of
961 dmarc_moderation_action in a separate text/plain part that precedes the
962 message/rfc822 part containing the original message. It can be used to
963 provide an explanation of why the message was wrapped or similar info.
964
965 - There is a new list attribute equivalent_domains and a
966 DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which
967 in turn defaults to the empty string. This provides a way to specify one
968 or more groups of domains, e.g., mac.com, me.com, icloud.com, which are
969 considered equivalent for validating list membership for posting and
970 moderation purposes.
971
972 - There is a new WEB_HEAD_ADD setting to specify text to be added to the
973 <HEAD> section of Mailman's internally generated web pages. This doesn't
974 apply to pages built from templates, but in those cases, custom templates
975 can be created. (LP: #1409396)
976
977 - There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting. Set this to Yes
978 to make the default selection on the admin Mass Subscriptions page
979 Invite rather than Subscribe. (LP: #1404511)
980
981 - There is a new list attribute in the Bounce processing section.
982 bounce_notify_owner_on_bounce_increment if set to Yes will cause
983 Mailman to notify the list owner on every bounce that increments a
984 list member's score but doesn't result in a probe or disable. There
985 is a new configuration setting setting
986 DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT to set the default
987 for new lists. This in turn defaults to No. (LP: #1382150)
988
989 Changed behavior
990
991 - Mailman's log files, request.pck files and heldmsg-* files are no
992 longer created world readable to protect against access by untrusted
993 local users. Note that permissions on existing log files won't be
994 changed so if you are concerned about this and don't rotate logs or
995 have a logrotate process that creates new log files instead of letting
996 Mailman create them, you will need to address that. (LP: #1327404)
997
998 Other changes
999
1000 - The Python Powered logo image has been replaced in the misc/ directory
1001 in the source distribution. Depending on how you've installed these
1002 images, you may need to copy PythonPowered.png from the misc/ directory
1003 in the source or from the $prefix/icons/ installed directory to another
1004 location for your web server. (LP: #1408575)
1005
1006 i18n
1007
1008 - The Polish translation has been updated by Stefan Plewako.
1009
1010 - The Interlingua translation has been updated by Martijn Dekker.
1011
1012 - The Japanese message catalog has been updated by SATOH Fumiyasu.
1013
1014 - Mailman's character set for Romanian has been changed from iso-8859-2
1015 to utf-8 and the templates and messages recoded. This change will
1016 require running 'bin/arch --wipe' on any existing Romanian language
1017 lists in order to recode the list's archives, and will require recoding
1018 any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and
1019 templates/site/ro/*. It may also require recoding any existing
1020 iso-8859-2 text in list attributes. (LP: #1418735)
1021
1022 - Mailman's character set for Russian has been changed from koi8-r to
1023 utf-8 and the templates and messages recoded. This change will
1024 require running 'bin/arch --wipe' on any existing Russian language
1025 lists in order to recode the list's archives, and will require recoding
1026 any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and
1027 templates/site/ru/*. It may also require recoding any existing koi8-r
1028 text in list attributes. (LP: #1418448)
1029
1030 - Mailman's versions.py has been augmented to help with the above two
1031 character set changes. The first time a list with preferred_language
1032 of Romanian or Russian is accessed or upon upgrade to this release,
1033 any list attributes which have string values such as description, info,
1034 welcome_msg, etc. that appear to be in the old character set will be
1035 converted to utf-8. This is done recursively for the values (but not
1036 the keys) of dictionary attributes and the elements of list and tuple
1037 attributes.
1038
1039 - The Russian message catalog and templates have been further updated by
1040 Danil Smirnov.
1041
1042 - The Romanian message catalog has been updated. (LP: #1415489)
1043
1044 - The Russian templates have been updated by Danil Smirnov. (LP: #1403462)
1045
1046 - The Japanese translation has been updated by SATOH Fumiyasu.
1047 (LP: #1402989)
1048
1049 - A minor change in the French translation of a listinfo subscribe form
1050 message has been made. (LP: #1331194)
1051
1052 Bug fixes and other patches
1053
1054 - Because of privacy concerns with the 2.2 backport adding real name to
1055 list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME
1056 setting that defaults to No. You may wish to set this to Yes in
1057 mm_cfg.py.
1058
1059 - Organization: headers are now unconditionally removed from posts to
1060 anonymous lists. Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept
1061 if the regexp included the trailing ':'. This is fixed too.
1062 (LP: #1419132)
1063
1064 - The admindb interface has been fixed so the the detail message body
1065 display doesn't lose part of a multi-byte character, and characters which
1066 are invalid in the message's charset are replaced rather than the whole
1067 body not being converted to the display charset. (LP: #1415406)
1068
1069 - Fixed a bug in bin/rmlist that would throw an exception or just fail to
1070 remove held message files for a list with regexp special characters in
1071 its name. (LP: #1414864)
1072
1073 - When applying DMARC mitigations, CookHeaders now adds the original From:
1074 to Cc: rather than Reply-To: in some cases to make MUA 'reply' and
1075 'reply all' more consistent with the non-DMARC cases. (LP: #1407098)
1076
1077 - The Subject: of the list welcome message wasn't always in the user's
1078 preferred language. Fixed. (LP: #1400988)
1079
1080 - Accept email command in Subject: prefixed with Re: or similar with no
1081 intervening space. (LP: #1400200)
1082
1083 - Fixed a UnicodeDecodeError that could occur in the web admin interface
1084 if 'text' valued attributes have unicode values. (LP: #1397170)
1085
1086 - We now catch the NotAMemberError exception thrown if an authenticated
1087 unsubscribe is submitted from the user options page for a nonmember.
1088 (LP: #1390653)
1089
1090 - Fixed an archiving bug that would cause messages with 'Subject: Re:'
1091 only to be indexed in the archives without a link to the message.
1092 (LP: #1388614)
1093
1094 - The vette log entry for a message discarded by a handler now includes
1095 the list name and the name of the handler. (LP: #558096)
1096
1097 - The options CGI now rejects all but HTTP GET and POST requests.
1098 (LP: #1372199)
1099
1100 - A list's poster password will now be accepted on an Urgent: header.
1101 (LP: #1371678)
1102
1103 - Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be
1104 ignored. (LP: #1363278)
1105
1106 - Renamed messages/sr/readme.sr to README.sr. (LP: #1360616)
1107
1108 - Moved the dmarc_moderation_action checks from the Moderate handler to
1109 the SpamDetect handler so that the Reject and Discard actions will be
1110 done before the message might be held by header_filter_rules, and the
1111 Wrap Message and Munge From actions will be done on messages held by
1112 header_filter_rules if the message is approved. (LP: #1334450)
1113
1114 - <label> tags have been added around most check boxes and radio buttons
1115 and their text labels in the admin and admindb web GUI so they can be
1116 (de)selected by clicking the text. (LP: #266391)
1117
1118 - If checking DNS for dmarc_moderation_action and DNS lookup is not
1119 available, log it. (LP: #1324541)
1120
1121 - Handle missing From: header addresses for DMARC mitigation actions.
1122 (LP: #1318025)
1123
1124 2.1.18-1 (06-May-2014)
1125
1126 Bug fixes and other patches
1127
1128 - A critical incompatibility between the DMARC Wrap Message action and
1129 Python versions older than 2.6.x for some x <= 5 existed and caused
1130 Wrapped message to be shunted. This is fixed. (LP: #1316682)
1131
1132 - Sender: headers are no longer removed in from_is_list Munge From
1133 actions. (LP: #1315970)
1134
1135 2.1.18 (03-May-2014)
1136
1137 Acknowledgements
1138
1139 - Thanks to Jim Popovitch and Phil Pennock for the branch that formed the
1140 basis of the dmarc_moderation_action feature.
1141
1142 - Thanks to Franck Martin et al for the branch that formed the basis of
1143 the from_is_list feature.
1144
1145 Dependencies
1146
1147 - There is a new dependency associated with the new Privacy options ->
1148 Sender filters -> dmarc_moderation_action feature discussed below.
1149 This requires that the dnspython <http://www.dnspython.org/> package
1150 be available in Python. This package can be downloaded from the above
1151 site or from the CheeseShop <https://pypi.python.org/pypi/dnspython/>
1152 or installed with pip.
1153
1154 New Features
1155
1156 - The from_is_list feature introduced in 2.1.16 is now unconditionally
1157 available to list owners. There is also, a new Privacy options ->
1158 Sender filters -> dmarc_moderation_action feature which applies to list
1159 messages where the From: address is in a domain which publishes a DMARC
1160 policy of reject or possibly quarantine. This is a list setting with
1161 values of Accept, Wrap Message, Munge From, Reject or Discard. There is
1162 a new DEFAULT_DMARC_MODERATION_ACTION configuration setting to set the
1163 default for this, and the list admin UI is not able to set an action
1164 which is 'less' than the default. The prior ALLOW_FROM_IS_LIST setting
1165 has been removed and is effectively always Yes. There is a new
1166 dmarc_quarantine_moderation_action list setting with default set by a
1167 new DEFAULT_DMARC_QUARANTINE_MODERATION_ACTION configuration setting
1168 which in turn defaults to Yes. The list setting can be set to No to
1169 exclude domains with DMARC policy of quarantine from
1170 dmarc_moderation_action.
1171
1172 dmarc_moderation_action and from_is_list interact in the following way.
1173 If the message is From: a domain to which dmarc_moderation_action applies
1174 and if dmarc_moderation_action is other than Accept,
1175 dmarc_moderation_action applies to that message. Otherwise the
1176 from_is_list action applies.
1177
1178 Also associated with dmarc_moderation_action are configuration settings
1179 DMARC_RESOLVER_TIMEOUT and DMARC_RESOLVER_LIFETIME. These are described
1180 in more detail in Defaults.py. There are also new vette log entries
1181 written when dmarc_moderation_action is found to apply to a post.
1182
1183 i18n
1184
1185 - Added missing <mm-digest-question-start> tag to French listinfo template.
1186 (LP: #1275964)
1187
1188 Bug Fixes and other patches
1189
1190 - Removed HTML tags from the title of a couple of rmlist.py pages because
1191 browsers don't render tags in the title. (LP: #265848)
1192
1193 - Most Mailman generated notices to list owners and moderators are now
1194 sent as Precedence: list instead of bulk. (LP: #1313146)
1195
1196 - The Reply-To: munging options weren't honored if there was no
1197 from_is_list action. (LP: #1313010)
1198
1199 - Changed from_is_list actions to insert the list address in Cc: if the
1200 list is fully personalized. Otherwise, the list address is only in
1201 From: and Reply-To: overrides it. (LP: #1312970)
1202
1203 - Fixed the Munge From action to only Munge the From: and/or Reply-To: in
1204 the outgoing message and not in archives, digests and messages sent via
1205 the usenet gateway. (LP: #1311431)
1206
1207 - Fixed a long standing issue in which a notice sent to a user whose
1208 language is other than that of the list can cause subsequent things
1209 which should be in the list's language to be in the user's language
1210 instead. (LP: #1308655)
1211
1212 - Fixed the admin Membership List so a search string if any is not lost
1213 when visiting subsequent fragments of a chunked list. (LP: #1307454)
1214
1215 - For from_is_list feature, use email address from original From: if
1216 original From: has no display name and strip domain part from resultant
1217 names that look like email addresses. (LP: #1304511)
1218
1219 - Added the list name to the vette log "held message approved" entry.
1220 (LP: #1295875)
1221
1222 - Added the CGI module name to various "No such list" error log entries.
1223 (LP: #1295875)
1224
1225 - Modified contrib/mmdsr to report module name if present in "No such list
1226 error log entries.
1227
1228 - Fixed a NameError exception in cron/nightly_gzip when it tries to print
1229 the usage message. (LP: #1291038)
1230
1231 - Fixed a bug in ListAdmin._handlepost that would crash when trying to
1232 preserve a held message for the site admin if HOLD_MESSAGES_AS_PICKLES
1233 is False. (LP: #1282365)
1234
1235 - The from_is_list header munging feature introduced in Mailman 2.1.16 is
1236 no longer erroneously applied to Mailman generated notices.
1237 (LP: #1279667)
1238
1239 - Changed the message from the confirm CGI to not indicate approval is
1240 required for an acceptance of an invitation. (LP: #1277744)
1241
1242 - Fixed POSTFIX_STYLE_VIRTUAL_DOMAINS to be case-insensitiive.
1243 (LP: #1267003)
1244
1245 - Added recognition for another simple warning to bounce processing.
1246 (LP: #1263247)
1247
1248 - Fixed a few failing tests in tests/test_handlers.py. (LP: #1262950)
1249
1250 - Fixed bin/arch to not create scrubbed attachments for messages skipped
1251 when processing the --start= option. (LP: #1260883)
1252
1253 - Fixed email address validation to do a bit better in obscure cases.
1254 (LP: #1258703)
1255
1256 - Fixed a bug which caused some authentication cookies to expire too soon
1257 if AUTHENTICATION_COOKIE_LIFETIME is non-zero. (LP: #1257112)
1258
1259 - Fixed a possible TypeError in bin/sync_members introduced in 2.1.17.
1260 (LP: #1243343)
1261
1262 Miscellaneous
1263
1264 - Added to the contrib directory, a script from Alain Williams to count
1265 posts in a list's archive.
1266
1267 2.1.17 (23-Nov-2013)
1268
1269 New Features
1270
1271 - Handling of posts gated from usenet to a list via the Mail <-> News
1272 gateway is changed. Formerly, no list membership, moderation or
1273 *_these_nonmembers checks were done. Now, if the sender of the usenet
1274 post is a moderated member or a nonmember matching a *_these_nonmembers
1275 filter, those checks will be done and actions applied. Nonmember posts
1276 from senders not matching a *_these_nonmembers filter are still accepted
1277 as before. (LP: #1252575)
1278
1279 - There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS. Since it
1280 is not possible to know which non-standard headers in a message might
1281 reveal sender information, we now remove all headers from incoming posts
1282 to anonymous lists except those which match regular expressions in this
1283 list. The default setting keeps non X- headers except those known to
1284 reveal sender information, Mailman added X- headers and x-Spam- headers.
1285 See the description in Defaults.py for more information. (LP: #1246039)
1286
1287 i18n
1288
1289 - The Japanese message catalog has been updated by SATOH Fumiyasu.
1290 (LP: #1248855)
1291
1292 Bug Fixes and other patches
1293
1294 - Added a reopen command to the sample init.d script in misc/mailman.in.
1295 (LP: #1251917)
1296
1297 - Fixed a misspelling in Tagger.py causing an "unexpected keyword argument
1298 'Delete'" exception. (LP: #1251495)
1299
1300 - Fixed contrib/qmail-to-mailman.py to work with a user other than
1301 'mailman' and to recognize more listname-* addresses. (LP: #412293)
1302
1303 - Fixed a possible UnicodeDecodeError in bin/sync_members. (LP: #1243343)
1304
1305 - Fixed Makefile to not include $DESTDIR in paths compiled into .pyc
1306 files for traceback purposes. (LP: #1241770)
1307
1308 2.1.16 (16-Oct-2013)
1309
1310 New Features
1311
1312 - There is a new list attribute from_is_list to either rewrite the From:
1313 header of posts replacing the posters address with that of the list or
1314 wrap the message in an outer message From: the list for compatability
1315 with DMARC and or ADSP. There is a new mm_cfg.py setting
1316 DEFAULT_FROM_IS_LIST to control the default for new lists, and the
1317 existing REMOVE_DKIM_HEADERS setting has been extended to allow removing
1318 those headers only for certain from_is_list lists. This feature must
1319 be enabled by setting ALLOW_FROM_IS_LIST to Yes in mm_cfg.py. See the
1320 description of these settings in Defaults.py for more detail. This
1321 feature is experimental in 2.1.16, and it is subject to change or to
1322 become just one of the two methods in a subsequent release. People
1323 interested in this feature are encouraged to try it and report their
1324 experiences to the mailman-users@python.org list.
1325
1326 - There is a new DISPLAY_HELD_SUMMARY_SORT_BUTTONS setting which if set
1327 in mm_cfg.py will display a set of radio buttons in the admindb held
1328 message summary to select how the held messages are sorted and grouped
1329 for display. The exact setting determines the default grouping and
1330 sorting. See the description in Defaults.py for details.
1331
1332 - Setting digest_size_threshhold to zero now means no digests will be
1333 sent based on size instead of a digest being sent with every post.
1334 (LP: #558274)
1335
1336 - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
1337 a dynamically generated, hidden hash in the listinfo subscribe form and
1338 check it upon submission. Setting this will prevent automated processes
1339 (bots) from successfully POSTing web subscribes without first retrieving
1340 and parsing the form from the listinfo page. The form must also be
1341 submitted no later than FORM_LIFETIME nor no earlier than
1342 SUBSCRIBE_FORM_MIN_TIME after retrieval. Note that enabling this will
1343 break any static subscribe forms on your site. See the description in
1344 Defaults.py for more info. (LP: #1082746)
1345
1346 - add_members now has an option to add members with mail delivery disabled
1347 by admin. (LP: #1070574)
1348
1349 - IncomingRunner now logs rejected messages to the vette log.
1350 (LP: #1068837)
1351
1352 - The name of the mailmanctl master lock file is now congigurable via the
1353 mm_cfg.py setting MASTER_LOCK_FILE. (LP: #1082308)
1354
1355 - list_lists now has an option to list only lists with public archives.
1356 (LP: #1082711)
1357
1358 Contributed programs
1359
1360 - A new import_majordomo_into_mailman.pl script has been contributed by
1361 Geoff Mayes. (LP: #1129742)
1362
1363 - A new "sitemap" bash script has been contributed by Tomasz Chmielewski
1364 <mangoo@wpkg.org> to generate a sitemap.xml file of an installation's
1365 public archives for submission to search engines.
1366
1367 i18n
1368
1369 - The Danish translation has been updated thanks to Tom Christensen.
1370
1371 - Fixed a string in the Czech message catalog. (LP: #1234567)
1372
1373 - A Farsi (Persian) translation has been added thanks to Javad Hoseini and
1374 Mahyar Moghimi.
1375
1376 - Fixed several misspelled or garbled string replacements in the Spanish
1377 message catalog. (LP: #1160138)
1378
1379 - pt_BR message catalog has two new and an updated message per Hugo Koji
1380 Kobayashi. (LP: #1138578)
1381
1382 - German message catalog has been updated per Ralf Hildebrandt.
1383
1384 - Corrected typo in templates/it/private.html.
1385
1386 Bug Fixes and other patches
1387
1388 - Fixed a crash in SpamDetect.py which caused messages with unparseable
1389 RFC 2047 encoded headers to be shunted. (LP: #1235101)
1390
1391 - Fixed cron/disabled to send a fresh cookie when notifying disabled
1392 members. (LP: #1203200)
1393
1394 - Added "message_id" to the interpolation dictionary for the Article.html
1395 template. (LP: #725498)
1396
1397 - Changed the admin GUI to report only the bad entries in a list of email
1398 addresses if any are bad. (LP: #558253)
1399
1400 - Added logging for template errors in HyperArch.py. (LP: #558254)
1401
1402 - Added more explanation to the bad owner address message from
1403 bin/newlist. (LP: #1200763)
1404
1405 - Fixed a bug causing the admin web interface to fail CSRF checking if
1406 the list name contains a '+' character. (LP: #1190802)
1407
1408 - Fixed bin/mailmanctl -s to not remove the master lock if it can't be
1409 determined to be truly stale. (LP: #1189558)
1410
1411 - It is no longer possible to add 'invalid' addresses to the ban_list
1412 and the *_these_nonmembers filters from the check boxes on the admindb
1413 interface. (LP: #1187201)
1414
1415 - Backported recognition for mail.ru DSNs and minor bug fixes from
1416 lp:flufl.bounce. (LP: #1074592, LP: #1079249 and #1079254)
1417
1418 - Defended against buggy web servers that don't include an empty
1419 QUERY_STRING in the CGI environment. (LP: #1160647)
1420
1421 - The Switchboard.finish() method now logs the text of the exception when
1422 it fails to unlink/preserve a .bak file. (LP: #1165589)
1423
1424 - The pending (un)subscriptions waiting approval are now sorted by email
1425 address in the admindb interface as intended. (LP: #1164160)
1426
1427 - The subscribe log entry for a bin/add_members subscribe now identifies
1428 bin/add_members as the source. (LP: #1161642)
1429
1430 - Fixed a bug where the Subject: of the user notification of a
1431 bin/remove_members unsubscribe was not in the user's language.
