On Feb 06, 2015, at 09:22 AM, Andrew Stuart wrote: >Does the code of Mailman 3, Hyperkitty and Postorius do anything to address >concerns around SQL and JavaScript injections, either from inbound emails or >via the fields coming in via web interface or REST API?
The core does not. It doesn't expose a public web or REST interface. I'm not aware of any email command vulnerabilities. Cheers, -Barry _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
