-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I plan to release a Mailman 2.1.14 candidate release towards the end of next week (Sept 9 or 10). This release will have enhanced XSS defenses addressing two recently discovered vulnerabilities. Since release of the code will potentially expose the vulnerabilities, I plan to publish a patch against the 2.1.13 base with the fix before actually releasing the 2.1.14 candidate.
I will post the patch to the same 4 lists that this post is being sent to in the early afternoon, GMT, on September 9. The vulnerabilities are obscure and can only be exploited by a list owner, but if you are concerned about them you can plan to install the patch. The patch is small (34 line diff), only affects two modules and doesn't require a Mailman restart to be effective, although I would recommend a restart as soon as convenient after applying the patch. - -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFMgutpVVuXXpU7hpMRAsX1AJ48C0RxSpV7r9lg3J0V7OTs44ISqgCgn1wX LZ5RkuGLo0r04eDNYOBDYpo= =gscN -----END PGP SIGNATURE----- ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org