1432 (LP: #1161445)
1433
1434 - Fixed a bug where BounceRunner could create and leave behind zero length
1435 bounce-events files. (LP: #1161610)
1436
1437 - Added recognition for another Yahoo bounce format. (LP: #1157961)
1438
1439 - Changed configure's method for getting Python's include directory from
1440 distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
1441 distutils.sysconfig.get_python_inc(). (LP: #1098162)
1442
1443 - Added an Auto-Generated: header to password reminders. (LP: #558240)
1444
1445 - Fixed a bug where non-ascii characters in the real name in a subscription
1446 request could throw a UnicodeEncodeError upon subscription approval and
1447 perhaps in other situations too. (LP: #1047100)
1448
1449 - The query fragments send_unsub_notifications_to_list_owner and
1450 send_unsub_ack_to_this_batch will now assume default values if not set
1451 in mass unsubscribe URLs. (LP: #1032378)
1452
1453 - Replaced utf-8 encoded characters in newly added German templates with
1454 HTML entities. (LP: #1018208)
1455
1456 2.1.15 (13-Jun-2012)
1457
1458 Security
1459
1460 - Strengthened the validation of email addresses.
1461
1462 - An XSS vulnerability, CVE-2011-0707, has been fixed.
1463
1464 - The web admin interface has been hardened against CSRF attacks by adding
1465 a hidden, encrypted token with a time stamp to form submissions and not
1466 accepting authentication by cookie if the token is missing, invalid or
1467 older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one
1468 hour. Posthumous thanks go to Tokio Kikuchi for this implementation
1469 which is only one of his many contributions to Mailman prior to his
1470 death from cancer on 14 January 2012.
1471
1472 New Features
1473
1474 - Added a password reminder button to the private archive login page.
1475 Backported from the 2.2 branch.
1476
1477 - There is a new list attribute regular_exclude_ignore set from mm_cfg.py
1478 DEFAULT_REGULAR_EXCLUDE_IGNORE. This defaults to True even though the
1479 prior behavior is equivalent to False. A True setting will ignore an
1480 exclude list if the poster is not a member of that list. The False
1481 setting can result in list members not receiving posts if the nonmember
1482 post is not accepted by the exclude list. Backported from 2.2 branch.
1483
1484 - Eliminated the list cache from the qrunners. Indirect self-references
1485 caused lists to never be dropped from the cache which in turn caused
1486 the qrunners to grow very large in installations with many lists or
1487 multiple large lists. Bug #862683.
1488
1489 - The user options 'list my other subscriptions' page now indicates for
1490 each list if the subscription is 'nomail' or 'digest'. Bug #793669.
1491
1492 - A new list poster password has been implemented. This password may only
1493 be used in Approved: or X-Approved: headers for pre-approving posts.
1494 Using this password for that purpose precludes compromise of a more
1495 valuable password sent in plain text email. Bug #770581.
1496
1497 - A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.
1498 If this is set to a non-zero value, web authentication cookies will
1499 expire that many seconds following their last use. Its default value is
1500 zero to preserve current behavior.
1501
1502 - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control
1503 how much of the original message is included in automatic responses to
1504 email commands. The default is 2 to preserve the prior behavior of
1505 including the full message. Setting this to 1 in mm_cfg.py will include
1506 only the original headers, and 0 will include none of the original. It
1507 is recommended to set this to 0 in mm_cfg.py to minimize the effects of
1508 backscatter. Bug #265835.
1509
1510 - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added
1511 to control the default for respond_to_post_requests for new lists. It is
1512 set to Yes for backwards compatibility, but it is recommended that
1513 serious consideration be given to setting it to No. Bug #266051.
1514
1515 - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to
1516 control whether a message to the -request address without any commands or
1517 a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP
1518 is responded to or just logged. It defaults to Yes which is different
1519 from prior behavior. Bug #410236.
1520
1521 - Two new mm_cfg.py settings, BROKEN_BROWSER_WORKAROUND and
1522 BROKEN_BROWSER_REPLACEMENTS, have been added to control escaping of
1523 additional characters beyond the standard <, >, &, and " in the web UI.
1524 See the documentation of these settings in Defaults.py. The default
1525 values for these settings result in no change from the prior release.
1526 Bug #774588.
1527
1528 i18n
1529
1530 - Added some missing German templates from Egon Frerich.
1531
1532 - Added Greek translation from Antonis Limperis.
1533
1534 - A few errors in the Basque translation are fixed. Bug #836861.
1535
1536 - Fixed a misspelling in the German invite.txt template. Bug #815444.
1537
1538 - Fixed a missing format character in the Spanish translation.
1539 Bug #670988.
1540
1541 - Thanks go to the following for updating translations for the changes in
1542 this release.
1543 Thijs Kinkhorst
1544 Stefan Förster
1545 Fabian Wenk
1546
1547 Bug Fixes and other patches
1548
1549 - Fixed a bug that could send an admin notice of a held subscription with
1550 the subject in the user's preferred language instead of the list's
1551 preferred language and possibly not properly RFC 2047 encoded.
1552 (LP: #998949)
1553
1554 - Fixed a possible CPU bound loop in OutgoingRunner if the attempt to
1555 Connect to the SMTP server throws a socket.error. (LP: #966531)
1556
1557 - Fixed a potential crash in the web UI if a language is removed from the
1558 LC_DESCRIPTIONS dictionary. (LP: #966565)
1559
1560 - Added an Auto-Submitted: header to invitations and (un)subscription
1561 confirmation requests to reduce the possibility of an autoresponder
1562 confirming the request. (LP: #265831)
1563
1564 - Added javascript to the private.html and admlogin.html templates to
1565 focus the cursor on the entry field. (LP: #266054)
1566
1567 - Added CPPFLAGS and LDFLAGS to src/Makefile to support their use.
1568 (LP: #637652)
1569
1570 - Stopped removing the trailing slash from the List-Archive: header URL.
1571 (LP: #964190)
1572
1573 - A configured version of contrib/courier-to-mailman.py is now created in
1574 build/contrib/courier-to-mailman.py. (LP: #999250)
1575
1576 - Subscription disabled warnings are now sent without a Precedence:
1577 header. Bug #808821.
1578
1579 - Backported 2.2 branch fix for a problem in SpamDetect.py that could
1580 cause header_filter_rules to fail to match RFC 2047 encoded headers.
1581
1582 - Fix for bug #629738 could cause a crash in the admindb details display
1583 if the decoded message body contained characters not in the character
1584 set of the list's preferred language. Fixed. Bug #910440.
1585
1586 - Added recognition for another Qmail bounce format.
1587
1588 - Fixed an erroneous seek in the Mailman.Mailbox.Mailbox.AppendMessage
1589 method that could cause a corrupt mailbox for files opened 'w+'.
1590 Bug #901957.
1591
1592 - A held message with a null sender caused a crash in the admindb
1593 interface. This is fixed by changing the sender to <missing>.
1594 Bug #897103.
1595
1596 - Changed subject prefixing to allow for possible whitespace between an
1597 'Re' and the following colon when determining how to add the prefix.
1598 Bug #893290.
1599
1600 - Fixed a problem where topics regexps would not match RFC 2047 encoded
1601 Keywords: and/or Subject: headers. Bug #891676.
1602
1603 - Fixed misleading response to an email approval of a held message.
1604 Bug #889968.
1605
1606 - Added masthead.txt to the list of templates that can be edited via the
1607 web admin interface. Bug #266805.
1608
1609 - Changed the way digest_footer is added to the RFC 1153 (plain) format
1610 digest for RFC compliance. Bug #887610.
1611
1612 - Fixed cron/checkdbs to report unsubscriptions waiting approval.
1613 Bug #873821.
1614
1615 - The fix for BUG #266220 (sf1181161) has been enhanced so that if there
1616 is a pathological HTML part such that the Approved: password text isn't
1617 found, but it is found after stripping out HTML tags, the post is
1618 rejected with an informative message.
1619
1620 - A bug that would cause reset of any new_member_options bits other than
1621 the four displayed as checkboxes on the list admin General Options page
1622 whenever the page was updated or bin/config_list attempted to update
1623 new_member_options has been fixed. Bug #865825.
1624
1625 - A problem with the logic avoiding unnecessarily reloading a current list
1626 object from the config.pck arises if the list is updated by another
1627 process within the same second that it was last read/written. That can
1628 cause the reading of latest version of the list to be skipped. This has
1629 been fixed. Bug #862675.
1630
1631 - Fixed bin/export.py to accept case insensitive password schemes.
1632 Bug #833134.
1633
1634 - Added Tokio Kikuchi's icons to the misc/ and installed icons/
1635 directories. Bug #782474.
1636
1637 - Fixed a problem which could result in raw, undecoded message bodies
1638 appearing in plain digests and archives. Bug #787790.
1639
1640 - Fixed a problem in admindb.py where the character set for the display of
1641 the message body excerpt was not correctly determined. Bug #779751.
1642
1643 - Prevented setting user passwords with leading/trailing whitespace.
1644 Bug #778088.
1645
1646 - Mailman now sets the 'secure' flag in cookies set via https URLs.
1647 Bug #770377.
1648
1649 - Added a logout link to the admindb interface and made both admin and
1650 admindb logout effective for a site admin cookie if allowed.
1651 Bug #769318.
1652
1653 - Replaced the old Mailman logos and icon that install to Mailman's icons
1654 directory with the new ones. If you copy these elsewhere on your
1655 server, please copy these new ones.
1656
1657 - Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when
1658 MTA = 'Postfix'. Bug #266408.
1659
1660 - Added a report of the affected members to the warnings issued when
1661 setting a list with digest members digestable=No and when setting a list
1662 with non-digest members nondigestable=no. Bug #761232.
1663
1664 - Fixed a problem where content filtering could remove the headers from
1665 an attached message/rfc822 part if the message in that part is
1666 multipart/alternative and collapse_alternatives is Yes. Bug #757062.
1667
1668 - Changed the subscribe CGI to strip leading and trailing whitespace from
1669 the supplied email address. Bug #745432.
1670
1671 - Changed the maximum number of arguments for the who command to be
1672 considered administrivia from 2 to 1 to help avoid false positives.
1673 Bug #739524.
1674
1675 - Added the list name as 'display-name' in added Sender: headers to help
1676 mitigate Outlook et al 'on behalf of' displays. Bug #736849.
1677
1678 - Fixed a typo in the usage() definition cron/gate_news. Bug #721015.
1679
1680 - Fixed an uncaught KeyError when poster tries to cancel a post which was
1681 already handled. Bug #266224.
1682
1683 - Held message user notifications now come From: list-owner instead of
1684 list-bounces. Bug #714424.
1685
1686 - Issue an HTTP 404 status for private archive file not found.
1687
1688 - @listname entries in *_these_nonmembers are no longer case sensitive.
1689 Bug #705715.
1690
1691 - Changed bin/rmlist to also remove heldmsg files for the removed list and
1692 fixed a problem with removal of stale locks for the list. Bug #700528.
1693
1694 - Fixed a bug where content filtering could leave a multipart message or
1695 part with just one sub-part. These should be recast to just the sub-part.
1696 Bug #701558.
1697
1698 - Fixed a bug that could erroneously handle posts from addresses in
1699 *_these_nonmembers and send held/rejected notices to bogus addresses when
1700 The From or other sender header is RFC 2047 encoded. Bug #702516.
1701
1702 - Updated contrib/mm-handler-2.1.10 to better handle lists with names that
1703 look like admin addresses. Bug #697161.
1704
1705 - Added bounce recognition for a bogus Dovecot MDN. Bug #693134.
1706
1707 - Fixed a problem where an emailed command in the Subject: header with a
1708 non-ascii l10n of an 'Re:' prefix is ignored. Bug #685261.
1709
1710 - Fixed a problem with approving a post by email when the body of the
1711 approval mail is base64 encoded. Bug #677115.
1712
1713 - Fixed the host name in the From: address of the owner notification from
1714 bin/add_members. Bug #666181.
1715
1716 2.1.14 (20-Sep-2010)
1717
1718 Security
1719
1720 - Two potential XSS vulnerabilities have been identified and fixed.
1721
1722 New Features
1723
1724 - A new feature for controlling the addition/replacement of the Sender:
1725 header in outgoing mail has been implemented. This allows a list owner
1726 to set include_sender_header on the list's General Options page in the
1727 admin GUI. The default for this setting is Yes which preserves the prior
1728 behavior of removing any pre-existing Sender: and setting it to the
1729 list's -bounces address. Setting this to No stops Mailman from adding or
1730 modifying the Sender: at all.
1731
1732 Additionally, there is a new Defaults.py/mm_cfg.py setting
1733 ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No
1734 to remove the include_sender_header setting from General Options, and
1735 thus preserve the prior behavior completely.
1736
1737 - Bounce processing has been enhanced so that if a bounce is returned to a
1738 list from a non-member who is a member of a regular_include_list, the
1739 bounce will be processed as a bounce for the included list.
1740
1741 i18n
1742
1743 - Fixed a missing format character in the German bin/mailmanctl docstring.
1744
1745 - Updated Dutch translation from Jan Veuger.
1746
1747 - Updated Japanese Translation from Tokio Kikuchi.
1748
1749 - Updated Finnish translation from Joni Töyrylä.
1750
1751 - Made a few corrections to some Polish templates. Bug #566731.
1752
1753 - Made a minor change to the Chinese (China) message catalog. Bug #545772.
1754
1755 - Changed a few DOCTYPE directives in templates for compliance.
1756 Bug #500952 and Bug #500955.
1757
1758 Bug Fixes and other patches
1759
1760 - Made minor wording improvements and typo corrections in some messages.
1761 Bug #426979.
1762
1763 - Fixed i18n._() to catch exceptions due to bad formats. Bug #632660.
1764
1765 - Fixed admindb interface to decode base64 and quoted-printable encoded
1766 message body excerpts for display. Bug #629738.
1767
1768 - Fixed web CGI tracebacks to properly report sys.path. Bug #615114.
1769
1770 - Changed the member options login page unsubscribe request to include the
1771 requesters IP address in the confirmation request. Bug #610527.
1772
1773 - Changed fix_url to lock the list if not locked. Bug #610364.
1774
1775 - Made a minor change to the English subscribeack.txt (welcome message)
1776 template to emphasize that a password is only required to unsubscribe
1777 *without confirmation*.
1778
1779 - Fixed an issue in admindb that could result in a KeyError and "we hit a
1780 bug" response when a moderator acts on a post that had been handled by
1781 someone else after the first moderator had retrieved it. Bug #598671.
1782
1783 - Fixed a bug which would fail to show a list on the admin and listinfo
1784 overview pages if its web_page_url contained a :port. Bug # 597741.
1785
1786 - Fixed bin/genaliases to not throw TypeError when MTA = None.
1787 Bug #587657.
1788
1789 - Provided the ability to specify in mm_cfg.py a local domain (e.g.
1790 'localhost') for the local addresses in the generated virtual-mailman
1791 when MTA = 'Postfix'. See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py.
1792 Bug #328907.
1793
1794 - Made a minor change to the removal of an Approved: pseudo-header from
1795 a text/html alternative to allow for an inserted '\xA0' before the
1796 password.
1797
1798 - Fixed Content Filtering collapse_alternatives to work on deeply nested
1799 multipart/alternative parts. Bug #576675.
1800
1801 - We now accept/remove X-Approved: and X-Approve: headers in addition to
1802 Approved: and Approve: for pre-approving posts. Bug #557750.
1803
1804 - Reordered the 'cancel' and 'subscribe' buttons on the subscription
1805 confirmation web page so the default action upon 'enter' will be the
1806 subscribe button in browsers that pick the first button. Bug #530654.
1807
1808 - Fixed a bug in the admindb interface that could apply a moderator
1809 action to a message not displayed. Bug #533468.
1810
1811 - Added a traceback to the log message produced when processing the
1812 digest.mbox throws an exception.
1813
1814 - Added a urlhost argument to the MailList.MailList.Create() method to
1815 allow bin/newlist and the the create CGI to pass urlhost so the host
1816 will be correct in the listinfo link on the emptyarchive page.
1817 Bug #529100.
1818
1819 - Added the List-Post header to the default list of headers retained in
1820 messages in the MIME digest. Bug #526143.
1821
1822 - When daemonizing mailmanctl, we now ensure terminal files are closed.
1823
1824 - Fixed a bug in pipermail archiving that caused fallback threading by
1825 subject to fail. Bug #266572.
1826
1827 - We now give an HTTP 401 status for authentication failures from admin,
1828 admindb, private, options and roster CGIs, and an HTTP 404 status from
1829 all the CGIs for an invalid list name.
1830
1831 - Backported the listinfo template change from the 2.2 branch to fix
1832 Bug #514050.
1833
1834 - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL
1835 would result in a munged URL if authentication was required. Bug #266164.
1836
1837 - Fixed a bug where check_perms would throw an OSError if an entry in
1838 Mailman's lists/ directory was not a directory. Bug #265613.
1839
1840 - Fixed a bug where a message with an Approved: header held by a handler
1841 that precedes Approve (SpamDetect by default) would not have the
1842 Approved: header removed if the held message was approved. Bug #501739.
1843
1844 2.1.13 (22-Dec-2009)
1845
1846 i18n
1847
1848 - Updated Dutch message catalog from Jan Veuger.
1849
1850 - Added Asturian translation from Marcos Costales and the Asturian
1851 Language Team.
1852
1853 Bug Fixes and other patches
1854
1855 - Added "white-space: pre-wrap" style for <pre> tag in archives.
1856 Bug #266467.
1857
1858 - Added vette logging for rejected and discarded (un)subscribe requests.
1859
1860 - Fixed a bug in admindb.py that could erroneously discard an unsubscribe
1861 request as a duplicate.
1862
1863 - Decoded RFC 2047 encoded message subjects for a few reports.
1864 Bug #266428.
1865
1866 - Fixed the French, Spanish and Hebrew translations which improperly
1867 translated the 'coding:' line in bin/config_list output.
1868
1869 - Fixed the auto-responder to treat messages to -confirm, -join, -leave,
1870 -subscribe and -unsubscribe as requests rather than posts. Bug #427962.
1871
1872 - Configure/make no longer builds Japanese and Korean codecs in
1873 pythonlib if Python already has them.
1874
1875 - Inadvertently setting a null site or list password allowed access
1876 to a list's web admin interface without authentication. Fixed by
1877 not accepting null passwords.
1878
1879 - Changed VERP_CONFIRM_REGEXP in Defaults.py to work if the replying
1880 MUA folds the To: header and in cases where the list name includes '+'.
1881
1882 - Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.
1883
1884 - Replies to commands sent to list-request now come From: list-owner
1885 instead of list-bounces.
1886
1887 - Mailman no longer folds long sub-part headers in multipart messages.
1888 In addition, Mailman no longer escapes From_ lines in the body of
1889 messages sent to regular list members, although MTA's may do it anyway.
1890 This is to avoid breaking signatures per Bug #265967.
1891
1892 - XSS protection in the web interface went too far in escaping HTML
1893 entities. Fixed.
1894
1895 - Removed or anonymized additional headers in posts to anonymous lists.
1896
1897 - Fixed a bug that could cause incorrect threading of replies to archived
1898 messages that arrive with timestamps in the same second.
1899
1900 - Scrubbed HTML attachments containing tab characters would get the tabs
1901 replaced by a string of ' ' without a semicolon. Fixed.
1902
1903 - Caught a TypeError in content filtering, collapse alternatives that
1904 occurred with a malformed message if a multipart/alternative part
1905 wasn't multi-part. Reported in comments to bug #266230.
1906
1907 - Fixed a few things in bin/update:
1908 - Changed some old messages for more current meaning.
1909 - Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
1910 - Fixed 2.0.x template migration to not die if the templates/ tree
1911 contains subdirectories from a version control system.
1912
1913 - Fixed a bug that would show a list on the admin and listinfo overview
1914 pages if its web_page_url host contained the current host as a
1915 substring. Bug #342162.
