I think the issue is that python3-django-hyperkitty 1.3.5-1 has this change: Pass the secret archiver key in a HTTP Authorization header instead of a GET query parameter so it doesn’t appear in logs. (CVE-2021-35058, Closes #387)
See also: https://lists.mailman3.org/archives/list/mailman-us...@mailman3.org/thread/WSUEPQL6PX52Y7XVWYSSGJJXC7E3F6FG/ So to upgrade to python3-django-hyperkitty 1.3.5-1 you must also upgrade python3-mailman-hyperkitty to 1.2.0; version 1.1.10 should conflict with python3-django-hyperkitty versions < 1.3.5 -- Dr Peter Chubb https://trustworthy.systems/ Trustworthy Systems Group CSE, UNSW