Hi,
I put together a tarball for Mailman 2.1.6 beta 3 and placed on my Japanese Mailman site at:
http://mm.tkikuchi.net/mailman-2.1.6b3.tgz
This is the third beta release of 2.1.6 which are roughly scheduled to be released by the end of February. Please grab it from above site and upgrade your mailman.
Change from 2.1.6b2 are mainly to fix the directory traversal vulnerability CVE number CAN-2005-0202 http://www.list.org/security.html
Here is excerpt from NEWS file:
2.1.6 (XX-XXX-200X)
- Critical security patch for path traversal vulnerability in private
archive script (CAN-2005-0202).- Date and Message-Id headers are added for digests. (1116952)
- List owners can now cusomize the non-member rejection notice from
admin/<listname>/privacy/sender page. (1107169) - Most of the installation instructions have been moved to a latex
document. See admin/www/mailman-install/index.html for details.- VERP_PROBES is disabled by default.
- bin/withlist can be run without a list name, but only if -i is given.
Also, withlist puts the directory it's found in at the end of sys.path,
making it easier to run withlist scripts that live in $prefix/bin.
- bin/newlist grew two new options: -u/--urlhost and -e/--emailhost which
lets the user provide the web and email hostnames for the new mailing
list. This is a better way to specify the domain for the list, rather
than the old '[EMAIL PROTECTED]' syntax (which is still supported for
backward compatibility, but deprecated).
- Added the ability for Mailman generated passwords (both member and list
admin) to be more cryptographically secure. See new configuration
variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and
ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called
reset_pw.py which can be used to reset all member passwords. Passwords
generated by Mailman are now 8 characters by default for members, and 10
characters for list administrators.
- Allow editing of the welcome message from the admin page (1085501).
- A potential cross-site scripting hole in the driver script has been
closed. Thanks to Florian Weimer for its discovery. Also, turn
STEALTH_MODE on by default.- Chinese languages moved from 'big5' and 'gb' to 'zh_TW' and 'zh_CN'
respectively for compliance to the IANA spec. Note that neither language
is supported yet.
- Python 2.4 compatibility issue: time.strftime() became strict about the
'day of year' range. (1078482)
- New feature: automatic discards of held messages. List owners can now
set how many days to hold the messages in the moderator request queue.
cron/checkdb will automatically discard old messages. (790494)
- Improved mail address sanity check. (1030228)
- SpamDetect.py now checks attachment header. (1026977)
- New feature: subject_prefix can be configured to include a sequence
number which is taken from the post_id variable. Also, the prefix is
always put at the start of the subject, i.e. "[list-name] Re: original
subject", if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style
is "Re: [list-name]" if numbering is not set, for backward compatibility.
If the list owner is using numbering feature by "%d" directive, the new
style, "[list-name 123] Re:", is always used.
- List owners can now use Scrubber to get the attachments scrubbed (held
in the web archive), if the site admin permits it in mm_cfg.py. New
variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and
SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber
behavior. (904850)
- Filter attachments by filename extensions. (1027882)
- Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/
1020013 (fix spam filter removed), 665569 (newer Postfix bounce
detection), 970383 (moderator -1 admin requests pending), 873035
(subject handling in -request mail), 799166/946554 (makefile
compatibility), 872068 (add header/footer via unicode), 1032434
(KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015
(fix pipermail URL), 948152 (Out of date link on Docs), 1099138
(Scrubber.py breaks on None part), 1099840/1099840 (deprecated %
insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd
reminder shunted), 1112349 (case insensitivity in acceptable_aliases)
-- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