1916
1917 - Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
1918 if the string contained an HTML entity > 255 and also characters in the
1919 128-255 range. Bug #341594.
1920
1921 - Added recognition for more bounces.
1922
1923 - Updated contrib/mmdsr to report preserved messages and to use mktemp to
1924 create temp files.
1925
1926 2.1.12 (23-Feb-2009)
1927
1928 Bug fixes and other patches
1929
1930 - Fix compatibility with Python 2.6.
1931
1932 - Fixed a bug in admin.py which would result in chunked pages of the
1933 membership list for members whose address begins with a non-alphanumeric
1934 character to not be visible or retrievable.
1935
1936 - Changed ListAdmin.py to make rejected post messages From: the -owner
1937 address instead of the -bounces address.
1938
1939 - With MTA = 'Postfix', if the STANZA END for a list being removed is
1940 missing or munged, the remainder of the aliases and/or virtual-mailman
1941 file is lost. Fixed.
1942
1943 - Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
1944 requests have not been migrated properly. This is fixed.
1945 Bug #266106 (sf998384).
1946
1947 - Changed cron/gate_news to continue processing the remaining lists on
1948 certain errors that can be caused by configuration of a particular list.
1949 Bug #265941 (sf775100).
1950
1951 - Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
1952 in the To: or Cc: header differed in case from the case-preserved member
1953 address. Bug #297795.
1954
1955 - Fixed a problem in SecurityManager that caused it to not find the
1956 cookie when CheckCookie was not given a user and the user in the cookie
1957 had a %xx encoded character. Bug # 299220.
1958
1959 - Fixed a minor fromusenet reporting issue in the contributed mmdsr
1960 script.
1961
1962 - Fixed a minor issue in cron/gate_news that could cause a list's
1963 watermark to not be completely updated.
1964
1965 - Fixed an issue that prevented editing the options.html template from
1966 the web admin interface. SF Bug #2164798.
1967
1968 - Fixed a problem in Decorate which could throw a TypeError on conversion
1969 to unicode of a header/footer that was already unicode because of
1970 interpolating a unicode value.
1971
1972 - Fixed an issue where list creation would report bad owner email
1973 instead of bad listname when the list name had non-ascii characters.
1974 SF Bug #2126489.
1975
1976 - Fixed an issue where in some circumstances HyperArch.py would translate
1977 ' at ' into the wrong language ultimately throwing a UnicodeDecodeError
1978 when the translation was decoded with a different character set.
1979 Bug #308152.
1980
1981 - Corrected a typo in Mailman/Gui/Privacy.py. Bug #309757.
1982
1983 - Changed the pattern used to recognize URLs in messages for the pipermail
1984 archive in order to try to do a better job of making hyperlinks.
1985 Bug #310124.
1986
1987 - Added missing --bare option to French translation of list_lists help.
1988 Bug #312119.
1989
1990 - Fixed a long standing error that stopped relative hrefs from being
1991 generated for links on Mailman's web pages.
1992
1993 - Changed the admindb interface so that when messages are rejected from
1994 the summary page, the reject reason is the rejection message from the
1995 Errors.HoldMessage subclass instead of the generic "No reason given".
1996
1997 - Fixed the admin Membership List Find member function so the 'letter'
1998 links to a chunked result would still be limited to the Find member
1999 search. SF patch #1532081.
2000
2001 - Changed scripts/driver to return a 405 status for non GET, POST, HEAD
2002 methods. SF patch #1578756.
2003
2004 - Fixed a bug in admindb.py in the implementation of replacing "No Reason
2005 Given" with the default rejection reason. Bug #325016.
2006
2007 - Changed Gui/Topics.py to validate regexps in VERBOSE mode. Bug #327008.
2008
2009 - Worked around a potential problem in HyperArch.py with unicode character
2010 set arguments. Bug #328353.
2011
2012 - Recognize a couple more bounces.
2013
2014 - Fixed a bug introduced in 2.1.11 which would attempt to store bounce info
2015 for a member just deleted if bounce_you_are_disabled_warnings is zero.
2016
2017 i18n
2018
2019 - Updated Dutch, Catalan and Polish translations.
2020
2021 Miscellaneous
2022
2023 - Added Lindsay Haisley's courier_to_mailman.py to the contrib directory.
2024
2025 - Added John Dennis' (RedHat) FHS patch to the contrib directory.
2026
2027 2.1.11 (30-Jun-2008)
2028
2029 New Features
2030
2031 - Added a new cron/cull_bad_shunt script to cull and optionally
2032 archive old entries from the bad and shunt queues. This is controlled
2033 by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default
2034 7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine
2035 how long to keep bad and shunt queue entries and optionally, where to
2036 archive removed entries.
2037
2038 - Prepended list name to bounce log unrecognized bounce messages.
2039
2040 - Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
2041 with default value '[-+_.=a-z0-9]'. This Python regular expression
2042 character class specifies the characters allowed in list names. The
2043 motivation for this is the fact that previously, a list named, e.g.,
2044 xxx&yyy could be created and MTA aliases generated that would cause
2045 The MTA to execute yyy as a command. There is a possible security issue
2046 here, but it is not believed to be exploitable in any meaningful way.
2047
2048 Bug fixes and other patches
2049
2050 - Changed the preservation of unparseable messages to be conditional on
2051 the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and
2052 changed the queue directory in which messages are preserved from 'shunt'
2053 to 'bad'.
2054
2055 - Fixed a bug introduced in 2.1.10 that caused some email subscribe
2056 requests to be shunted (1966837).
2057
2058 - Fixed a problem with bin/update erroneously moving templates from
2059 templates/xx to lists/xx if a list has the same name as a language
2060 code. Also fixed the absolute path to lists/ (1418670 ).
2061
2062 - Changed Utils.ValidateEmail to not allow specials (particularly ':')
2063 in unquoted local parts (1956393).
2064
2065 - Changed bin/update to remove .bak files erroneously left behind in
2066 qfiles/*/ by a 2.1.9 bug.
2067
2068 - Added 's' to %(listname) in templates/ia/admlogin.html and
2069 templates/sl/help.txt (1682990).
2070
2071 - Use newer template variable for site-owner address in
2072 templates/ko/newlist.txt and templates/ru/newlist.txt (1578766).
2073
2074 - Corrections to Spanish translation submitted by Wikimedia Foundation
2075 (1433262) and Debian.
2076
2077 - Corrections to German translation submitted by Ralf Doeblitz (916196).
2078
2079 - Correction to French translation submitted by Maxime Carron (1588617).
2080
2081 - Correction to Portuguese translation submitted by Gabriel P. Silva
2082 (1733057).
2083
2084 - Add #! line to fblast.py test script (1578740).
2085
2086 - Fixed unescaped '%' in templates/nl/newlist.txt (1719017).
2087
2088 - Changed non-ascii characters in some templates/*/*.html files to HTML
2089 entities.
2090
2091 - Fixed a problem in Decorate.py that could result in a multipart
2092 message with no part headers for the original body part (1991348).
2093
2094 - Improved recognition of some bounce messages.
2095
2096 - Rearranged calls to the list setBounceInfo() method in Bouncer.py
2097 to accommodate MemberAdaptors that store bounce info outside the
2098 list instance.
2099
2100 - Fixed CookHeaders.py which in some cases with new style prefixing
2101 would insert an extra space between the prefix and the subject.
2102
2103 - Changed OldStyleMemberships.py to remove the member from one_last_digest
2104 when changing from regular to digest delivery to avoid the possibility
2105 of a duplicate digest in some circumstances.
2106
2107 - Patched Danish message catalog for proper use of HTML entities per
2108 Jonas Smedegaard (1999966).
2109
2110 - Improved bounce loop detection and handling in BounceRunner.py.
2111
2112 - Merged the Catalan i18n from the Mailman Catalan Translation Team.
2113
2114 - German translation updated by Peer Heinlein.
2115
2116 - Added check for gateway_to_news before holding for ModeratedNewsgroup.
2117
2118 - At some point, cron/senddigests and bin/update were inadvertently
2119 'preconfigured'. This has been fixed.
2120
2121 - Brazilian Portuguese translation updated by Diego Francisco
2122 de Gastal Morales.
2123
2124 - Added 'listname' to the replacements for the archidxfoot.html template.
2125
2126 Miscellaneous
2127
2128 - Brad Knowles' mailman daily status report script updated to 0.0.18.
2129
2130 2.1.10 (21-Apr-2008)
2131
2132 Security
2133
2134 - The 2.1.9 fixes for CVE-2006-3636 were not complete. In particular,
2135 some potential cross-site scripting attacks were not detected in
2136 editing templates and updating the list's info attribute via the web
2137 admin interface. This has been assigned CVE-2008-0564 and has been
2138 fixed. Thanks again to Moritz Naumann for assistance with this.
2139
2140 - There is a new mm_cfg.py/Defaults.py variable
2141 OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list
2142 owner can change a member's password from the member's options page.
2143 This defaults to No and should be changed to Yes only if list owners
2144 are trusted to not change a member's password, log in as the member
2145 and make global membership changes.
2146
2147 New Features
2148
2149 - Changed cmd_who.py to list all members if authorization is with the
2150 list's admin or moderator password and to accept the password if the
2151 roster is public. Also changed the web roster to show hidden members
2152 when authorization is by site or list's admin or moderator password
2153 (1587651).
2154
2155 - Added the ability to put a list name in accept_these_nonmembers
2156 to accept posts from members of that list (1220144).
2157
2158 - Added a new 'sibling list' feature to exclude members of another list
2159 from receiving a post from this list if the other list is in the To: or
2160 Cc: of the post or to include members of the other list if that list is
2161 not in the To: or Cc: of the post (Patch ID 1347962).
2162
2163 - Added the admin_member_chunksize attribute to the admin General Options
2164 interface (Bug 1072002, Partial RFE 782436).
2165
2166 Internationalization
2167
2168 - Added the Hebrew translation from Dov Zamir. This includes addition of
2169 a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table. The
2170 add_language() function defaults direction to 'ltr' to not break
2171 existing mm_cfg.py files.
2172
2173 - Added the Slovak translation from Martin Matuska.
2174
2175 - Added the Galician translation from Frco. Javier Rial Rodríguez.
2176
2177 Bug fixes and other patches
2178
2179 - Added bounce recognition for several additional bounce formats.
2180
2181 - Fixed CommandRunner.py to decode a quoted-printable or base64 encoded
2182 message part (1829061).
2183
2184 - Fixed Scrubber.py to avoid loss of an implicit text/plain message part
2185 with no Content-* headers in a MIME multipart message (759841). Fixed
2186 several other minor scrubber issues (1242450).
2187
2188 - Added Date and Message-ID headers to the confirm reply message that
2189 Mailman adds to the admin notification (1471318).
2190
2191 - Fixed Cgi/options.py to not present the "empty" topic to user.
2192
2193 - Fixed Handlers/CalcRecips.py to not process topics if topics are
2194 disabled for the list. This caused users who had previously subscribed
2195 to topics and elected to not receive non-matching posts to receive no
2196 messages after topics were disabled for the list.
2197
2198 - Fixed MaildirRunner.py to handle hyphenated list names.
2199
2200 - Fixed a bug in MimeDel.py (content filtering) which caused
2201 *_filename_extensions to not match if the extension in the message was
2202 not all lower case.
2203
2204 - Fixed versions.py to not call a non-existant method when converting held
2205 posts from Mailman 1.0.x lists.
2206
2207 - Added a test to configure to detect a missing python-devel package on
2208 some RedHat systems.
2209
2210 - Fixed bin/dumpdb to once again be able to dump marshals (broken since
2211 2.1.5) (963137).
2212
2213 - Worked around a bug in the Python email library that could cause Mailman
2214 to not get the correct value for the sender of a message from an RFC
2215 2231 encoded header causing spurious held messages.
2216
2217 - Fixed bin/check_perms to detect certain missing permissions on the
2218 archives/private/ and archives/private/<list>/database/ directories.
2219
2220 - Improved exception handling in cron/senddigests.
2221
2222 - Changed the admindb page to not show the "Discard all messages marked
2223 Defer" checkbox when there are only (un)subscribes and no held messages.
2224 Also added a separator and heading for "Held Messages" like the ones for
2225 "Subscribe Requests" and "Unsubscribe Requests". Suppressed the
2226 "Database Updated" message when coming from the login page. Also
2227 removed the "Discard all messages marked Defer" checkbox from the
2228 details page where it didn't work (1562922, 1000699).
2229
2230 - Fixed admin.py so null VARHELP category is handled (1573393).
2231
2232 - Fixed OldStyleMemberships.py to preserve delivery statuses BYADMIN
2233 and BYUSER on a straight change of address (1642388). Also fixed a
2234 bug that could result in a member key with uppercase in the domain.
2235
2236 - Fixed bin/withlist so that -r can take a full package path to a
2237 callable.
2238
2239 - Removal of DomainKey/DKIM signatures is now controlled by Defaults.py
2240 mm_cfg.py variable REMOVE_DKIM_HEADERS (default = No). Also, if
2241 REMOVE_DKIM_HEADERS = Yes, an Authentication-Results: header will be
2242 removed if present.
2243
2244 - The DeprecationWarning issued by Python 2.5 regarding string exceptions
2245 is supressed.
2246
2247 - format=flowed and delsp=yes are now preserved for message bodies when
2248 message headers/footers are added and attachments are scrubbed
2249 (1495122).
2250
2251 - Queue runner processing is improved to log and preserve for analysis in
2252 the shunt queue certain bad queue entries that were previously logged
2253 but lost. Also, entries are preserved when an attempt to shunt throws
2254 an exception (1656289).
2255
2256 - The admin Membership List pages have been changed in that the email
2257 address which forms a part of the various CGI data keys is now
2258 urllib.quote()ed. This allows changing options for and unsubbing an
2259 address which contains a double-quote character, but it may require
2260 changes to scripts that screen-scrape the web admin interface to
2261 produce a membership list so they will report an unquoted address.
2262
2263 - The fix for bug 1181161 in 2.1.7 was incomplete. The Approve(d): line
2264 wasn't always found in quoted-printable encoded parts and was never
2265 found in base64 encoded parts. This is now fixed.
2266
2267 - Fixed a mail loop if a list owner puts the list's -bounces or -admin
2268 address in the list's owner attribute (1834569).
2269
2270 - Fixed the mailto: link in archived messages to prefix the subject with
2271 Re: and to put the correct message-id in In-Reply-To (1621278, 1834281).
2272
2273 - Coerced list name arguments to lower case in the change_pw, inject,
2274 list_admins and list_owners command line tools (patch 1842412).
2275
2276 - Fixed cron/disabled to test if bounce info is stale before disabling
2277 a member when the threshold has been reduced.
2278
2279 - It wasn't noted here, but in 2.1.9, queue runner processing was made
2280 more robust by making backups of queue entries when they were dequeued
2281 so they could be recovered in the event of a system failure. This
2282 opened the possibility that if a message itself caused a runner to
2283 crash, a loop could result that would endlessly reprocess the message.
2284 This has now been fixed by adding a dequeue count to the entry and
2285 moving the entry aside and logging the fact after the third dequeue of
2286 the same entry.
2287
2288 - Fixed the command line scripts add_members, sync_members and
2289 clone_member to properly handle banned addresses (1904737).
2290
2291 - Fixed bin/newlist to add the list's preferred language to the list's
2292 available_languages if it is other than the server's default language
2293 (1906368).
2294
2295 - Changed the first URL in the RFC 2369 List-Unsubscribe: header to go
2296 to the options login page instead of the listinfo page.
2297
2298 - Changed the options login page to not issue the "No address given" error
2299 when coming from the List-Unsubscribe and other direct links. Also
2300 changed to remember the user's language selection when redisplaying the
2301 page following an error.
2302
2303 - Changed cmd_subscribe.py to properly accept (no)digest without a
2304 password and to recognize (no)digest and address= case insensitively.
2305
2306 - Fixed a problem where GuiBase._getValidValue() would truncate a
2307 floating point Number type to an int if the value was a float instead
2308 of a numeric string. This affected setting floating point values with
2309 config_list.
2310
2311 Miscellaneous
2312
2313 - Brad Knowles' mailman daily status report script updated to 0.0.17.
2314
2315 - An updated mm-handler (mm-handler-2.1.10) that can help reduce
2316 backscatter has been added to the contrib directory.
2317
2318 2.1.9 (12-Sep-2006)
2319
2320 Security
2321
2322 - A malicious user could visit a specially crafted URI and inject an
2323 apparent log message into Mailman's error log which might induce an
2324 unsuspecting administrator to visit a phishing site. This has been
2325 blocked. Thanks to Moritz Naumann for its discovery.
2326
2327 - Fixed denial of service attack which can be caused by some
2328 standards-breaking RFC 2231 formatted headers. CVE-2006-2941.
2329
2330 - Several cross-site scripting issues have been fixed. Thanks to Moritz
2331 Naumann for their discovery. CVE-2006-3636
2332
2333 - Fixed an unexploitable format string vulnerability. Discovery and fix
2334 by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze.
2335 Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
2336
2337 Internationalization
2338
2339 - New languages: Arabic, Vietnamese.
2340
2341 Bug fixes and other patches
2342
2343 - Fixed Decorate.py so that characters in message header/footer which
2344 are not in the character set of the list's language are ignored rather
2345 than causing shunted messages (1507248).
2346
2347 - Switchboard.py - Closed very tiny holes at the upper ends of queue
2348 slices that could result in unprocessable queue entries. Improved FIFO
2349 processing when two queue entries have the same timestamp.
2350
2351 2.1.8 (15-Apr-2006)
2352
2353 Security
2354
2355 - A cross-site scripting hole in the private archive script of 2.1.7
2356 has been closed. Thanks to Moritz Naumann for its discovery.
2357
2358 Bug fixes and other patches
2359
2360 - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
2361 and several others.
2362
2363 - Updated email library to 2.5.7 which will encode payload into qp/base64
2364 upon setting. This enabled backing out the scrubber related patches
2365 including 'X-Mailman-Scrubbed' header in 2.1.7.
2366
2367 - Fix SpamDetect.py potential hold/reject loop problem.
2368
2369 - A warning message from email package to the stderr can cause error
2370 in Logging because stderr may be detached from the process during
2371 the qrunner run. We chose not to output errors to stderr but to
2372 the logs/error if the process is running under mailmanctl subprocess.
2373
2374 - DKIM header cleansing was separated from Cleanse.py and added to
2375 -owner messages too.
2376
2377 - Fixes: Lose Topics when go directly to topics URL (1194419).
2378 UnicodeError running bin/arch (1395683). edithtml.py missing import
2379 (1400128). Bad escape in cleanarch. Wrong timezone in list archive
2380 index pages (1433673). bin/arch fails with TypeError (1430236).
2381 Subscription fails with some Language combinations (1435722).
2382 Postfix delayed notification not recognized (863989). 2.1.7 (VERP)
2383 mistakes delay notice for bounce (1421285). show_qfiles: 'str'
2384 object has no attribute 'as_string' (1444447). Utils.get_domain()
2385 wrong if VIRTUAL_HOST_OVERVIEW off (1275856).
2386
2387 Miscellaneous
2388
2389 - Brad Knowles' mailman daily status report script updated to 0.0.16.
2390
2391 2.1.7 (31-Dec-2005)
2392
2393 Security
2394
2395 - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
2396 message instead of just quietly dropping ./ and ../ from URLs.
2397
2398 - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
2399 been solved in Mailman 2.1.6, there may be more cases where
2400 ToDigest.send_digests() can block regular delivery. We put the
2401 send_digests() calling part in a try/except clause and leave a message
2402 in the error log if something happened in send_digests(). Daily call of
2403 cron/senddigests will provide more detail to the site administrator.
2404
2405 - List administrators can no longer change the user's option/subscription
2406 globally. Site admin can change these only if
2407 mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
2408
2409 - <script> tags are HTML-escaped in the edithtml CGI script.
2410
2411 - Since the probe message for disabled users may reach unintended
2412 recipients, the password is excluded from sendProbe() and probe.txt.
2413 Note that the default value of VERP_PROBE has been set to `No' from
2414 2.1.6., thus this change doesn't affect the default behavior.
