Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RELEASED Mailman 2.0.12

0 views
Skip to first unread message

Barry A. Warsaw

unread,
Jul 11, 2002, 3:46:35 PM7/11/02
to

I've released version 2.0.12 of Mailman, the GNU Mailing List Manager.
Mailman is released under the GNU General Public License (GPL).
Version 2.0.12 fixes a cross-site scripting vulnerability among other
changes. I recommend that folks upgrade their 2.0.x systems to this
new version. See below for a NEWS file excerpt.

GNU Mailman is software to help manage electronic mail discussion
lists. Mailman gives each mailing list a unique web page and allows
users to subscribe, unsubscribe, and change their account options over
the web. Even the list manager can administer his or her list
entirely via the web. Mailman has most of the features that people
want in a mailing list management system, including built-in
archiving, mail-to-news gateways, spam filters, bounce detection,
digest delivery, and so on.

Mailman is compatible with most web servers, web browsers, and mail
servers. It runs on any Unix-like operating system. Mailman 2.0.11
requires Python 1.5.2 or newer. To install Mailman from source, you
will need a C compiler.

For more information on Mailman, including links to file downloads,
please see any of the Mailman mirror web pages:

http://www.gnu.org/software/mailman
http://mailman.sourceforge.net
http://www.list.org

Patches and source tarballs are available at

http://sourceforge.net/project/showfiles.php?group_id=103

There are email lists (managed by Mailman, of course!) for both
Mailman users and developers. See the web sites above for details.

Cheers,
-Barry

-------------------- snip snip --------------------
2.0.12 (02-Jul-2002)

- Implemented a guard against some reply loops and 'bot
subscription attacks. Specifically, if a message to -request
has a Precedence: bulk (or list, or junk) header, the command is
ignored. Well-behaved 'bots should always include such a
header.

- Changes to the configure script so that you can pass in the mail
host and web host by setting the environment variables MAILHOST
and WWWHOST respectively. configure will also exit if it can't
figure out these values (usually due to broken dns).

- Closed another minor cross-site scripting vulnerability.


0 new messages