Re: [Mailman-Users] Mailman CSRF Vulnerability

Lindsay Haisley writes: > Probably what I'm talking about. Hmm... This is a good sign! > I only partially understand this, Mark. I'll need to sit down and study > it. Thanks! Do it soon. It's as easy as you think it is. Modern VCSes are good at this. "VCS means never having to say 'I'm f

Re: [Mailman-Users] Mailman CSRF Vulnerability

On Thu, 2018-01-11 at 11:36 -0800, Mark Sapiro wrote: > On 01/10/2018 08:47 PM, Lindsay Haisley wrote: > > > > > > Upgrading MM2 here is a bit of a PITA since I have to do a lot of > > patching to support the hacks I've done to MM over the years. > > FWIW, the way I handle this is in the beginni

Re: [Mailman-Users] Mailman CSRF Vulnerability

On 01/10/2018 08:47 PM, Lindsay Haisley wrote: > > Upgrading MM2 here is a bit of a PITA since I have to do a lot of > patching to support the hacks I've done to MM over the years. FWIW, the way I handle this is in the beginning, my production Mailman starts as a clone of the bzr branch at

Re: [Mailman-Users] Mailman CSRF Vulnerability

On Tue, 2018-01-09 at 09:10 -0800, Mark Sapiro wrote: > See . The comment > thread contains a link to a patch to fix versions >= 2.1.15 and <= > 2.1.22, however the version "2.1.18-1" indicates this is some distro's > package and the patch may have a

Re: [Mailman-Users] Mailman CSRF Vulnerability

On 01/08/2018 09:43 PM, Lindsay Haisley wrote: > I just installed a new list on MM 2.1.18-1 and one of the sharper folks > on a related FB group noted that there is, or had been a CSRF > vulnerability on some versions of MM2. A little research turned up >

[Mailman-Users] Mailman CSRF Vulnerability

I just installed a new list on MM 2.1.18-1 and one of the sharper folks on a related FB group noted that there is, or had been a CSRF vulnerability on some versions of MM2. A little research turned up  in which Mark states that this has been fixed sin