2415
2416 New Features
2417
2418 - Always remove DomainKey (and similar) headers from messages sent to the
2419 list. (1287546)
2420
2421 - List owners can control the content filter behavior when collapsing
2422 multipart/alternative parts to its first subpart. This allows the
2423 option of letting the HTML part pass through after other content
2424 filtering is done.
2425
2426 Internationalization
2427
2428 - New language: Interlingua.
2429
2430 Bug fixes and other patches
2431
2432 - Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True for
2433 safer operation.
2434
2435 - Fixed the bug where Scrubber.py munges quoted-printable by introducing
2436 the 'X-Mailman-Scrubbed' header which marks that the payload is
2437 scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
2438 Decorate.py and Archiver. A similar problem in ToDigest.py where the
2439 plain digest is generated is also fixed.
2440
2441 - Fixed Syslog.py to write quopri encoded messages when it fail to write
2442 8-bit characters.
2443
2444 - Fixed MTA/Postfix.py to check aliases group permission in check_perms
2445 and fixed mailman-install document on this matter (1378270).
2446
2447 - Fixed private.py to go to the original URL after authorization
2448 (1080943).
2449
2450 - Fixed bounce log score messages to be more consistent.
2451
2452 - Fixed bin/remove_members to accept no arguments when both --fromall and
2453 --file= options are specified.
2454
2455 - Changed cgi-bin and mail wrapper "group not found" error message to be
2456 more descriptive of the actual problem.
2457
2458 - The list's ban_list now applies to address changes, admin mass
2459 subscribes and invites, and to confirmations/approvals of address
2460 changes, subscriptions and invitations.
2461
2462 - quoted-printable and base64 encoded parts are decoded before passing to
2463 HTML_TO_PLAIN_TEXT_COMMAND (1367783).
2464
2465 - Approve: header is removed from posts, and treated the same as the
2466 Approved: header. (1355707)
2467
2468 - Fixed the removal of the line following Approve[d]: line in body of
2469 post. (1318883)
2470
2471 - The Approve[d]: <password> header is removed from all text/* parts in
2472 addition the initial text/plain part. It must still be the first
2473 non-blank line in the first text/plain part or it won't be found or
2474 removed at all. (1181161)
2475
2476 - Posts are now logged in post log file with the true sender, not
2477 listname-bounces. (1287921)
2478
2479 - Correctly initialize and remember the list's default_member_moderation
2480 attribute in the web list creation page. (1263213)
2481
2482 - PEP263 charset is added to the config_list output. (1343100)
2483
2484 - Fixed header_filter_rules getting lost if accessed directly and
2485 authentication was needed by login page. (1230865)
2486
2487 - Obscure email when the poster doesn't set full name in 'From:' header.
2488
2489 - Preambles and epilogues are taken into account when calculating message
2490 sizes for holding purposes. (Mark Sapiro)
2491
2492 - Logging/Logger.py unicode transform option. (1235567)
2493
2494 - bin/update crashes with bogus files. (949117)
2495
2496 - Bugs and patches: 1212066/1301983 (Date header in create/remove notice)
2497
2498 2.1.6 (30-May-2005)
2499
2500 Security
2501
2502 - Critical security patch for path traversal vulnerability in private
2503 archive script (CAN-2005-0202).
2504
2505 - Added the ability for Mailman generated passwords (both member and list
2506 admin) to be more cryptographically secure. See new configuration
2507 variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
2508 ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
2509 reset_pw.py which can be used to reset all member passwords. Passwords
2510 generated by Mailman are now 8 characters by default for members, and 10
2511 characters for list administrators.
2512
2513 - A potential cross-site scripting hole in the driver script has been
2514 closed. Thanks to Florian Weimer for its discovery. Also, turn
2515 STEALTH_MODE on by default.
2516
2517 Internationalization
2518
2519 - Chinese languages are now supported. They have been moved from 'big5'
2520 and 'gb' to 'zh_TW' and 'zh_CN' respectively for compliance to the IANA
2521 spec. Note, however, that the character sets were changed from 'Big5'
2522 or 'GB2312' to 'UTF-8' to cope with the insufficient codecs support in
2523 Python 2.3 and earlier. You may have to install Chinese capable codecs
2524 (like CJKCodecs) separately to handle the incoming messages which are in
2525 local charsets, or upgrade your Python to 2.4 or newer.
2526
2527 Behavior or defaults changes
2528
2529 - VERP_PROBES is disabled by default.
2530
2531 - bin/withlist can be run without a list name, but only if -i is given.
2532 Also, withlist puts the directory it's found in at the end of sys.path,
2533 making it easier to run withlist scripts that live in $prefix/bin.
2534
2535 - bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
2536 lets the user provide the web and email hostnames for the new mailing
2537 list. This is a better way to specify the domain for the list, rather
2538 than the old 'mylist@hostname' syntax (which is still supported for
2539 backward compatibility, but deprecated).
2540
2541 Compatibility
2542
2543 - Python 2.4 compatibility issue: time.strftime() became strict about the
2544 'day of year' range. (1078482)
2545
2546 New Features
2547
2548 - New feature: automatic discards of held messages. List owners can now
2549 set how many days to hold the messages in the moderator request queue.
2550 cron/checkdb will automatically discard old messages. See the
2551 max_days_to_hold variable in the General Options and
2552 DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0
2553 (i.e. disabled). (790494)
2554
2555 - New feature: subject_prefix can be configured to include a sequence
2556 number which is taken from the post_id variable. Also, the prefix is
2557 always put at the start of the subject, i.e. "[list-name] Re: original
2558 subject", if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style
2559 is "Re: [list-name]" if numbering is not set, for backward compatibility.
2560 If the list owner is using numbering feature by "%d" directive, the new
2561 style, "[list-name 123] Re:", is always used.
2562
2563 - List owners can now cusomize the non-member rejection notice from
2564 admin/<listname>/privacy/sender page. (1107169)
2565
2566 - Allow editing of the welcome message from the admin page (1085501).
2567
2568 - List owners can now use Scrubber to get the attachments scrubbed (held
2569 in the web archive), if the site admin permits it in mm_cfg.py. New
2570 variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
2571 SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
2572 behavior. (904850)
2573
2574 Documentation
2575
2576 - Most of the installation instructions have been moved to a latex
2577 document. See doc/mailman-install/index.html for details.
2578
2579 Bug fixes and other patches
2580
2581 - Mail-to-news gateway now strips subject prefix off from a response
2582 by a mail user if news_prefix_subject_too is not set.
2583
2584 - Date and Message-Id headers are added for digests. (1116952)
2585
2586 - Improved mail address sanity check. (1030228)
2587
2588 - SpamDetect.py now checks attachment header. (1026977)
2589
2590 - Filter attachments by filename extensions. (1027882)
2591
2592 - Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
2593 1020013 (fix spam filter removed), 665569 (newer Postfix bounce
2594 detection), 970383 (moderator -1 admin requests pending), 873035
2595 (subject handling in -request mail), 799166/946554 (makefile
2596 compatibility), 872068 (add header/footer via unicode), 1032434
2597 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
2598 (fix pipermail URL), 948152 (Out of date link on Docs), 1099138
2599 (Scrubber.py breaks on None part), 1099840/1099840 (deprecated %
2600 insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd
2601 reminder shunted), 1112349 (case insensitivity in acceptable_aliases),
2602 1117618 (Don't Cc for personalized anonymous list), 1190404 (wrong
2603 permission after editing html)
2604
2605 2.1.5 (15-May-2004)
2606
2607 - The admindb page has a checkbox that allows you to discard all held
2608 messages that are marked Defer. On heavy lists with lots of spam holds,
2609 this makes clearing them much faster.
2610
2611 - The qrunner system has changed to use only one file per message.
2612 However the configuration variable METADATA_FORMAT has been removed, and
2613 support for SAVE_MSGS_AS_PICKLES has been changed. The latter no longer
2614 writes messages as plain text. Instead, they are stored as pickles of
2615 plain strings, using the text pickle format. This still makes them
2616 non-binary files readable and editable by humans.
2617
2618 bin/dumpdb also works differently. It will print out the entire pickle
2619 file (with more verbosity) and if used with 'python -i', it binds msg to
2620 a list of all objects found in the pickle file.
2621
2622 Removed from Defaults.py: PENDINGDB_LOCK_TIMEOUT,
2623 PENDINGDB_LOCK_ATTEMPTS, METAFMT_MARSHAL, METAFMT_BSDDB_NATIVE,
2624 METAFMT_ASCII, METADATA_FORMAT
2625
2626 - The bounce processor has been redesigned so that now when an address's
2627 bounce score reaches the threshold, that address will be sent a probe
2628 message. Only if the probe bounces will the address be disabled. The
2629 score is reset to zero when the probe is sent. Also, bounce events are
2630 now kept in an event file instead of in memory. This should help
2631 contain the bloat of the BounceRunner.
2632
2633 New supporting variables in Defaults.py: VERP_PROBE_FORMAT,
2634 VERP_PROBE_REGEXP
2635
2636 REGISTER_BOUNCES_EVERY is promoted to a Defaults.py variable.
2637
2638 - The pending database has been changed from a global pickle file, to a
2639 unique pickle file per mailing list.
2640
2641 - The 'request' database file has changed from a marshal, to the more
2642 secure pickle format.
2643
2644 - Disallow multiple password retrievals.
2645
2646 - SF patch #810675 which adds a "Discard all messages marked Defer" button
2647 for faster admindb maintenance.
2648
2649 - The email package is updated to version 2.5.5.
2650
2651 - New language: Turkish.
2652
2653 - Bugs and patches: 869644, 869647 (NotAMemberError for old cookie data),
2654 878087 (bug in Slovenian catalog), 899263 (ignore duplicate pending
2655 ids), 810675 (discard all defers button)
2656
2657 2.1.4 (31-Dec-2003)
2658
2659 - Close some cross-site scripting vulnerabilities in the admin pages
2660 (CAN-2003-0965).
2661
2662 - New languages: Catalan, Croatian, Romanian, Slovenian.
2663
2664 - New mm_cfg.py/Defaults.py variable PUBLIC_MBOX which allows the site
2665 administrator to disable public access to all the raw list mbox files
2666 (this is not a per-list configuration).
2667
2668 - Expanded header filter rules under Privacy -> Spam Filters. Now you can
2669 specify regular expression matches against any header, with specific
2670 actions tied to those matches.
2671
2672 - Rework the SMTP error handling in SMTPDirect.py to avoid scoring bounces
2673 for all recipients when a permanent error code is returned by the mail
2674 server (e.g. because of content restrictions).
2675
2676 - Promoted SYNC_AFTER_WRITE to a Default.py/mm_cfg.py variable and
2677 make it control syncing on the config.pck file. Also, we always flush
2678 and sync message files.
2679
2680 - Reduce archive bloat by not storing the HTML body of Article objects in
2681 the Pipermail database. A new script bin/rb-archfix was added to clean
2682 up older archives.
2683
2684 - Proper RFC quoting for List-ID descriptions.
2685
2686 - PKGDIR can be passed to the make command in order to specify a different
2687 directory to unpack the distutils packages in misc. (SF bug 784700).
2688
2689 - Improved logging of the origin of subscription requests.
2690
2691 - Bugs and patches: 832748 (unsubscribe_policy ignored for unsub button on
2692 member login page), 846681 (bounce disabled cookie was always out of
2693 date), 835870 (check VIRTUAL_HOST_OVERVIEW on through the web list
2694 creation), 835036 (global address change when the new address is already
2695 a member of one of the lists), 833384 (incorrect admin password on a
2696 hold message confirmation attachment would discard the message), 835012
2697 (fix permission on empty archive index), 816410 (confirmation page
2698 consistency), 834486 (catch empty charsets in the scrubber), 777444 (set
2699 the process's supplemental groups if possible), 860135 (ignore
2700 DiscardMessage exceptions during digest scrubbing), 828811 (reduce
2701 process size for list and admin overviews), 864674/864676 (problems
2702 accessing private archives and rosters with admin password), 865661
2703 (Tokio Kikuchi's i18n patches), 862906 (unicode prefix leak in admindb),
2704 841445 (setting new_member_options via config_list), n/a (fixed email
2705 command 'set delivery')
2706
2707 2.1.3 (28-Sep-2003)
2708
2709 Performance, Reliability, Security
2710
2711 - Closed a cross-site scripting exploit in the create cgi script.
2712
2713 - Improvements in the performance of the bounce processor.
2714 Now, instead of processing each bounce immediately (which
2715 can cause severe lock contention), bounce events are queued.
2716 Every 15 minutes by default, the queued bounce events are
2717 processed en masse, on a list-per-list basis, so that each
2718 list only needs to be locked once.
2719
2720 - When some or all of a message's recipients have temporary
2721 delivery failures, the message is moved to a "retry" queue.
2722 This queue wakes up occasionally and moves the file back to
2723 the outgoing queue for attempted redelivery. This should
2724 fix most observed OutgoingRunner 100% cpu consumption,
2725 especially for bounces to local recipients when using the
2726 Postfix MTA.
2727
2728 - Optional support for fsync()'ing qfile data after writing.
2729 Under some catastrophic system failures (e.g. power lose),
2730 it would be possible to lose messages because the data
2731 wasn't sync'd to disk. By setting SYNC_AFTER_WRITE to True
2732 in Mailman/Queue/Switchboard.py, you can force Mailman to
2733 fsync() queue files after flushing them. The benefits are
2734 debatable for most operating environments, and you must
2735 ensure that your Python has the os.fsync() function defined
2736 before enabling this feature (it isn't, even on all
2737 Unix-like operating systems).
2738
2739 Internationalization
2740
2741 - New languages Ukrainian, Serbian, Danish, Euskara/Basque.
2742
2743 - Fixes to template lookup. Lists with local overriding
2744 templates would find the wrong template.
2745
2746 - .mo files (for internationalization) are now generated at
2747 build time instead of coming as part of the source
2748 distribution.
2749
2750 Documentation
2751
2752 - A first draft of member documentation by Terri Oda. There
2753 is also a Japanese translation of this manual by Ikeda Soji.
2754
2755 Archiver / Pipermail
2756
2757 - In the configuration variables PUBLIC_EXTERNAL_ARCHIVER, and
2758 PRIVATE_EXTERNAL_ARCHIVER, %(hostname)s has been added to
2759 the list of allowable substitution variables.
2760
2761 - The timezone is now taken into account when figuring the
2762 posting date for an article.
2763
2764 Scripts / Cron
2765
2766 - Fixes to cron/disabled for NotAMemberError crashes.
2767
2768 - New script bin/show_qfiles which prints the contents of .pck
2769 message files. New script bin/discard which can be used to
2770 mass discard held messages.
2771
2772 - Fixes to cron/mailpasswds to account for old password-less
2773 subscriptions.
2774
2775 - bin/list_members has grown two new options: --invalid/-i
2776 prints only the addresses in the member database that are
2777 invalid (which could have snuck in via old releases);
2778 --unicode/-u prints addresses which are stored as Unicode
2779 objects instead of as normal strings.
2780
2781 Miscellaneous
2782
2783 - Fixes to problems in some configurations where Python wouldn't
2784 be able to find its standard library.
2785
2786 - Fixes to the digest which could cause MIME-losing missing
2787 newlines when parts are scrubbed via the content filters.
2788
2789 - In the News/Mail gateway admin page, the configuration variable
2790 nntp_host can now be a name:port pair.
2791
2792 - When messages are pulled from NNTP, the member moderation checks
2793 are short-circuited.
2794
2795 - email 2.5.4 is included. This fixes an RFC 2231 bug, among
2796 possibly others.
2797
2798 - Fixed some extra spaces that could appear in the List-ID header.
2799
2800 - Fixes to ensure that invalid email addresses can't be invited.
2801
2802 - WEB_LINK_COLOR in Defaults.py/mm_cfg.py should now work.
2803
2804 - Fixes so that shunted message file names actually match
2805 those logged in log/errors.
2806
2807 - An improved pending action cookie generation algorithm has
2808 been added.
2809
2810 - Fixes to the DSN bounce detector.
2811
2812 - The usual additional u/i, internationalization, unicode, and
2813 other miscellaneous fixes.
2814
2815 2.1.2 (22-Apr-2003)
2816
2817 - New languages Portuguese (Portugal) and Polish.
2818
2819 - Many convenient constants have been added to the Defaults.py
2820 module to (hopefully) make it more readable.
2821
2822 - Email addresses which contain 8-bit characters in them are now
2823 rejected and won't be subscribed. This is not the same as 8-bit
2824 characters in the realname, which is still allowed.
2825
2826 - The X-Originating-Email header is removed for anonymous lists.
2827 Hotmail apparently adds this header.
2828
2829 - When running make to build Mailman, you can specify $DESTDIR to
2830 the install target to specify an alternative location for
2831 installation, without influencing the paths stored in
2832 e.g. Defaults.py. This is useful to package managers.
2833
2834 - New Defaults.py variable DELIVERY_RETRY_WAIT which controls how
2835 long the outgoing qrunner will wait before it retries a
2836 tempfailure delivery.
2837
2838 - The semantics for the extend.py hook to MailList objects has
2839 changed slightly. The hook is now called before attempting to
2840 lock and load the database.
2841
2842 - Mailman now uses the email package version 2.5.1
2843
2844 - bin/transcheck now checks for double-%'s
2845
2846 - bin/genaliases grew a -q / --quiet flag
2847
2848 - cron/checkdbs grew a -h / --help option.
2849
2850 - The -c / --change-msg option has been removed from bin/add_members
2851
2852 - bin/msgfmt.py has been added, taken from Python 2.3's Tools/i18n
2853 directory. The various .mo files are now no longer distributed
2854 with Mailman. They are generated at build time instead.
2855
2856 - A new file misc/sitelist.cfg which can be used with
2857 bin/config_list provides a small number of recommended settings
2858 for your site list. Be sure to read it over before applying!
2859 sitelist.cfg is installed into the data directory.
2860
2861 - Many bug fixes, including these SourceForge bugs closed and
2862 patches applied: 677668, 690448, 700538, 700537, 673294, 683906,
2863 671294, 522080, 521124, 534297, 699900, 697321, 695526, 703941,
2864 658261, 710678, 707608, 671303, 717096, 694912, 707624, 716755,
2865 661138, 716754, 716702, 667167, 725369, 726415
2866
2867
2868 2.1.1 (08-Feb-2003)
2869
2870 Lots of bug fixes and language updates. Also:
2871
2872 - Closed a cross-site scripting vulnerability in the user options page.
2873
2874 - Restore the ability to control which headers show up in messages
2875 included in plaintext and MIME digests. See the variables
2876 PLAIN_DIGEST_KEEP_HEADERS and MIME_DIGEST_KEEP_HEADERS in
2877 Defaults.py.
2878
2879 - Messages included in the plaintext digests are now sent through
2880 the scrubber to remove (and archive) attachments. Otherwise,
2881 attachments would screw up plaintext digests. MIME digests
2882 include the attachments inline.
2883
2884 2.1 final (30-Dec-2002)
2885
2886 Last minute bug fixes and language updates.
2887
2888 2.1 rc 1 (24-Dec-2002)
2889
2890 Bug fixes and language updates. Also,
2891
2892 - Lithuanian support has been added.
2893
2894 - bin/remove_members grew --nouserack and --noadminack switches
2895
2896 - configure now honors --srcdir
2897
2898 2.1 beta 6 (09-Dec-2002)
2899
2900 Lots and lots of bug fixes, and translation updates. Also,
2901
2902 - ARCHIVER_OBSCURES_EMAILADDRS is now set to true by default.
2903
2904 - QRUNNER_SAVE_BAD_MESSAGES is now set to true by default.
2905
2906 - Bounce messages which were recognized, but in which no member
2907 addresses were found are no longer forwarded to the list
2908 administrator.
2909
2910 - bin/arch grew a --wipe option which first removes the entire old
2911 archive before regenerating the new one.
2912
2913 - bin/mailmanctl -u now prints a warning that permission problems
2914 could appear, such as when trying to delete a list through the
2915 web that has some archives in it.
2916
2917 - bin/remove_members grew --nouserack/-n and -noadminack/-N options.
2918
2919 - A new script bin/list_owners has been added for printing out
2920 list owners and moderators.
2921
2922 - Dates in the web version of archived messages are now relative
2923 to the local timezone, and include the timezone names, when
2924 available.
