I have just tagged release 0.3.12 on Github for container images for
Mailman 3. This release includes the fix for CVE-2021-40347 that was
announced earlier today. For the folks using 0.3 or 0.3.11 release tags,
it is highly recommended that you upgrade to this release.
This release also bumps the version of Mailman Core to 3.3.4,
Mailmanclient to 3.3.3 and Django-mailman3 to 1.3.7.
Note that is since the main and v0.3.12 branches are different in many
ways, the default documentation and the docker-compose.yaml files in
the main branch aren't accurate if you are using the stable release.
Please refer to the README at v0.3.12 tag in the Github repo for more
accurate docker-compose.yaml and documentation.
The project has grown large enough that we need to start versioning the
documentation, if someone has experience with versioning docs using
Github pages and mkdocs, then I very much need some help here!
For those of you who are using the rolling release, it is recommended
that you **don't** upgrade to this stable release. The fixes have been
pulled into the rolling tags too, so just make sure that you upgrade to
the latest published version of rolling release, which as of this
writing should be based off on fda837f8d15540e190992c30f7971f50fca54dac
commit. This might not be the latest by the time you upgrade if I add
a new commit, so look for versions published after 4:00 PM PST 9/5/2021.
I am also working on cutting a new release, 0.4.0, which is backwards
incompatible with the setup required to talk to web server and MTA
(hence the minor version bump!). That should bring the rolling releases
and stable releases closer to each other and add improvements around not
needing static IPs in the docker network anymore, plus several bug fixes.
If someone wants to test the upgrade to 0.4.0 from 0.3 release and is
willing to try out the instructions at , it would give me some
confidence in cutting out the release sooner. The only thing stopping
the release of 0.4.0 images is that I haven't verified if the upgrade
from 0.3 is documented enough or not.
For all the registries listed in README, I am still trying to push to
Quay (maybe I need to just skip pushing to Quay :-). So, just use the
other two to pull the images, Github (ghcr.io) has more generous pull
download policy for un-authenticated users though.
Abhilash Raj (maxking)
Mailman-Developers mailing list -- email@example.com
To unsubscribe send an email to mailman-developers-le...@python.org
Mailman FAQ: https://wiki.list.org/x/AgA3
Security Policy: https://wiki.list.org/x/QIA9