[Mailman-Announce] Mailman 2.1.33 released.

Thu, 07 May 2020 12:20:26 -0700 

For the third time in as many days I have released a new Mailman 2.1
version. This one is 2.1.33 and fixes another content injection
vulnerability. See the attached README.txt and the bug report at
https://bugs.launchpad.net/mailman/+bug/1877379 for details.

Again, for those who don't want to install the full update, the above
bug report contains a simple patch to fix the security issue.

As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1
branch from the GNU Mailman project. There has been some discussion as
to what this means. It means there will be no more releases from the GNU
Mailman project containing any new features. There may be future patch
releases to address the following:

    i18n updates.
    security issues.
    bugs affecting operation for which no satisfactory workaround exists.

Mailman 2.1.31 is the first such patch release, Mailman 2.1.32 is the
second and Mailman 2.1.33 is the third.

Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, please see our web site at one of:

http://www.list.org
https://www.gnu.org/software/mailman
http://mailman.sourceforge.net/

Mailman 2.1.33 can be downloaded from

https://launchpad.net/mailman/2.1/
https://ftp.gnu.org/gnu/mailman/
https://sourceforge.net/projects/mailman/

-- 
Mark Sapiro <m...@msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed.  (LP: #1877379)

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and uptated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed.  (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Mailman-announce mailing list -- mailman-announce@python.org
To unsubscribe send an email to mailman-announce-le...@python.org
https://mail.python.org/mailman3/lists/mailman-announce.python.org/
Member address: arch...@mail-archive.com

Reply via email to