2925
2926 2.1 beta 5 (19-Nov-2002)
2927
2928 As is typical for a late beta release, this one includes the usual
2929 bug fixes, tweaks, and massive new features (just kidding).
2930
2931 IMPORTANT: If you are using Pipermail, and you have any archives
2932 that were created or added to in 2.1b4, you will need to run
2933 bin/b4b5-archfix, followed by bin/check_perms to fix some serious
2934 performance problems. From you install directory, run
2935 "bin/b4b5-archfix --help" for details.
2936
2937 - The personalization options have been tweaked to provide more
2938 control over mail header and decoration personalizations. In
2939 2.1b4, when personalization was enabled, the To and Cc headers
2940 were always overwritten. But that's usually not appropriate for
2941 anything but announce lists, so now these headers aren't changed
2942 unless "Full personalization" is enabled.
2943
2944 - You now need to go to the General category to enable emergency
2945 moderation.
2946
2947 - The order of the hold modules in the GLOBAL_PIPELINE has
2948 changed, again. Now Moderate comes before Hold.
2949
2950 - Estonian language support has been added.
2951
2952 - All posted messages should now get decorated with headers and
2953 footers in a MIME-safe way. Previously, some MIME type messages
2954 didn't get decorated at all.
2955
2956 - bin/arch grew a -q/--quiet option
2957
2958 - bin/list_lists grew a -b/--bare option
2959
2960 2.1 beta 4 (26-Oct-2002)
2961
2962 The usual assortment of bug fixes and language updates, some u/i
2963 tweaks, as well as the following:
2964
2965 - Configuring / building / installing
2966 o Tightened up some configure checks; it will now bark loudly
2967 if you don't have the Python distutils package available
2968 (some Linux distros only include distutils in their "devel"
2969 packages).
2970
2971 o Mailman's username/group security assertions are now done by
2972 symbolic name instead of numeric id. This provides a level
2973 of indirection that makes it much easier to move or package
2974 Mailman. --with-mail-gid and --with-cgi-gid are retained,
2975 but they control the group names used instead.
2976
2977 - Command line scripts
2978 o A new script, bin/transcheck that language teams can use to
2979 check their .po files.
2980
2981 o bin/list_members grew a --fullnames/-f option to print the
2982 full names along with the addresses.
2983
2984 o cron/senddigests grew --help/-h and --listname/-l options.
2985
2986 o bin/fix_url.py grew some command line options to support moving
2987 a list to a specific virtual domain.
2988
2989 - Pipermail / archiving
2990 o Reworked the directory layout for archive attachments to be
2991 less susceptible to inode overload. Attachments are now
2992 placed in
2993
2994 archives/private/<listname>/attachments/<YYYYMMDD>/<msgidhash>
2995
2996 o Internationalization support in the archiver has been improved.
2997
2998 - Internationalization
2999 o New languages: Swedish.
3000
3001 - Mail handling
3002 o Content filtering now has a pass_mime_type variable, which
3003 is a whitelist of MIME types to allow in postings. See the
3004 details of the variable in the Content Filtering category
3005 for more information.
3006
3007 o If a member has enabled their DontReceiveDuplicates option,
3008 we'll also strip their addresses from the Cc headers in the
3009 copy of the message sent to the list. This helps keep the
3010 Cc lines from growing astronomically.
3011
3012 o Bounce messages are now forwarded to the list administrators
3013 both if they are unrecognized, and if no list member's
3014 address could be extracted.
3015
3016 o Content filtering now has a filter_action variable which
3017 controls what happens when a message matches the content
3018 filter rules. The default is still to discard the message.
3019
3020 o When searching for an Approve/Approved header, the first
3021 non-whitespace line of the body of the message is also
3022 checked, if the body has a MIME type of text/plain.
3023
3024 o If a list is personalized, and the list's posting address is
3025 not included in a Reply-To header, the posting address is
3026 copied into a Cc header, otherwise there was no (easy) way a
3027 recipient could reply back to the list.
3028
3029 o Added a MS Exchange bounce recognizer.
3030
3031 o New configuration variable news_moderation which allows the
3032 mail->news gateway to properly post to moderated newsgroups.
3033
3034 o Messages sent to a list's owners now comes from the site
3035 list to prevent mail loops when list owners or moderators
3036 having bouncing addresses.
3037
3038 - Miscellaneous
3039 o mailanctl prevents runaway restarts by imposing a maximum
3040 restart value (defaulting to 10) for restarting the
3041 qrunners. If you hit this limit, do "mailmanctl stop"
3042 followed by "mailmanctl start".
3043
3044 o The Membership Management page's search feature now includes
3045 searching on members real names.
3046
3047 o The start of a manual for list administrators is given in
3048 Python HOWTO format (LaTeX). It's in doc/mailman-admin.tex
3049 but it still needs lots of fleshing out.
3050
3051 o More protections against creating a list with an invalid name.
3052
3053 2.1 beta 3 (09-Aug-2002)
3054
3055 The usual assortment of bug fixes and language updates.
3056
3057 - New languages: Dutch, Portuguese (Brazil)
3058
3059 - New configure script options: --with-mailhost, --with-urlhost,
3060 --without-permcheck. See ./configure --help for details.
3061
3062 - The encoding of Subject: prefixes is controlled by a new list
3063 option encode_ascii_prefixes. This is useful for languages with
3064 character sets other than us-ascii. See the Languages admin
3065 page for details.
3066
3067 - A new list option news_prefix_subject_too controls whether
3068 postings gated from mail to news should have the subject prefix
3069 added to their Subject: header.
3070
3071 - The algorithm for upgrading the moderation controls for a
3072 Mailman 2.0.x list has changed. The change should be
3073 transparent, but you'll want to double check the moderation
3074 controls after upgrading from MM2.0.x. This should have no
3075 effect for upgrades from a previous MM2.1 beta.
3076
3077 See the UPGRADING file for details.
3078
3079 - On the Mass Subscribe admin page, a text box has been added so
3080 that the admin can add a custom message to be prepended to the
3081 welcome/invite notification.
3082
3083 - On the admindb page, a link is included to more easily reload
3084 the page.
3085
3086 - The Sendmail.py delivery module is sabotaged so that it can't be
3087 used naively. You need to read the comments in the file and
3088 edit the code to use this unsafe module.
3089
3090 - When a member sends a `help' command to the request address,
3091 the url to their options page is included in the response.
3092
3093 - Autoresponses, -request command responses, and posting hold
3094 notifications are inhibited for any message that has a
3095 Precedence: {bulk|list|junk} header. This is to avoid mail
3096 loops between email 'bots. If the original message has an
3097 X-Ack: yes header, the response is sent.
3098
3099 Responses are also limited to a maximum number per day, as
3100 defined in the site variable MAX_AUTORESPONSES_PER_DAY. This is
3101 another guard against 'bot loops, and it defaults to 10.
3102
3103 - When a Reply-To: header is munged to include both the original
3104 and the list address, the list address is always added last.
3105
3106 - The cron/mailpasswds script has grown a -l/--listname option.
3107
3108 - The cron/disabled script has grown options to send out
3109 notifications for reasons other than bounce-disabled. It has
3110 also grown a -f/--force option. See cron/disabled --help for
3111 details.
3112
3113 - The bin/dumpdb script has grown a -n/--noprint option.
3114
3115 - An experimental new mechanism for processing incoming messages
3116 has been added. If you can configure your MTA to do qmail-style
3117 Maildir delivery, Mailman now has a MaildirRunner qrunner. This
3118 may turn out to be much more efficient and scalable, but for
3119 MM2.1, it will not be officially supported. See Defaults.py.in
3120 and Mailman/Queue/MaildirRunner.py for details.
3121
3122 2.1 beta 2 (05-May-2002)
3123
3124 Lots of bug fixing, and the following new features and changes:
3125
3126 - A "de-mime" content filter feature has been added. This
3127 oft-requested feature allows you to specify MIME types that
3128 Mailman should strip off of any messages before they're posted
3129 to the list. You can also optionally convert text/html to
3130 text/plain (by default, through lynx if it's available).
3131
3132 - Changes to the way the RFC 2919 and 2369 headers (i.e. the
3133 List-*: headers) are added:
3134 o List-Id: is always added
3135 o List-Post:, List-Help:, List-Subscribe:,
3136 List-Unsubscribe:, and List-Archive: are only added to
3137 posting messages.
3138 o X-List-Administrivia: is only added to messages Mailman
3139 creates and sends out of its own accord.
3140
3141 Also, if the site administrator allows it, list owners can
3142 suppress the addition of all the List-*: headers. List owners
3143 can also separately suppress the List-Post: header for
3144 announce-only lists.
3145
3146 - A new framework for email commands has been added. This allows
3147 you to easily add, delete, or change the email commands that
3148 Mailman understands, on a per-site, per-list, or even per-user
3149 basis.
3150
3151 - Users can now change their digest delivery type from MIME to
3152 plain text globally, for all lists they are subscribed to.
3153
3154 - No language select pulldowns are shown if the list only supports
3155 one language.
3156
3157 - More mylist-admin eradication.
3158
3159 - Several performance improvements in the bounce qrunner, one of
3160 which is to make it run only once per minute instead of once per
3161 second.
3162
3163 - Korean language support as been added.
3164
3165 - Gatewaying from news -> mail uses its connections to the nntpd
3166 more efficiently.
3167
3168 - In bin/add_members, -n/--non-digest-members-file command line
3169 switch is deprecated in favor of -r/--regular-members-file.
3170
3171 - bin/sync_members grew a -g/--goodbye-msg switch.
3172
3173 2.1 beta 1 (16-Mar-2002)
3174
3175 In addition to the usual bug fixes, performance improvements, and
3176 GUI changes, here are the highlights:
3177
3178 - MIME and other message handling
3179 o More robustness against badly MIME encapsulated messages: if
3180 a MessageParseError is raised during the initial parse, the
3181 message can either be discarded or saved in qfiles/bad,
3182 depending on the value of the new configuration variable
3183 QRUNNER_SAVE_BAD_MESSAGES.
3184
3185 o There is a new per-user option that can be used to avoid
3186 receipt of extra copies, when a member of the list is also
3187 explicitly CC'd.
3188
3189 o Always add an RFC 2822 Date: header if missing, since not
3190 all MTAs insert one automatically.
3191
3192 o The Sender: and Errors-To: headers are no longer added to
3193 outgoing messages.
3194
3195 o Headers and footers are always added by concatenation, if
3196 the message is not MIME and if the list's charset is a
3197 superset of us-ascii.
3198
3199 - List administration
3200 o An `invitation' feature has been added. This is selectable
3201 as a radio button on the mass subscribe page. When
3202 selected, users are invited to join instead of immediately
3203 joined, i.e. they get a confirmation message.
3204
3205 o You can now enable and disable list owner notifications for
3206 disabled-due-to-bouncing and removal-due-to-bouncing
3207 actions. The site config variables
3208 DEFAULT_BOUNCE_NOTIFY_OWNER_ON_DISABLE and
3209 DEFAULT_BOUNCE_NOTIFY_OWNER_ON_REMOVAL control the default
3210 behavior.
3211
3212 o List owners can now decide whether they receive unrecognized
3213 bounce messages or not (i.e. messages that the bounce
3214 processor doesn't recognize). Site admins can set the
3215 default value for this flag with the config variable
3216 DEFAULT_BOUNCE_UNRECOGNIZED_GOES_TO_LIST_OWNER.
3217
3218 o The admindb summary page gives the option of clearing the
3219 moderation flag of members who are on quarantined.
3220
3221 o The action to take when a moderated member posts to a list
3222 is now configurable. The message can either be held,
3223 rejected (bounced), or discarded. If the message is
3224 rejected, a rejection notice string can be given.
3225
3226 o In the General admin page, you can now set the default value
3227 for five per-user flags: concealing the user's email
3228 address, acknowledging posts sent by the user, copy
3229 suppression, not-me-too selection, and the default digest
3230 type. Site admins can set the default bit field with the
3231 new DEFAULT_NEW_MEMBER_OPTIONS variable.
3232
3233 o A new "Emergency brake" feature for turning on moderation of
3234 all list postings. This is useful for when flamewars break
3235 out, and the list needs a cooling off period. Messages
3236 containing an Approved: header with the list owner password
3237 are still allowed through, as are messages approved through
3238 the admindb interface.
3239
3240 o When a moderated message is approved for the list, add an
3241 X-Mailman-Approved-At: header which contains the timestamp
3242 of the approval action (changed from X-Moderated: with a
3243 different format).
3244
3245 o Lists can now be converted to using a less error prone
3246 mechanism for variable substitution syntax in headers and
3247 footers. Instead of %(var)s strings, you'd use $var
3248 strings. You must use "bin/withlist -r convert" to enable
3249 this.
3250
3251 o When moderating held messages, the header text box and the
3252 message excerpt text box are now both read-only.
3253
3254 o You can't delete the site list through the web.
3255
3256 o When creating new lists through the web, you have the option
3257 of setting the "default member moderation" flag.
3258
3259 - Security and privacy
3260 o New feature: banned subscription addresses. Privacy
3261 options/subscription rules now have an additional list box
3262 which can contain addresses or regular expressions.
3263 Subscription requests from any matching address are
3264 automatically rejected.
3265
3266 o Membership tests which compare message headers against list
3267 rosters are now more robust. They now check, by default
3268 these header in order: From:, unixfrom, Reply-To:, Sender:.
3269 If any match, then the membership test succeeds.
3270
3271 o ALLOW_SITE_ADMIN_COOKIES is a new configuration variable
3272 which says whether to allow AuthSiteAdmin cookies or not.
3273 Normally, when a list administrator logs into a list with
3274 the site password, they are issued a cookie that only allows
3275 them to do administration for this one list. By setting
3276 ALLOW_SITE_ADMIN_COOKIES to 1, the user only needs to
3277 authenticate to one list with the site password, and they
3278 can administer any mailing list.
3279
3280 I'm not sure this feature is wise, so the default value for
3281 ALLOW_SITE_ADMIN_COOKIES is 0.
3282
3283 o Marc MERLIN's new recipes for secure Linuxes have been
3284 updated.
3285
3286 o DEFAULT_PRIVATE_ROSTER now defaults to 1.
3287
3288 o Passwords are no longer included in the confirmation pages.
3289
3290 - Internationalization
3291 o With the approval of Tamito KAJIYAMA, the Japanese codecs
3292 for Python are now included automatically, so you don't need
3293 to download and install these separate. It is installed in
3294 a Mailman-specific place so it won't affect your larger
3295 Python installation.
3296
3297 o The configure script will produce a warning if the Chinese
3298 codes are not installed. This is not a fatal error.
3299
3300 o Russian templates and catalogs have been added.
3301
3302 o Finnish templates and catalogs have been added.
3303
3304 - Scripts and utilities
3305 o New program bin/unshunt to safely move shunted messages back
3306 into the appropriate processing queue.
3307
3308 o New program bin/inject for sending a plaintext message into
3309 the incoming queue from the command line.
3310
3311 o New cron script cron/disabled for periodically culling the
3312 disabled membership.
3313
3314 o bin/list_members has grown some new command line switches
3315 for filtering on different criteria (digest mode, disable
3316 mode, etc.)
3317
3318 o bin/remove_members has grown the --fromall switch.
3319
3320 o You can now do a bin/rmlist -a to remove an archive even
3321 after the list has been deleted.
3322
3323 o bin/update removes the $prefix/Mailman/pythonlib directory.
3324
3325 o bin/withlist grows a --all/-a flag so the --run/-r option
3326 can be applied to all the mailing lists. Also, interactive
3327 mode is now the default if -r isn't used. You don't need to
3328 run this script as "python -i bin/withlist" anymore.
3329
3330 o There is a new script contrib/majordomo2mailman.pl which
3331 should ease the transition from Majordomo to Mailman.
3332
3333 - MTA integration
3334 o Postfix integration has been made much more robust, but now
3335 you have to set POSTFIX_ALIAS_CMD and POSTFIX_MAP_CMD to
3336 point to the postalias and postmap commands respectively.
3337
3338 o VERP-ish delivery has been made much more efficient by
3339 eliminating extra disk copies of messages for each recipient
3340 of a VERP delivery. It has also been made more robust in
3341 the face of failures during chunk delivery. This required a
3342 rewrite of SMTPDirect.py and one casualty of that rewrite
3343 was the experimental threaded delivery. It is no longer
3344 supported (but /might/ be resurrected if there's enough
3345 demand -- or a contributed patch :).
3346
3347 o A new site config variable SMTP_MAX_SESSIONS_PER_CONNECTION
3348 specifies how many consecutive SMTP sessions will be
3349 conducted down the same socket connection. Some MTAs have a
3350 limit on this.
3351
3352 o Support for VERP-ing confirmation messages. These are less
3353 error prone since the Subject: header doesn't need to be
3354 retained, and they allow a more user friendly (and i18n'd)
3355 Subject: header. VERP_CONFIRM_FORMAT, VERP_CONFIRM_REGEXP,
3356 and VERP_CONFIRMATIONS control this feature (only supported
3357 for invitation confirmations currently, but will be expanded
3358 to the other confirmations).
3359
3360 o Several new list-centric addresses have been added:
3361 -subscribe and -unsubscribe are synonyms for -join and
3362 -leave, respectively. Also -confirm has been added to
3363 support VERP'd confirmations.
3364
3365 - Archiver
3366 o There's now a default page for the Pipermail archive link
3367 for when no messages have yet been posted to the list.
3368
3369 o Just the mere presence of an X-No-Archive: is enough to
3370 inhibit archiving for this message; the value of the header
3371 is now ignored.
3372
3373 - Configuring, building, installing
3374 o Mailman now has a new favicon, donated by Terry Oda. Not
3375 all web pages are linked to the favicon yet though.
3376
3377 o The add-on email package is now distributed and installed
3378 automatically, so you don't need to do this. It is
3379 installed in a Mailman-specific place so it won't affect
3380 your larger Python installation.
3381
3382 o The default value of VERP_REGEXP has changed.
3383
3384 o New site configuration variables BADQUEUE_DIR and
3385 QRUNNER_SAVE_BAD_MESSAGES which describe where to save
3386 messages which are not properly MIME encoded.
3387
3388 o configure should be more POSIX-ly conformant.
3389
3390 o The Mailman/pythonlib directory has been removed, but a new
3391 $prefix/pythonlib directory has been added.
3392
3393 o Regression tests are now installed.
3394
3395 o The second argument to add_virtual() calls in mm_cfg.py are
3396 now optional.
3397
3398 o DEFAULT_FIRST_STRIP_REPLY_TO now defaults to 0.
3399
3400 o Site administrators can edit the Mailman/Site.py file to
3401 customize some filesystem layout policies.
3402
3403
3404 2.1 alpha 4 (31-Dec-2001)
3405
3406 - The administrative requests database page (admindb) has been
3407 redesigned for better usability when there are lots of held
3408 postings. Changes include:
3409 o A summary page which groups held messages by sender email
3410 address. On this page you can dispose of all the sender's
3411 messages in one action. You can also view the details of
3412 all the sender's messages, or the details of a single
3413 message. You can also add the sender to one of the list's
3414 sender filters.
3415
3416 o A details page where you can view all messages, just those
3417 for a particular sender, or just a single held message.
3418 This details page is laid out the same as the old admindb
3419 page.
3420
3421 o The instructions have been shorted on the summary and
3422 details page, with links to more detailed explanations.
3423
3424 - Bounce processing
3425 o Mailman now keeps track of the reason a member's delivery
3426 has been disabled: explicitly by the administrator,
3427 explicitly by the user, by the system due to excessive
3428 bounces, or for (legacy) unknown reasons.
3429
3430 o A new bounce processing algorithm has been implemented (we
3431 might actually understand this one ;). When an address
3432 starts bouncing, the member gets a "bounce score". Hard
3433 (fatal) bounces score 1.0, while soft (transient) bounces
3434 score 0.5.
3435
3436 List administrators can specify a bounce threshold above
3437 which a member gets disabled. They can also specify a time
3438 interval after which, if no bounces are received from the
3439 member, the member's bounce score is considered stale and is
3440 thrown away.
3441
3442 o A new cron script, cron/disabled, periodically sends
3443 notifications to members who are bounce disabled. After a
3444 certain number of warnings the member is deleted from the
3445 list. List administrators can control both the number of
3446 notifications and the amount of time between notifications.
