[Mailman-Users] is log4j2 leveraged in Mailman version 2.1.14-1?

[John Lake]

Good morning and Happy Friday!

You may have seen this exploit announcement today, our IT department at the 
university is in triage mode:

https://www.lunasec.io/docs/blog/log4j-zero-day/#affected-apache-log4j2-versions

Does Mailman version 2.1.14-1 utilize Java logging library log4j2 and if so, 
what version does it use?

These are the affected versions:  Affected Apache log4j2 
Versions​

2.0 <= Apache log4j <= 2.14.1

Thanks in advance for your input!

John
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

[David Gibbs via Mailman-Users]

On Fri, Dec 10, 2021 at 2:40 PM John Lake  wrote:
> Does Mailman version 2.1.14-1 utilize Java logging library log4j2 and if so, 
> what version does it use?

Mailman is written in python ... it doesn't use java libraries at all.

david

-- 
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding in the American Diabetes Association's Tour de Cure to
raise money for diabetes research, education, advocacy, and awareness.
You can make a tax-deductible donation to my ride by visiting
https://mideml.diabetessucks.net.

You can see where my donations come from by visiting my interactive
donation map ... https://mideml.diabetessucks.net/map (it's a geeky
thing).

I may have diabetes, but diabetes doesn't have me!
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

[Carl Zwanzig]

On 12/10/2021 1:00 PM, David Gibbs via Mailman-Users wrote:

On Fri, Dec 10, 2021 at 2:40 PM John Lake  wrote:

Does Mailman version 2.1.14-1 utilize Java logging library log4j2 and if so, 
what version does it use?


Mailman is written in python ... it doesn't use java libraries at all.


And if they're still running 2.1.14, they have a heap of other security holes.

Later,

z!


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

[John Lake]

@David Gibbs--thanks!  That was my assumption but I appreciate the feedback and 
confirmation.  @Carl Zwanzig--  excellent point, I've inherited this older 
version of Mailman and its definitely on my maintenance debt list to upgrade to 
ver 3+.  😊

Thanks again,

John

-Original Message-
From: Carl Zwanzig  
Sent: Friday, December 10, 2021 1:04 PM
To: mailman-users@python.org
Subject: [Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

On 12/10/2021 1:00 PM, David Gibbs via Mailman-Users wrote:
> On Fri, Dec 10, 2021 at 2:40 PM John Lake  wrote:
>> Does Mailman version 2.1.14-1 utilize Java logging library log4j2 and if so, 
>> what version does it use?
> 
> Mailman is written in python ... it doesn't use java libraries at all.

And if they're still running 2.1.14, they have a heap of other security holes.

Later,

z!


--
Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an 
email to mailman-users-le...@python.org 
https://urldefense.com/v3/__https://mail.python.org/mailman3/lists/mailman-users.python.org/__;!!C5qS4YX3!WOudWrcT3hkLhaLl57fny4AfTwWh9bBOSV_Clb4wonoM-fgz2ZdVxUaJ3DKIv9UGqSg$
Mailman FAQ: 
https://urldefense.com/v3/__http://wiki.list.org/x/AgA3__;!!C5qS4YX3!WOudWrcT3hkLhaLl57fny4AfTwWh9bBOSV_Clb4wonoM-fgz2ZdVxUaJ3DKIyVL4ORY$
Security Policy: 
https://urldefense.com/v3/__http://wiki.list.org/x/QIA9__;!!C5qS4YX3!WOudWrcT3hkLhaLl57fny4AfTwWh9bBOSV_Clb4wonoM-fgz2ZdVxUaJ3DKIv3iF_H8$
Searchable Archives: 
https://urldefense.com/v3/__https://www.mail-archive.com/mailman-users@python.org/__;!!C5qS4YX3!WOudWrcT3hkLhaLl57fny4AfTwWh9bBOSV_Clb4wonoM-fgz2ZdVxUaJ3DKIdtwp_Us$
 

https://urldefense.com/v3/__https://mail.python.org/archives/list/mailman-users@python.org/__;!!C5qS4YX3!WOudWrcT3hkLhaLl57fny4AfTwWh9bBOSV_Clb4wonoM-fgz2ZdVxUaJ3DKI2F3RLZg$
 
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

[Carl Zwanzig]

On 12/10/2021 1:28 PM, John Lake wrote:

@Carl Zwanzig--  excellent point, I've inherited this older version of
Mailman and its definitely on my maintenance debt list to upgrade to ver
3+.  😊
You can upgrade to 2.1.current(35?) quite easily, might take an hour :D. 
Highly recommended.


z!