3447
3448 Notifications include a confirmation cookie that the member
3449 can use to re-enable their subscription, via email or web.
3450
3451 o New configuration variables to support the bounce processing
3452 are DEFAULT_BOUNCE_SCORE_THRESHOLD,
3453 DEFAULT_BOUNCE_INFO_STALE_AFTER,
3454 DEFAULT_BOUNCE_YOU_ARE_DISABLED_WARNINGS,
3455 DEFAULT_BOUNCE_YOU_ARE_DISABLED_WARNINGS_INTERVAL.
3456
3457 - Privacy and security
3458 o Sender filters can now be regular expressions. If a line
3459 starts with ^ it is taken as a (raw string) regular
3460 expression, otherwise it is a literal email address.
3461
3462 o Fixes in 2.0.8 ported forward: prevent cross-site scripting
3463 exploits.
3464
3465 - Mail delivery
3466 o Aliases have all been changed so that there's more
3467 consistency between the alias a message gets delivered to,
3468 and the script & queue runner that handles the message.
3469
3470 I've also renamed the mail wrapper script to `mailman' from
3471 `wrapper' to avoid collisions with other MLM's. You /will/
3472 need to regenerate your alias files with bin/genaliases, and
3473 you may need to update your smrsh (Sendmail) configs.a
3474
3475 Bounces always go to listname-bounces now, since
3476 administration has been separated from bounce processing.
3477 listname-admin is obsolete.
3478
3479 o VERP support! This greatly improves the accuracy of bounce
3480 detection. Configuration variables which control this feature
3481 include VERP_DELIVERY_INTERVAL, VERP_PERSONALIZED_DELIVERIES,
3482 VERP_PASSWORD_REMINDERS, VERP_REGEXP, and VERP_FORMAT. The
3483 latter two must be tuned to your MTA.
3484
3485 o A new alias mailman-loop@dom.ain is added which directs all
3486 output to the file $prefix/data/owner-bounces.mbox. This is
3487 used when sending messages to the site list owners, as the
3488 final fallback for bouncing messages.
3489
3490 o New configuration variable POSTFIX_STYLE_VIRTUAL_DOMAINS
3491 which should be set if you are using the Postfix MTA and
3492 want Mailman to play nice with Postfix-style virtual
3493 domains.
3494
3495 - Miscellaneous
3496 o Better interoperability with Python 2.2.
3497
3498 o MailList objects now record the date (in seconds since
3499 epoch) that they were created. This is in a hidden
3500 attribute `created_at'.
3501
3502 o bin/qrunner grows a -s/--subproc switch which is usually
3503 used only when it's started from mailmanctl.
3504
3505 o bin/newlist grows a -l/--language option so that the list's
3506 preferred language can be set from the command line.
3507
3508 o cron changes: admin reminders go out at 8am local time instead
3509 of 10pm local time.
3510
3511 - Pipermail archiver
3512 o MIME attachments are scrubbed out into separate files which
3513 can be viewed by following a link in the original article.
3514 Article contains an indication of the size of the
3515 attachment, its type, and other useful information.
3516
3517 o New script bin/cleanarch which can be used to `clean' an
3518 .mbox archive file by fixing unescaped embedded Unix From_
3519 lines.
3520
3521 o New configuration variable ARCHIVE_SCRUBBER in
3522 Defaults.py.in which names the module that Pipermail should
3523 use to scrub articles of MIME attachments.
3524
3525 o New configuration variable ARCHIVE_HTML_SANITIZER which
3526 describes how the scrubber should handle text/html
3527 attachments.
3528
3529 o PUBLIC_ARCHIVE_URL has change its semantics. It is now an
3530 absolute url, with the hostname and listname parts
3531 interpolated into it on a per-list basis.
3532
3533 o Pipermail should now provide the proper character set in the
3534 Content-Type: header for archived articles.
3535
3536 - Internationalization
3537 o Czech translations by Dan Ohnesorg.
3538
3539 o The Hungarian charset has be fixed to be iso-8859-2.
3540
3541 o The member options login page now has a language selection
3542 widget.
3543
3544 - Building, configuration
3545 o email-0.96 package is required (see the misc directory).
3546
3547 o New recipes for integrating Mailman and Sendmail,
3548 contributed by David Champion.
3549
3550
3551 2.1 alpha 3 (22-Oct-2001)
3552
3553 - Realname support
3554 o Mailman now tracks a member's Real Name in addition to their
3555 email address.
3556
3557 o List members can now supply their Real Names when
3558 subscribing via the web. Their Real Names are parsed from
3559 any thru-email subscriptions.
3560
3561 o Members can change their Real Names on their options page,
3562 and admins can change members' Real Names on the membership
3563 pages. Mass subscribing accepts "email@dom.ain (Real Name)"
3564 and "Real Name <email@dom.ain>" entries, for both
3565 in-text-box and file-upload mass subscriptions.
3566
3567 - Filtering and Privacy
3568 o Reply-To: munging has been enhanced to allow a wider range
3569 of list policies. You can now pre-strip any Reply-To:
3570 headers before adding list-specific ones (i.e. you can
3571 override or extend existing Reply-To: headers). If
3572 stripping, the old headers are no longer saved on
3573 X-Reply-To:
3574
3575 o New sender moderation rules. The old `posters',
3576 `member_only_posting', `moderated' and `forbidden_posters'
3577 options have been removed in favor of a new moderation
3578 scheme. Each member has a personal moderation bit, and
3579 non-member postings can be automatically accepted, held for
3580 approval, rejected (bounced) or discarded.
3581
3582 o When membership rosters are private, responses to
3583 subscription (and other) requests are made more generic so
3584 that these processes can't be covertly mined for hidden
3585 addresses. If a subscription request comes in for a user
3586 who is already subscribed, the user is notified of potential
3587 membership mining.
3588
3589 o When a held message is approved via the admindb page, an
3590 X-Moderated: header is added to the message.
3591
3592 o List admins can now set an unsubscribe policy which requires
3593 them to approve of member unsubscriptions.
3594
3595 - Web U/I
3596 o All web confirmations now require a two-click procedure,
3597 where the first click gives them a page that allows them to
3598 confirm or cancel their subscription. It is bad form for an
3599 email click (HTTP GET) to have side effects.
3600
3601 o Lots of improvements for clarity.
3602
3603 o The Privacy category has grown three subcategories.
3604
3605 o The General options page as a number of subsection headers.
3606
3607 o The Passwords and Languages categories are now on separate
3608 admin pages.
3609
3610 o The admin subcategories are now formated as two columns in
3611 the top and bottom legends.
3612
3613 o When creating a list through the web, you can now specify
3614 the initial list of supported languages.
3615
3616 o The U/I for unsubscribing a member on the admin's membership
3617 page should be more intuitive now.
3618
3619 o There is now a separate configuration option for whether the
3620 goodbye_msg is sent when a member is unsubscribed.
3621
3622 - Performance
3623 o misc/mailman is a Unix init script, appropriate for
3624 /etc/init.d, and containing chkconfig hooks for systems that
3625 support it.
3626
3627 o bin/mailmanctl has been rewritten; the `restart' command
3628 actually works now. It now also accepts -s, -q, and -u
3629 options.
3630
3631 o bin/qrunner has been rewritten too; it can serve the role of
3632 the old cron/qrunner script for those who want classic
3633 cron-invoked mail delivery.
3634
3635 o Internally, messages are now stored in the qfiles directory
3636 primarily as pickles. List configuration databases are now
3637 stored as pickles too (i.e. config.pck). bin/dumpdb knows
3638 how to display both pickles and marshals.
3639
3640 - Mail delivery
3641 o If a user's message is held for approval, they are sent a
3642 notification message containing a confirmation cookie. They
3643 can use this confirmation cookie to cancel their own
3644 postings (if they haven't already been approved).
3645
3646 o When held messages are forwarded to an explicit address
3647 using the admindb page, it is done so in a message/rfc822
3648 encapsulation.
3649
3650 o When a message is first held for approval, the notification
3651 sent to the list admin is a 3-part multipart/mixed. The
3652 first part holds the notification message, the second part
3653 hold the original message, and the third part hold a cookie
3654 confirmation message, to which the admin can respond to
3655 approve or discard the message via email.
3656
3657 o In the mail->news gateway, you can define mail headers that
3658 must be modified or deleted before the message can be posted
3659 to the nntp server.
3660
3661 o The list admin can send an immediate urgent message to the
3662 entire list membership, bypassing digest delivery. This is
3663 done by adding an Urgent: header with the list password.
3664 Urgent messages with an invalid password are rejected.
3665
3666 o Lists can now optionally personalize email messages, if the
3667 site admin allows it. Personalized messages mean that the
3668 To: header includes the recipient's address instead of the
3669 list's address, and header and footer messages can contain
3670 user-specific information. Note that only regular
3671 deliveries can currently be personalized.
3672
3673 o Message that come from Usenet but that have broken MIME
3674 boundaries are ignored.
3675
3676 o If the site administrator agrees, list owners have the
3677 ability to disable RFC 2369 List-* headers.
3678
3679 o There is now an API for an external process to post a
3680 message to a list. This posting process can also specify an
3681 explicit list of recipients, in effect turning the mailing
3682 list into a "virtual list" with a fluid membership. See
3683 Mailman/Post.py for details.
3684
3685 - Building/testing/configuration
3686 o mimelib is no longer required, but you must install the
3687 email package (see the tarball in the misc directory).
3688
3689 o An (as yet) incomplete test suite has been added. Don't try
3690 running it in a production environment!
3691
3692 o Better virtual host support by adding a mapping from the
3693 host name given in cgi's HTTP_HOST/SERVER_NAME variable to
3694 the email host used in list addresses. (E.g. www.python.org
3695 maps to @python.org).
3696
3697 o Specifying urls to external public archivers is more
3698 flexible.
3699
3700 o The filters/ subdirectory has been removed.
3701
3702 o There is now a `site list' which is a mailing list that must
3703 be created first, and from which all password reminders
3704 appear to come from. It is recommended that this list be
3705 called "mailman@your.site".
3706
3707 o bin/move_list is no longer necessary (see the FAQ for
3708 detailed instructions on renaming a list).
3709
3710 o A new script bin/fix_url.py can be used with bin/withlist to
3711 change a list's web_page_url configuration variable (since
3712 it is no longer modifiable through the web).
3713
3714 - Internationalization
3715 o Support for German, Hungarian, Italian, Japanese, and
3716 Norwegian have been added.
3717
3718 - Miscellaneous
3719 o Lots of new bounce detectors. Bounce detectors can now
3720 discard temporary bounce messages by returning a special
3721 Stop value.
3722
3723 o bin/withlist now sports a -q/--quiet flag.
3724
3725 o bin/add_members has a new -a/--admin-notify flag which can
3726 be used to inhibit list owner notification for each
3727 subscription.
3728
3729 - Membership Adaptors
3730 o Internally, mailing list memberships are accessed through a
3731 MemberAdaptor interface. This would allow for integrating
3732 membership databases with external sources (e.g. Zope or
3733 LDAP), although the only MemberAdaptor currently implemented
3734 is a "classic" adaptor which stores the membership
3735 information on the MailList object.
3736
3737 o There's a new pipeline handler module called FileRecips.py
3738 which could be used to get all regular delivery mailing list
3739 recipients from a Sendmail-style :include: file (see List
3740 Extensibility bullet below).
3741
3742 This work was sponsored by Control.com
3743
3744 - List Extensibility
3745 o A framework has been added which can be used to specialize
3746 and extend specific mailing lists. If there is a file
3747 called lists/<yourlist>/extend.py, it is execfile()'d after
3748 the MailList object is instantiated. The file should
3749 contain a function extend() which will be called with the
3750 MailList instance. This function can do all sorts of deep
3751 things, like modify the handler pipeline just for this list,
3752 or even strip out particular admin GUI elements (see below).
3753
3754 o All the admin page GUI elements are now separate
3755 components. This provides greater flexibility for list
3756 customization. Also, each GUI element will be given an
3757 opportunity to handle admin CGI form data.
3758
3759 This work was sponsored by Control.com
3760
3761 - Topic Filters
3762 o A new feature has been added called "Topic Filters". A list
3763 administrator can create topics, which are essentially
3764 regular expression matches against Subject: and Keyword:
3765 headers (including such pseudo-headers if they appear in the
3766 first few lines of the body of a message).
3767
3768 List members can then `subscribe' to various topics, which
3769 allows them to filter out any messages that don't match a
3770 topic, or to filter out any message that does match a
3771 topic. This can be useful for high volume lists where not
3772 everyone will be interested in every message.
3773
3774 This work was sponsored by Control.com
3775
3776 2.1 alpha 2 (11-Jul-2001)
3777
3778 - Building
3779 o mimelib 0.4 is now required. Get it from
3780 http://mimelib.sf.net. If you've installed an earlier
3781 version of mimelib, you must upgrade.
3782
3783 o /usr/local/mailman is now the default installation
3784 directory. Use configure's --prefix switch to change it
3785 back to the default (/home/mailman) or any other
3786 installation directory of your choice.
3787
3788 - Security
3789 o Better definition of authentication domains. The following
3790 roles have been defined: user, list-admin, list-moderator,
3791 creator, site-admin.
3792
3793 o There is now a separate role of "list moderator", which has
3794 access to the pending requests (admindb) page, but not the
3795 list configuration pages.
3796
3797 o Subscription confirmations can now be performed via email or
3798 via URL. When a subscription is received, a unique (sha)
3799 confirm URL is generated in the confirmation message.
3800 Simply visiting this URL completes the subscription process.
3801
3802 o In a similar manner, removal requests (via web or email
3803 command) no longer require the password. If the correct
3804 password is given, the removal is performed immediately. If
3805 no password is given, then a confirmation message is
3806 generated.
3807
3808 - Internationalization
3809 o More I18N patches. The basic infrastructure should now be
3810 working correctly. Spanish templates and catalogs are
3811 included, and English, French, Hungarian, and Big5 templates
3812 are included.
3813
3814 o Cascading specializations and internationalization of
3815 templates. Templates are now search for in the following
3816 order: list-specific location, domain-specific location,
3817 site-wide location, global defaults. Each search location
3818 is further qualified by the language being displayed. This
3819 means that you only need to change the templates that are
3820 different from the global defaults.
3821
3822 Templates renamed: admlogin.txt => admlogin.html
3823 Templates added: private.html
3824
3825 - Web UI
3826 o Redesigned the user options page. It now sits behind an
3827 authentication so user options cannot be viewed without the
3828 proper password. The other advantage is that the user's
3829 password need not be entered on the options page to
3830 unsubscribe or change option values. The login screen also
3831 provides for password mail-back, and unsubscription w/
3832 confirmation.
3833
3834 Other new features accessible from the user options page
3835 include: ability to change email address (with confirmation)
3836 both per-list and globally for all list on virtual domain;
3837 global membership password changing; global mail delivery
3838 disable/enable; ability to suppress password reminders both
3839 per-list and globally; logout button.
3840
3841 [Note: the handle_opts cgi has gone away]
3842
3843 o Color schemes for non-template based web pages can be defined
3844 via mm_cfg.
3845
3846 o Redesign of the membership management page. The page is now
3847 split into three subcategories (Membership List, Mass
3848 Subscription, and Mass Removal). The Membership List
3849 subcategory now supports searching for member addresses by
3850 regular expression, and if necessary, it groups member
3851 addresses first alphabetically, and then by chunks.
3852
3853 Mass Subscription and Mass Removal now support file upload,
3854 with one address per line.
3855
3856 o Hyperlinks from the logos in the footers have been removed.
3857 The sponsors got too much "unsubscribe me!" spam from
3858 desperate user of Mailman at other sites.
3859
3860 o New buttons on the digest admin page to send a digest
3861 immediately (if it's non-empty), to start a new digest
3862 volume with the next digest, and to select the interval with
3863 which to automatically start a new digest volume (yearly,
3864 monthly, quarterly, weekly, daily).
3865
3866 DEFAULT_DIGEST_VOLUME_FREQUENCY is a new configuration
3867 variable, initially set to give a new digest volume monthly.
3868
3869 o Through-the-web list creation and removal, using a separate
3870 site-wide authentication role called the "list creator and
3871 destroyer" or simply "list creator". If the configuration
3872 variable OWNERS_CAN_DELETE_THEIR_OWN_LISTS is set to 1 (by
3873 default, it's 0), then list admins can delete their own
3874 lists.
3875
3876 This feature requires an adaptor for the particular MTA
3877 you're using. An adaptor for Postfix is included, as is a
3878 dumb adaptor that just emails mailman@yoursite with the
3879 necessary Sendmail style /etc/alias file changes. Some MTAs
3880 like Exim can be configured to automatically recognize new
3881 lists. The adaptor is selected via the MTA option in
3882 mm_cfg.py
3883
3884 - Email UI
3885 o In email commands, "join" is a synonym for
3886 "subscribe". "remove" and "leave" are synonyms for
3887 "unsubscribe". New robot addresses are support to make
3888 subscribing and unsubscribing much easier:
3889
3890 mylist-join@mysite
3891 mylist-leave@mysite
3892
3893 o Confirmation messages have a shortened Subject: header,
3894 containing just the word "confirm" and the confirmation
3895 cookie. This should help for MUAs that like to wrap long
3896 Subject: lines, messing up confirmation.
3897
3898 o Mailman now recognizes an Urgent: header, which, if it
3899 contains the list moderator or list administrator password,
3900 forces the message to be delivered immediately to all
3901 members (i.e. both regular and digest members). The message
3902 is also placed in the digest. If the password is incorrect,
3903 the message will be bounced back to the sender.
3904
3905 - Performance
3906 o Refinements to the new qrunner subsystem which preserves
3907 FIFO order of messages.
3908
3909 o The qrunner is no longer started from cron. It is started
3910 by a Un*x init-style script called bin/mailmanctl (see
3911 below). cron/qrunner has been removed.
3912
3913 - Command line scripts
3914 o bin/mailmanctl script added, which is used to start, stop,
3915 and restart the qrunner daemon.
3916
3917 o bin/qrunner script added which allows a single sub-qrunner
3918 to run once through its processing loop.
3919
3920 o bin/change_pw script added (eases mass changing of list
3921 passwords).
3922
3923 o bin/update grows a -f switch to force an update.
3924
3925 o bin/newlang renamed to bin/addlang; bin/rmlang removed.
3926
3927 o bin/mmsitepass has grown a -c option to set the list
3928 creator's password. The site-wide `create' web page is
3929 linked to from the admin overview page.
3930
3931 o bin/newlist's -o option is removed. This script also grows
3932 a way of spelling the creation of a list in a specific
3933 virtual domain.
3934
3935 o The `auto' script has been removed.
3936
3937 o bin/dumpdb has grown -m/--marshal and -p/--pickle options.
3938
3939 o bin/list_admins can be used to print the owners of a mailing list.
3940
3941 o bin/genaliases regenerates from scratch the aliases and
3942 aliases.db file for the Postfix MTA.
3943
3944 - Archiver
3945 o New archiver date clobbering option, which allows dates to
3946 only be clobber if they are outrageously out-of-date
3947 (default setting is 15 days on either side of received
3948 timestamp). New configuration variables:
3949
3950 ARCHIVER_CLOBBER_DATE_POLICY
3951 ARCHIVER_ALLOWABLE_SANE_DATE_SKEW
3952
3953 The archived copy of messages grows an X-List-Received-Date:
3954 header indicating the time the message was received by
3955 Mailman.
3956
3957 o PRIVATE_ARCHIVE_URL configuration variable is removed (this
3958 can be calculated on the fly, and removing it actually makes
3959 site configuration easier).
3960
3961 - Miscellaneous
3962 o Several new README's have been added.
3963
3964 o Most syslog entries for the qrunner have been redirected to
3965 logs/error.
3966
3967 o On SIGHUP, qrunner will re-open all its log files and
3968 restart all child processes. See "bin/mailmanctl restart".
3969
3970 - Patches and bug fixes
3971 o SF patches and bug fixes applied: 420396, 424389, 227694,
3972 426002, 401372 (partial), 401452.
3973
3974 o Fixes in 2.0.5 ported forward:
3975 Fix a lock stagnation problem that can result when the
3976 user hits the `stop' button on their browser during a
3977 write operation that can take a long time (e.g. hitting
3978 the membership management admin page).
3979
3980 o Fixes in 2.0.4 ported forward:
3981 Python 2.1 compatibility release. There were a few
3982 questionable constructs and uses of deprecated modules
3983 that caused annoying warnings when used with Python 2.1.
3984 This release quiets those warnings.
3985
3986 o Fixes in 2.0.3 ported forward:
3987 Bug fix release. There was a small typo in 2.0.2 in
3988 ListAdmin.py for approving an already subscribed member
3989 (thanks Thomas!). Also, an update to the OpenWall
3990 security workaround (contrib/securelinux_fix.py) was
3991 included. Thanks to Marc Merlin.
3992
3993 2.1 alpha 1 (04-Mar-2001)
3994
3995 - Python 2.0 or newer required. Also required is `mimelib' a new
3996 library for handling MIME documents. This will be bundled in
3997 future releases, but for now, you must download and install it
3998 (using Python's distutils) from
3999
4000 http://barry.wooz.org/software/Code/mimelib-0.2.tar.gz
4001
4002 You need mimelib 0.2 or better.
4003
4004 - Redesigned qrunner subsystem. Now there are multiple message
4005 queues, and considerable flexibility in file formats for
4006 integration with external systems. The current crop of queues
4007 include:
4008
4009 archive -- for posting messages to an archiver
4010 commands -- for incoming email commands and bounces
4011 in -- for list-destined incoming email
4012 news -- for messages outgoing to a nntp server
4013 out -- for messages outgoing to a smtp server
4014 shunt -- for messages that trigger unexpected exceptions in Mailman
4015 virgin -- for messages that are generated by Mailman
4016
4017 cron/qrunner is now a long running script that forks off
4018 sub-runners for each of the above queues. qrunner still plays
4019 nice with cron, but it is expected to be started by init at some
4020 point in the future. Some support exists for parallel
4021 processing of messages in the queues.
4022
4023 - Support for internationalization support merged in. Original
4024 work done by Juan Carlos Rey Anaya and Victoriano Giralt. I've
4025 tested about 90% of the web side, 50% of the email, and 50% of
4026 the command line / cron scripts.
4027
4028 New scripts: bin/newlang, bin/rmlang
4029
4030 - New delivery script `auto' for automatic integration with the
4031 Postfix MTA.
4032
4033 - A bunch of new bounce detectors.
4034
4035 Changes ported from Mailman 2.0.2 and 2.0.1:
4036
4037 - A fix for a potential privacy exploit where a clever list
4038 administrator could gain access to user passwords. This doesn't
4039 allow them to do much more harm to the user then they normally
4040 could, but they still shouldn't have access to the passwords.
4041
4042 - In the admindb page, don't complain when approving a
4043 subscription of someone who's already on the list (SF bug
4044 #222409 - Thomas Wouters).
4045
4046 Also, quote for HTML the Subject: text printed for held
4047 messages, otherwise messages with e.g. "Subject: </table>" could
4048 royally screw page formatting.
4049
4050 - Docstring fix bin/newlist to remove mention of "immediate"
4051 argument (Thomas Wouters).
4052
4053 - Fix for bin/update when PREFIX != VAR_PREFIX (SF bug #229794 --
4054 Thomas Wouters).
4055
4056 - Bug fix release, namely fixes a buglet in bin/withlist affecting
4057 the -l and -r flags; also a problem that can cause qrunner to
4058 stop processing mail after disk-full events (SourceForge bug
4059 127199).
4060
4061 2.0 final (21-Nov-2000)
4062
4063 No changes from rc3.
4064
4065 2.0 release candidate 3 (16-Nov-2000)
4066
4067 - By popular demand, Reply-To: munging policy is now to always
4068 override any Reply-To: header in the original message, if
4069 reply_goes_to_list is set to "This list" or "Explicit Address"
4070
4071 - bin/newlist given -q/--quiet flag instead of the <immediate>
4072 positional argument
4073
4074 - Hopefully last fix to DEFAULT_URL not ending in a slash
4075 sensitivity
4076
4077 - 2.0rc2 buglets fixed:
4078 o newlist argument parsing
4079 o updating with unlocked lists
4080 o HyperArch.py traceback when there's no
4081 Content-Transfer-Encoding: header
4082
4083 - SourceForge bugs fixed:
4084 122358 (qmail-to-mailman.py listname case folding)
4085
4086 - SourceForge patches applied:
4087 102373 (qmail-to-mailman.py listname case folding)
4088
4089 2.0 release candidate 2 (10-Nov-2000)
4090
4091 - Documentation updates: start in the doc/ directory.
4092
4093 - bin/withlist accepts additional command line arguments when used
4094 with the --run flag; bin/mmsitepass and bin/newlist accept
4095 -h/--help flags
4096
4097 - bin/newlist has a -o/--output flag to append /etc/aliases
4098 suggestions to a specified file
4099
4100 - SourceForge bugs fixed:
4101 116615 (README.BSD update), 117015 (duplicate messages on
4102 moderated posts), 117548 (exception in HyperArch.py), 117682
4103 (typos), 121185 (vsnprintf signature), 121591 and 122017
4104 (bogus link after web unsubscribe), 121811 (`subscribe' in
4105 Subject: doesn't get archived)
4106
4107 - SourceForge patches applied:
4108 101812 (securelinux_fix.py contrib), 102097 (fix for bug
4109 117548), 102211 (additional args for withlist), 102268 (case
4110 insensitive Content-Transfer-Encoding:)
4111
4112 2.0 release candidate 1 (23-Oct-2000)
4113
4114 - Bug fixes and security patches.
4115
4116 - Better html rendition of articles in non us-ascii charsets
4117 (Jeremy Hylton). See VERBATIM_ENCODING variable in
4118 Defaults.py.in for customization.
4119
4120 2.0 beta 6 (22-Sep-2000)
4121
4122 - Building
4123 o Tested with Python 1.5.2, Python 1.6, and Python 2.0 beta 1.
4124 Conducted on RH Linux 6.1 only, but should work
4125 cross-platform.
4126
4127 o Configure now accepts --with-username, --with-groupname,
4128 --with-var-prefix flags. See `configure --help' or the
4129 INSTALL file for details.
4130
4131 o Setting the CFLAGS environment variable before invoking
4132 configure now works.
4133
4134 o The icons are now copied into $prefix/icons at install time.
4135 Patch by David Champion.
4136
4137 - Standards
4138 o Compliance with RFC 2369 (List-*: headers). Patch by
4139 Darrell Fuhriman. List-ID: header is kept for historical
4140 reasons.
4141
4142 o Fixes by Jeremy Hylton to Pipermail in support of non-ASCII
4143 charsets, based on the Content-Type: and encoded-words in
4144 the original message. Mail headers are now decoded as per
4145 RFC 2047.
4146
4147 o Many more bounce formats are detected: Microsoft's SMTPSVC,
4148 Compuserve, GroupWise, SMTP32, and the more generic
4149 SimpleMatch (which catches lots of similar but slightly
4150 different formats).
4151
4152 - Defaults
4153 o Email addresses can now be obscured in Pipermail archives by
4154 setting mm_cfg.ARCHIVER_OBSCURES_EMAILADDRS to 1 (obscuring
4155 is turned off by default). Patch provided by Chris Snell.
4156
4157 o The default NNTP host can now be set by editing
4158 mm_cfg.DEFAULT_NNTP_HOST. Patch by David Champion.
4159
4160 o The default archiving mode (public/private) can now be set
4161 by editing mm_cfg.DEFAULT_ARCHIVE. Patch by Ted Cabeen.
4162
4163 - Web UI
4164 o The variable details pages in the administrators interface
4165 is now `live', i.e. there's a submit button on the details
4166 page.
4167
4168 o A link to the administrative interface is placed in the
4169 footer of the general user pages (authentication still
4170 required, of course!)
4171
4172 o The user options change results page has a link back to the
4173 user's main page.
4174
4175 o In the admindb page (for dealing with held postings), the
4176 default forward address is now listname-owner instead of
4177 listname-admin. This avoids bounce detection on the
4178 forwarded message.
4179
4180 - Miscellaneous
4181 o Fixed config.db corruption problem when disk-full errors are
4182 encountered.
4183
4184 o Command line scripts accept list names case-insensitively.
4185
4186 o bin/remove_members takes a -a flag to remove all members of
4187 a list in one fell swoop.
4188
4189 o List admin passwords must be non-empty.
4190
4191 o Mailman generated passwords are slightly more mnemonic, and
4192 shouldn't have confusing character selections (i.e. `i'
4193 only, but no `1' or `l').
4194
4195 o Crossposting to two gated mailing lists should be fixed.
4196
4197 o Many other bug fixes and minor web UI improvements.
4198
4199 2.0 beta 5 (01-Aug-2000)
4200
4201 - Bug fix release. This includes a fix for a small security hole
4202 which could be exploited to gain mailman group access by a local
4203 user (not a mail or web user).
4204
4205 - As part of the fix for the "cookie reauthorization" bug, only
4206 session cookies are used now. This means that administrative
4207 and private archive cookies expire only when the browser session
4208 is quit, however an explicit "Logout" button has been added.
4209
4210 2.0 beta 4 (06-Jul-2000)
4211
4212 - Bug fix release.
4213
4214 2.0 beta 3 (29-Jun-2000)
4215
4216 - Delivery mechanism (qrunner) refined to support immediate
4217 queuing, queuing directly from MTA, and queuing on any error
4218 along the delivery pipeline. This means 1) that huge lists
4219 can't time out the MTA's program delivery channel; 2) it is much
4220 harder to completely lose messages; 3) eventually, qrunner will
4221 be elaborated to meter delivery to the MTA so as not to swamp
4222 it. The tradeoff is in more disk I/O since every message coming
4223 into the system (and most that are generated by the system) live
4224 on disk for some part of their journey through Mailman.
4225
4226 For now, see the Default.py variables QRUNNER_PROCESS_LIFETIME
4227 and QRUNNER_MAX_MESSAGES for primitive resource management.
4228
4229 The API to the pipeline handler modules has changed. See
4230 Mailman/Handlers/HandlerAPI.py for details.
4231
4232 - Revamped admindb web page: held messages are split into headers
4233 and bodies so they are easier to vette; admins can now also
4234 preserve a held message (for spam evidence gathering) or forward
4235 the message to a specified email address; disposition of held
4236 messages can be deferred; held messages have a more context
4237 meaningful default rejection message.
4238
4239 - Change to the semantics for `acceptable_aliases' list
4240 configuration variable, based on suggestions by Harald Meland.
4241
4242 - New mm_cfg.py variables NNTP_USERNAME and NNTP_PASSWORD can be
4243 set on a site-wide basis if connection to your nntpd requires
4244 authentication.
4245
4246 - The list attribute `num_spawns' has been removed. The mm_cfg.py
4247 variables MAX_SPAWNS, and DEFAULT_NUM_SPAWNS removed too.
4248
4249 - LIST_LOCK_LIFETIME cranked to 5 hours and LIST_LOCK_TIMEOUT
4250 shortened to 10 seconds. QRUNNER_LOCK_LIFETIME cranked up to 10
4251 hours. This should decrease the changes for bogus and harmful
4252 lock breaking.
4253
4254 - Resent-to: is now one of the headers checked for explicit
4255 destinations.
4256
4257 - Tons more bounce formats are recognized. The API to the bounce
4258 modules has changed.
4259
4260 - A rewritten LockFile module which should fix most (hopefully all)
4261 bugs in the locking machinery. Many improvements suggested by
4262 Thomas Wouters and Harald Meland.
4263
4264 - Experimental support (disabled by default) for delivering SMTP
4265 chunks to the MTA via multiple threads. Your Python executable
4266 must have been compiled with thread support enabled, and you
4267 must set MAX_DELIVERY_THREADS in mm_cfg.py. Note that this may
4268 not improve your overall system performance.
4269
4270 - Some changes and additions to scripts: bin/find_member now
4271 supports a -w/--owner flag to match regexps against mailing list
4272 owners; bin/find_member now supports multiple regexps;
4273 cron/gate_news command line option changes; new script
4274 bin/dumbdb for debugging purposes; bin/clone_member can now also
4275 remove the old address and change change the list owner
4276 addresses.
4277
4278 - The News/Mail gateway admin page has a button that lets you do
4279 an explicit catchup of the newsgroup.
4280
4281 - The CVS repository has been moved out to SourceForge. For more
4282 information, see the project summary at
4283
4284 http://sourceforge.net/project/?group_id=103
4285
4286 - Lots 'o bug fixes and some performance improvements.
4287
4288 2.0 beta 2 (07-Apr-2000)
4289
4290 - Rewritten gate_news cron script which should be more efficient
4291 and avoid race and locking problems. Each list now maintains
4292 its own watermark, and when you use the admin CGI script to turn
4293 on gating from Usenet->mail, an automatic mass catch up is done
4294 to avoid flooding the mailing list. cron/gate_news's command
4295 line interface has also changed. See its docstring for
4296 details.
4297
4298 - A new cron script called qrunner has been added to retry message
4299 deliveries that fail because of temporary smtpd problems.
4300
4301 - New command line script called bin/list_lists which does exactly
4302 that: lists all the mailing lists on the system (much like the
4303 listinfo CGI does).
4304
4305 - bin/withlist is now directly executable, however if you want to
4306 use python -i, you must still explicitly invoke it.
4307 bin/withlist also now cleans up after itself by unlocking any
4308 locked lists. It does NOT save any dirty lists though - you
4309 must do this explicitly.
4310
4311 - $prefix permissions (and all subdirs) must now be 02775.
4312 bin/check_perms has been updated to fix all the subdir
4313 permissions.
4314
4315 - "make update" (a.k.a. bin/update) is run automatically when you
4316 do a "make install"
4317
4318 - The CGI driver script now puts information about the Python
4319 environment into the logs/error file (but not the diagnostic web
4320 page).
4321
4322 - Bug fixes and some performance improvements
4323
4324 2.0 beta 1 (19-Mar-2000)
4325
4326 - Python 1.5.2 (or newer) is now required.
4327
4328 - A new bundled auto-responder has been added. You can now
4329 configure an autoresponse text for each list's primary
4330 addresses:
4331
4332 listname@yourhost.com -- the general posting address
4333 listname-request@... -- the automated "request bot" address
4334 listname-admin@... -- the human administrator address
4335
4336 - The standard UI now includes three logos at the bottom of the
4337 page: Dragon's Mailman logo, the Python Powered logo, and the
4338 GNU logo. All point to their respective home pages.
4339
4340 - It is now possible to set the Reply-To: field on lists to an
4341 arbitrary address. NOTE: Reply-To: munging is generally
4342 considered harmful! However for some read-only lists, it is
4343 useful to direct replies to a parallel discussion list.
4344
4345 - There is a new message delivery architecture which uses a
4346 pipeline processor for incoming and internally generated
4347 messages. Mailman no longer contains a bundled bulk-mailer;
4348 instead message delivery is handled completely by the MTA. Most
4349 MTAs give a high enough priority to connections from the
4350 localhost that mail will not be lost because of system load, but
4351 this is not guaranteed (or handled) by Mailman currently. Be
4352 careful also if your smtpd is on a different host than the
4353 Mailman host. In practice, mail lossage has not be observed.
4354
4355 For this reason cron/run_queue is no longer needed (see the
4356 UPGRADING file for details).
4357
4358 Also, you can choose whether you want direct smtp delivery, or
4359 delivery via the command line to a sendmail-compatible daemon.
4360 You can also easily add your own delivery module. See
4361 Mailman/Defaults.py for details.
4362
4363 - A similar pipeline architecture for the parsing of bounce
4364 messages has been added. Most common bounce formats are now
4365 handled, including Qmail, Postfix, and DSN. It is now much
4366 easier to add new bounce detectors.
4367
4368 - The approval pending architecture has also been revamped.
4369 Subscription requests and message posts waiting for admin
4370 approval are no longer kept in the config.db file, but in a
4371 separate requests.db file instead.
4372
4373 - Finally made consistent the use of Sender:/From:/From_ in the
4374 matching of headers for such things as member-post-only. Now,
4375 if USE_ENVELOPE_SENDER is true, Sender: will always be chosen
4376 over From:, however the default has been changed to
4377 USE_ENVELOPE_SENDER false so that From: is always chosen over
4378 Sender:. In both cases, if no header is found, From_ (i.e. the
4379 envelope sender is used). Note that the variable is now
4380 misnamed! Most people want From: matching anyway and any are
4381 easily spoofable.
4382
4383 - New scripts bin/move_list, bin/config_list
4384
4385 - cron/upvolumes_yearly, cron/upvolumes_monthly, cron/archive,
4386 cron/run_queue all removed. Edit your crontab if you used these
4387 scripts. Other scripts removed: contact_transport, deliver,
4388 dumb_deliver.
4389
4390 - Several web UI improvements, especially in the admin page.
4391
4392 - Remove X-pmrqc: headers to prevent return reciepts for Pegasus
4393 mail users.
4394
4395 - Security patch when using external archivers.
4396
4397 - Honor "X-Archive: No" header by not putting this message in the
4398 archive.
4399
4400 - Changes to the log file format.
4401
4402 - The usual bug fixes.
4403
4404 1.1 (05-Nov-1999)
4405
4406 - All GIFs removed. See http://www.gnu.org/philosophy/gif.html
4407 for the reason why.
4408
4409 - Improvements to the Pipermail archiver which make things faster.
4410 Primary change is that the .txt files are not gzipped on every
4411 posted message. Instead, use the new cron script `nightly_gzip'
4412 to gzip the .txt file in batches (this means that the .txt file
4413 will lag behind the on-line archives a little).
4414
4415 - From the C drivers programs, Python is invoked with the -S
4416 option. This tells Python to avoid importing the site module,
4417 which can improve start up time of the Python process
4418 considerably. Note that the command line script invocation has
4419 not been changed.
4420
4421 - New configuration variables PUBLIC_EXTERNAL_ARCHIVER and
4422 PRIVATE_EXTERNAL_ARCHIVER which can contain a shell command
4423 string for os.popen(). This can be used to invoke an external
4424 archiver instead of the bundled Pipermail archiver. See
4425 Defaults.py for details.
4426
4427 - new script `bin/find_member' which can be used to search for a
4428 member by regular expression.
4429
4430 - More child processes are reaped, which should eliminate most
4431 occurrences of zombie processes.
4432
4433 - A few small miscellaneous bug fixes (including PR#99, PR#107)
4434 and improvements to the file locking algorithms.
4435
4436 1.0 (30-Jul-1999)
4437
4438 - Configure script now allows $PREFIX (by default /home/mailman)
4439 to be permissions 02755. Also, configure now tests for
4440 vsnprintf()
4441
4442 - Workaround, taken from GNU screen, for systems missing
4443 vsnprintf()
4444
4445 - Return-Receipt-To: and Disposition-Notification-To: headers are
4446 always removed from posted messages (they can be used to troll
4447 for list membership).
4448
4449 - Workaround for MSIE4.01 (and possibly other versions) bug in the
4450 handling of cookies.
4451
4452 - A small collection of other bug fixes.
4453
4454 1.0rc3 (10-Jul-1999)
4455
4456 - new script bin/check_perms which checks (and optionally fixes)
4457 the permissions and group ownerships of the files in your
4458 Mailman installation.
4459
4460 - Removed a bottleneck in the archiving code that was causing
4461 performance problems on highly loaded servers.
4462
4463 - The code that saves a list's state and configuration database
4464 has been made more robust.
4465
4466 - Additional exception handlers have been added in several places
4467 to alleviate problems with Mailman bombing out when it really
4468 would be better to print/log a helpful message.
4469
4470 - The "password" mail command will now mail back the sender's
4471 subscription password when given with no arguments.
4472
4473 - The embarrassing subject-prefixing bug present in rc2 has been
4474 fixed.
4475
4476 - A small (but nice :) collection of other squashed bugs.
4477
4478 1.0rc2 (14-Jun-1999)
4479
4480 - A security flaw in the CGI cookie mechanisms was discovered --
4481 the Mailman-issued cookies were easily spoofable, implying that
4482 e.g. admin access to all Mailman lists via the web interface
4483 could be compromised. This flaw has now been fixed.