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

[John Lake]

Good to know!  I'll move this up to the front burner.  ; )

-Original Message-
From: Carl Zwanzig  
Sent: Friday, December 10, 2021 1:39 PM
To: mailman-users@python.org
Subject: [Mailman-Users] Re: is log4j2 leveraged in Mailman version 2.1.14-1?

On 12/10/2021 1:28 PM, John Lake wrote:
> @Carl Zwanzig--  excellent point, I've inherited this older version of 
> Mailman and its definitely on my maintenance debt list to upgrade to 
> ver
> 3+.  😊
You can upgrade to 2.1.current(35?) quite easily, might take an hour :D. 
Highly recommended.

z!

--
Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an 
email to mailman-users-le...@python.org 
https://urldefense.com/v3/__https://mail.python.org/mailman3/lists/mailman-users.python.org/__;!!C5qS4YX3!QL34ZLV-sNVxIYfQvlsFACF8DGrVI5f74fTuXL2Fh5gckhsBzsgJijKXZb11bsS9WmA$
Mailman FAQ: 
https://urldefense.com/v3/__http://wiki.list.org/x/AgA3__;!!C5qS4YX3!QL34ZLV-sNVxIYfQvlsFACF8DGrVI5f74fTuXL2Fh5gckhsBzsgJijKXZb117IHpXXE$
Security Policy: 
https://urldefense.com/v3/__http://wiki.list.org/x/QIA9__;!!C5qS4YX3!QL34ZLV-sNVxIYfQvlsFACF8DGrVI5f74fTuXL2Fh5gckhsBzsgJijKXZb11MuYZSWs$
Searchable Archives: 
https://urldefense.com/v3/__https://www.mail-archive.com/mailman-users@python.org/__;!!C5qS4YX3!QL34ZLV-sNVxIYfQvlsFACF8DGrVI5f74fTuXL2Fh5gckhsBzsgJijKXZb11nrmdokI$
 

https://urldefense.com/v3/__https://mail.python.org/archives/list/mailman-users@python.org/__;!!C5qS4YX3!QL34ZLV-sNVxIYfQvlsFACF8DGrVI5f74fTuXL2Fh5gckhsBzsgJijKXZb11AyIvGGM$
 
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] OFF-TOPIC: Free Tickets for InboxExpo

[Kevin A. McGrail]

Hello All,

I'm giving the keynote at the 3rd SparkPost InboxExpo�on Dec 14th in 
Valencia Spain at 9AM Central European Time.�This event is perhaps the 
largest scale event for the email industry AND the first 30 people can 
register at https://inboxexpo.com/KAM/ or PM me for a free online promo 
code.



I hope you can make it, heckle me, and share this event dedicated to Ray 
Tomlinson and 50 years of email! #QWERTYUIOP 



Free tickets too good to be tree?�InboxExpo could use your support.�I 
donated $100 and hope you might donate a few bucks and attend the hybrid 
event. https://lnkd.in/d27B96Tw & https://lnkd.in/dEKwZ3vr


P.S.: Spammers Suck #KAM 
 
#INBOXEXPO 



Regards,

KAM

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: {Spam?} in subject lines.

[Stephen J. Turnbull]

Barry S. Finkel writes:

 > Mailman has no method for changing the Subject: line.

As you see above, Mailman sure does have a method for changing the
Subject field. :-)

The problem is that stock Mailman has no idea whether something is
spam or not, so neither adding nor removing spam tags makes sense, and
it does not try.  If you add Handler to get that information, then it
can handle the subject line, too.

But this is better done in the MTA for many reasons.

Steve



--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/