4484
4485 - Handling of SMTP errors has been improved.
4486
4487 - Both "Mass Subscription" via web admin interface and
4488 bin/add_members have been greatly sped up.
4489
4490 - autoconf check for syslog has been revamped, and is now verified
4491 to work on SCO OpenServer 5. If syslog can't be found, the C
4492 wrappers will compile, but without any syslog calls.
4493
4494 - Various other bug fixes.
4495
4496 1.0rc1 (04-May-1999)
4497
4498 - There is a new Mailman logo, contributed by The Dragon De
4499 Monsyne. Please read the INSTALL file for information about
4500 installing the logo in a place your Web server can find it.
4501
4502 - USE_ENVELOPE_SENDER is now set to 0 by default. Turning this on
4503 caused problems for too many users; lists restricted to
4504 member-only posts were not matching the addresses correctly.
4505
4506 - A revamped bin/withlist to be a little more useful.
4507
4508 - A revamped cron/mailpasswds which groups users by virtual hosts.
4509
4510 - The usual assortment of bug fixes.
4511
4512 1.0b11 (03-Apr-1999)
4513
4514 - Bug fixes and improvements for case preservation of subscribed
4515 addresses. The DATA_FILE_VERSION has been bumped to 14.
4516
4517 - New script bin/withlist, useful for interactive debugging.
4518
4519 1.0b10 (26-Mar-1999)
4520
4521 - New script bin/sync_members which can be used to synchronize a
4522 list's membership against a flat (e.g. sendmail :include: style)
4523 file.
4524
4525 - bin/add_members and bin/remove_members now accept addresses on
4526 the command line with `-' as the value for the -d and -n
4527 options.
4528
4529 - Added variable USE_ENVELOPE_SENDER to Defaults.py for site-wide
4530 configuration of address matching scheme. With this variable
4531 set to true, the envelope sender (e.g. Unix "From_" header) is
4532 used to match addresses, otherwise the From: header is used.
4533 Envelope sender matching seems not to work on many systems.
4534 This variable is currently defaulted to 1, but may change to 0
4535 for the final release.
4536
4537 - Reorganization of the membership management admin page. Also
4538 member addresses are linked to their options page. Only the
4539 `General' category has the admin password change form.
4540
4541 - Major reorganization of email command handling and responses.
4542 `notmetoo' is the preferred email command instead of `norcv',
4543 although the latter is still accepted as an argument. If more
4544 than 5 errors are found in the message, command processing is
4545 halted.
4546
4547 - User options page now shows the user their case-preserved
4548 subscribed address as well.
4549
4550 - The usual assortment of bug fixes.
4551
4552 1.0b9 (01-Mar-1999)
4553
4554 - New bin scripts: clone_member, list_members, add_members (a
4555 consolidation of convertlist and populate_new_list which have
4556 been removed).
4557
4558 - Two new readmes have been added: README.LINUX and README.QMAIL
4559
4560 - New configure option --with-cgi-ext which can be used if your
4561 Web server requires extensions on CGI scripts. The extension
4562 must include a dot (e.g. --with-cgi-ext=".cgi").
4563
4564 - Many bug fixes, including the setgid problem that was causing
4565 mail to be lost on some versions of Linux.
4566
4567 1.0b8 (14-Jan-1999)
4568
4569 - Bug fixes and workarounds for certain Linuxes.
4570
4571 - Illegal addresses are no longer allowed to be subscribed, from
4572 any interface.
4573
4574 1.0b7 (31-Dec-1998)
4575
4576 - Many, many bug fixes. Some performance improvements for large
4577 lists. Some improvements in the Web interfaces. Some security
4578 improvements. Improved compatibility with Python 1.5.
4579
4580 - bin/convert_list and bin/populate_new_list have been replaced
4581 by bin/add_members.
4582
4583 - Admins can now get notification on subscriptions and
4584 unsubscriptions. Posts are now logged.
4585
4586 - The username portion of email addresses are now case-preserved
4587 for delivery purposes. All other address comparisions are
4588 case-insensitive.
4589
4590 - New default SMTP_MAX_RCPTS that limits the number of "RCPT TO"
4591 SMTP commands that can be given for a single message. Most
4592 MTAs have some hard limit.
4593
4594 - "Precedence: bulk" header and "List-id:" header are now added
4595 to all outgoing messages. The latter is not added if the
4596 message already has a "List-id:" header. See RFC 2046 and
4597 draft-chandhok-listid-02 for details.
4598
4599 - The standard (as of Python 1.5.2) smtplib.py is now used.
4600
4601 - The install process now compiles all the .py files in the
4602 installation.
4603
4604 - Versions of the Mailman papers given at IPC7 and LISA-98 are
4605 now included.
4606
4607 1.0b6 (07-Nov-1998)
4608
4609 - Archiving is (finally) back in.
4610
4611 - Administrivia filter added.
4612
4613 - Mail queue mechanism revamped with better concurrency control.
4614
4615 - For recipients that have estmp MTAs, set delivery notification
4616 status so that only delivery failure notices are sent out,
4617 inhibiting 4 hour and N day warning notices.
4618
4619 - Now expire old unconfirmed subscription requests, rather than
4620 keeping them forever.
4621
4622 - Added proposed standard List-Id: header, and our own
4623 X-MailmanVersion header.
4624
4625 - Prevent havoc from attempts to subscribe a list to itself. (!)
4626
4627 - Refine mail command processing to prevent loops.
4628
4629 - Pending subscription DB redone with better locking and cleaner
4630 interface.
4631
4632 - posters functionality expanded.
4633
4634 - Subscription policy more flexible, sensible, and
4635 site-configurable.
4636
4637 - Various and sundry bug fixes.
4638
4639 1.0b5 (27-Jul-1998)
4640
4641 - New file locking that should be portable and work w/ NFS.
4642
4643 - Better use of packages.
4644
4645 - Better error logging and reporting.
4646
4647 - Less startup overhead.
4648
4649 - Various and sundry bug fixes.
4650
4651
4652 1.0b4 (03-Jun-1998)
4653
4654 - A configure script for easy installation (Barry Warsaw)
4655
4656 - The ability to install Mailman to locations other than
4657 /home/mailman (Barry Warsaw)
4658
4659 - Use cookies on the admin pages (also hides admin pages from
4660 others) (Scott Cotton)
4661
4662 - Subscription requests send a request for confirmation, which may
4663 be done by simply replying to the message (Scott Cotton)
4664
4665 - Facilities for gating mail to a newsgroup, and for gating a
4666 newsgroup to a mailing list (John Viega)
4667
4668 - Contact the SMTP port instead of calling sendmail (primarily for
4669 portability) (John Viega)
4670
4671 - Changed all links on web pages to relative links where appropriate.
4672 (John Viega)
4673
4674 - Use MD5 if crypt is not available (John Viega)
4675
4676 - Lots of fixing up of bounce handling (Ken Manheimer)
4677
4678 - General UI polishing (Ken Manheimer)
4679
4680 - mm_html: Make it prominent when the user's delivery is disabled
4681 on his option page. (Ken Manheimer)
4682
4683 - mallist:DeleteMember() Delete the option setings if any. (Ken
4684 Manheimer)
4685
4686 1.0b3 (03-May-1998)
4687
4688 - mm_message:Deliverer.DeliverToList() added missing newline
4689 between the headers and message body. Without it, any sequence
4690 of initial body lines that _looked_ like headers ("Sir: Please
4691 excuse my impertinence, but") got treated like headers.
4692
4693 - Fixed typo which broke subscription acknowledgement message
4694 (thanks to janne sinkonen for pointing this out promptly after
4695 release). (Anyone who applied my intermediate patch will
4696 probably see this one trigger patch'es reversed-patch
4697 detector...)
4698
4699 - Fixed cgi-wrapper.c so it doesn't segfault when invoked with
4700 improper uid or gid, and generally wrappers are cleaned up a
4701 bit.
4702
4703 - Prevented delivery-failure notices for misdirected subscribe-
4704 confirmation requests from bouncing back to the -request addr,
4705 and then being treated as failing requests.
4706
4707 Implemented two measures. Set the reply-to for the
4708 confirmation- request to the -request addr, and the sender to be
4709 the list admin. This way, bounces go to list admin instead of
4710 to -request addr. (Using the errors-to header wasn't
4711 sufficient. Thanks, barry, for pointing out the use of sender
4712 here.) Second, ignore any mailcommands coming from postmaster
4713 or non-login system type accounts (mailer-daemon, daemon,
4714 postoffice, etc.)
4715
4716 - Reenabled admin setting of web_page_url - crucial for having
4717 lists use alternate names of a host that occupies multiple
4718 addresses.
4719
4720 - Fixed and refined admin-options help mechanism. Top-level visit
4721 to general-category (where the "general" isn't in the URL) was
4722 broken. New help presentation shows the same row that shows on
4723 the actual options page.
4724
4725 - cron/crontab.in crontab template had wrong name for senddigests.
4726
4727 - Default digest format setting, as distributed, is now non-MIME,
4728 on urging of reasoned voices asserting that there are still
4729 enough bad MIME implementations in the world to be a nuisance to
4730 too many users if MIME is the default. Sigh.
4731
4732 - MIME digests now preserve the structure of MIME postings,
4733 keeping attachments as attachments, etc. They also are more
4734 structured in general.
4735
4736 - Added README instructions explaining how to determine the right
4737 UID and GID settings for the wrapper executables, and improved
4738 some of the explanations about exploratory interaction
4739 w/mailman.
4740
4741 - Removed the constraint that subscribers have their domain
4742 included in a static list in the code. We might want to
4743 eventually reincorporate the check for the sake of a warning
4744 message, to give a heads up to the subscriber, but try delivery
4745 anyway...
4746
4747 - Added missing titles to error docs.
4748
4749 - Improved several help details, including particularly explaining
4750 better how real_name setting is used.
4751
4752 - Strengthened admonition against setting reply_goes_to_list.
4753
4754 - Added X-BeenThere header to postings for the sake of prevention
4755 of external mail loops.
4756
4757 - Improved handling of bounced messages to better recognize
4758 members address, and prevent duplicate attempts to react (which
4759 could cause superfluous notices to administrator).
4760
4761 - Added __delitem__ method to mm_message.OutgoingMessage, to fix
4762 the intermediate patch posted just before this one.
4763
4764 - Using keyword substitution format for more message text (ie,
4765 "substituting %(such)s into text" % {'such': "something"}) to
4766 make the substitutions less fragile and, presumably, easier to
4767 debug.
4768
4769 - Removed hardwired (and failure-prone) /tmp file logging from
4770 answer.majordomo_mail, and generally spiffed up following janne
4771 sinkkonen's lead.
4772
4773 1.0b2 (13-Apr-1998)
4774 1.0b1 (09-Apr-1998)
4775
4776 Web pages much more polished
4777 - Better organized, text more finely crafted
4778 - Easier, more refined layout
4779 - List info and admin interface overviews, enumerate all public lists
4780 (via, e.g., http://www.python.org/mailman/listinfo - sans the
4781 specific list)
4782 - Admin interface broken into sections, with help elaboration for
4783 complicated configuration options
4784
4785 Mailing List Archives
4786 - Integrated with a newer, *much* improved, external pipermail - to be
4787 found at http://starship.skyport.net/crew/amk/maintained/pipermail.html
4788 - Private archives protected with mailing list members passwords,
4789 cookie-fied.
4790
4791 Spam prevention
4792 - New spam prevention measures catch most if not all spam without
4793 operator intervention or general constraints on who can post to
4794 list:
4795 require_explicit_destination option imposes hold of any postings
4796 that do not have the list name in any of the to or cc header
4797 destination addresses. This catches the vast majority of random
4798 spam.
4799 Other options (forbidden_posters, bounce_matching_headers) provide
4800 for filtering of known transgressors.
4801 - Option obscure_addresses (default on) causes mailing list subscriber
4802 lists on the web to be slightly mangled so they're not directly
4803 recognizable as email address by web spiders, which might be
4804 seeking targets for spammers.
4805
4806 Site configuration arrangement organized - in mailman/mailman/modules:
4807 - When installing, create a mailman/modules/mm_cfg.py (if there's not
4808 one already there), using mm_cfg.py.dist as a template.
4809 mm_default.py contains the distributed defaults, including
4810 descriptions of the values. mm_cfg.py does a 'from mm_defaults.py
4811 import *' to get the distributed defaults. Include settings in
4812 mm_cfg.py for any values in mm_defaults.py that need to be
4813 customized for your site, after the 'from .. import *'.
4814 See mm_cfg.py.dist for more details.
4815
4816 Logging
4817 - Major operations (subscription, admin approval, bounce,
4818 digestification, cgi script failure tracebacks) logged in files
4819 using a reliable mechanism
4820 - Wrapper executables log authentication complaints via syslog
4821
4822 Wrappers
4823 - All cgi-script wrapper executables combined in a single source,
4824 easier to configure. (Mail and aliases wrappers separate.)
4825
4826 List structure version migration
4827 - Provision for automatic update of list structures when moving to a
4828 new version of the system. See modules/versions.py.
4829
4830 Code cleaning
4831 - Many more module docstrings, __version__ settings, more function
4832 docstrings.
4833 - Most unqualified exception catches have been replaced with more
4834 finely targeted catches, to avoid concealing bugs.
4835 - Lotsa long lines wrapped (pet peeve:).
4836
4837 Random details (not complete, sorry):
4838 - make archival frequency a list option
4839 - Option for daily digest dispatch, in addition to size threshhold
4840 - make sure users only get one periodic password notifcation message for
4841 all the lists they're on (repaired 1.0b1.1 varying-case mistake)
4842 - Fix rmlist sans-argument bug causing deletion of all lists!
4843 - doubled generated random passwords to four letters
4844 - Cleaned lots and lots of notices
4845 - Lots and lots of html page cleanup, including table-of-contents, etc
4846 - Admin options sections - don't do the "if so" if the ensuing list
4847 is empty
4848 - Prevent list subject-prefix cascade
4849 - Sources under CVS
4850 - Various spam filters - implicit-destination, header-field
4851 - Adjusted permissions for group access
4852 - Prevent redundant subscription from redundant vetted requests
4853 - Instituted centralize, robustish logging
4854 - Wrapper sources use syslog for logging (john viega)
4855 - Sorting of users done on presentation, not in list.
4856 - Edit options - give an error for non-existent users, not an options page.
4857 - Bounce handling - offer 'disable' option, instead of remove, and
4858 never remove without notifying admin
4859 - Moved subscribers off of listinfo (and made private lists visible
4860 modulo authentication)
4861 - Parameterize default digest headers and footers and create some
4862 - Put titles on cgi result pages that do not get titles (all?)
4863 - Option for immediate admin notifcation via email of pending
4864 requests, as well as periodic
4865 - Admin options web-page help
4866 - Enabled grouped and cascading lists despite implicit-name constraint
4867 - Changed subscribers list so it has its own script (roster)
4868 - Welcome pages: http://www.python.org/mailman/{admin,listinfo}/
4869
4870 0.95 (25-Jan-1997)
4871 - Fixed a bug in sending out digests added when adding disable mime option.
4872 - Added an option to not notify about bounced posts.
4873 - Added hook for pre-posting filters. These could be used to
4874 auto-strip signatures. I'm using the feature to auto-strip footers
4875 that are auto-generated by mail received from another mailing list.
4876
4877 0.94 (22-Jan-1997)
4878 - Made admin password work ubiquitously in place of a user password.
4879 - Added an interface for getting / setting user options.
4880 - Added user option to disable mime digests (digested people only)
4881 - Added user option to not receive your own posts (nondigested people only)
4882 - Added user option to ack posts
4883 - Added user option to disable list delivery to their box.
4884 - Added web interface to user options
4885 - Config number of sendmail spawns on a per-list basis
4886 - Fixed extra space at beginning of each message in digests...
4887 - Handled comma separated emails in bounce messages...
4888 - Added a FindUser() function to MailList. Used it where appropriate.
4889 - Added mail interface to setting list options.
4890 - Added name links to the templates options page
4891 - Added an option so people can hide their names from the subscription list.
4892 - Added an answer_majordomo_mail script for people switching...
4893
4894 0.93 (18/20-Jan-1997)
4895 - When delivering to list, don't call sendmail directly. Write to a file,
4896 and then run the new deliver script, which forks and exits in the parent
4897 immediately to avoid hanging when delivering mail for large lists, so that
4898 large lists don't spend a lot of time locked.
4899 - GetSender() no longer assumes that you don't have an owner-xxx address.
4900 - Fixed unsubscribing via mail.
4901 - Made subscribe via mail generate a password if you don't supply one.
4902 - Added an option to clobber the date in the archives to the date the list
4903 resent the post, so that the archive doesn't get mail from people sending
4904 bad dates clumped up at the beginning or end.
4905 - Added automatic error message processing as an option. Currently
4906 logging to /tmp/bounce.log
4907 - Changed archive to take a list as an argument, (the old way was broken)
4908 - Remove (ignore) spaces in email addresses
4909 - Allow user passwords to be case insensitive.
4910 - Removed the cleanup script since it was now redundant.
4911 - Fixed archives if there were no archives.
4912 - Added a Lock() call to Load() and Create(). This fixes the
4913 problem of loading then locking.
4914 - Removed all occurances of Lock() except for the ones in mailing
4915 list since creating a list
4916 now implicitly locks it.
4917 - Quote single periods in message text.
4918 - Made bounce system handle digest users fairly.
4919
4920 0.92 (13/16-Jan-1997)
4921 - Added Lock and Unlock methods to list to ensure each operation is atomic
4922 - Added a cmd that rms all files of a mailing list (but not the aliases)
4923 - Fixed subscribing an unknown user@localhost (confirm this)
4924 - Changed the sender to list-admin@... to ensure we avoid mail loops.
4925 - check to make sure there are msgs to archive before calling pipermail.
4926 - started using this w/ real mailing lists.
4927 - Added a cron script that scours the maillog for User/Host unknown errs
4928 - Sort membership lists
4929 - Always display digest_is_default option
4930 - Don't slam the TO list unless you're sending a digest.
4931 - When making digest summaries, if missing sender name, use their email.
4932 - Hacked in some protection against crappy dates in pipermail.py
4933 - Made it so archive/digest volumes can go up monthly for large large lists.
4934 - Number digest messages
4935 - Add headers/footers to each message in digest for braindead mailers
4936 - I removed some forgotten debug statements that caused server errors
4937 when a CGI script sent mail.
4938 - Removed loose_matches flag, since everything used it.
4939 - Fixed a problem in pipermail if there was no From line.
4940 - In upvolume_ scripts, remove INDEX files as we leave a volume.
4941 - Threw a couple of scripts in bin for generating archives from majordomo's
4942 digest-archives. I wouldn't recommend them for the layman, though, they
4943 were meant to do a job quickly, not to be usable.
4944
4945 0.91 (23-Dec-1996)
4946 - broke code into mixins for managability
4947 - tag parsing instead of lots of gsubs
4948 - tweaked pipermail (see comments on pipermail header)
4949 - templates are now on a per-list basis as intended.
4950 - request over web that your password be emailed to you.
4951 - option so that web subscriptions require email confirmation.
4952 - wrote a first pass at an admin interface to configurable variables.
4953 - made digests mime-compliant.
4954 - added a FakeFile class that simulates enough of a file object on a
4955 string of text to fool rfc822.Message in non-seek mode.
4956 - changed OutgoingMessage not to require its args in constructor.
4957 - added an admin request DB interface.
4958 - clearly separated the internal name from the real name.
4959 - replaced lots of ugly, redundant code w/ nice code.
4960 (added Get...Email() interfaces, GetScriptURL, etc...)
4961 - Wrote a lot of pretty html formatting functions / classes.
4962 - Fleshed out the newlist command a lot. It now mails the new list
4963 admin, and auto-updates the aliases file.
4964 - Made multiple owners acceptable.
4965 - Non-advertised lists, closed lists, max header length, max msg length
4966 - Allowed editing templates from list admin pages.
4967 - You can get to your info page from the web even if the list is closed.
4968
4969 �
4970 Local Variables:
4971 mode: indented-text
4972 indent-tabs-mode: nil
4973 End: