Re: [Mailman-Users] Mailman 2.1.27 released

2018-06-25 Thread Mark Sapiro 
On 6/25/18 11:27 AM, Richard Johnson wrote:
> I see I'm still running 2.1.22.  I'd like to upgrade to 2.1.27, however.  Is 
> there a document with instructions on how to upgrade?


See the UPGRADING document in the tarball or at
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Mailman 2.1.27 released

2018-06-25 Thread Richard Johnson 
I see I'm still running 2.1.22.  I'd like to upgrade to 2.1.27, however.  Is 
there a document with instructions on how to upgrade?

Thanks!

/raj

> On Jun 22, 2018, at 10:37 AM, Mark Sapiro  wrote:
> 
> I am pleased to announce the release of Mailman 2.1.27.
> 
> Python 2.6 is the minimum supported, but Python 2.7 is strongly recommended.
> 
> This is a routine bug fix release with a few new features and some minor
> security enhancements. See the attached README.txt for details.
> 
> Mailman is free software for managing email mailing lists and
> e-newsletters. Mailman is used for all the python.org and
> SourceForge.net mailing lists, as well as at hundreds of other sites.
> 
> For more information, please see our web site at one of:
> 
> http://www.list.org
> https://www.gnu.org/software/mailman
> http://mailman.sourceforge.net/
> https://mirror.list.org/
> 
> Mailman 2.1.27 can be downloaded from
> 
> https://launchpad.net/mailman/2.1/
> https://ftp.gnu.org/gnu/mailman/
> https://sourceforge.net/projects/mailman/
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> 
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-users/raj%40mischievous.us

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Mailman 2.1.27 released

2018-06-22 Thread Mark Sapiro 
I am pleased to announce the release of Mailman 2.1.27.

Python 2.6 is the minimum supported, but Python 2.7 is strongly recommended.

This is a routine bug fix release with a few new features and some minor
security enhancements. See the attached README.txt for details.

Mailman is free software for managing email mailing lists and
e-newsletters. Mailman is used for all the python.org and
SourceForge.net mailing lists, as well as at hundreds of other sites.

For more information, please see our web site at one of:

http://www.list.org
https://www.gnu.org/software/mailman
http://mailman.sourceforge.net/
https://mirror.list.org/

Mailman 2.1.27 can be downloaded from

https://launchpad.net/mailman/2.1/
https://ftp.gnu.org/gnu/mailman/
https://sourceforge.net/projects/mailman/

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

2.1.27 (22-Jun-2018)

  Security

- Existing protections against malicious listowners injecting evil
  scripts into listinfo pages have had a few more checks added.
  JVN#00846677/JPCERT#97432283

- A few more error messages have had their values HTML escaped.
  JVN#00846677/JPCERT#97432283

- The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
  the same as one generated at the same time for a different list and
  IP address.  While this is not thought to be exploitable in any way,
  the generation has been changed to avoid this.  Thanks to Ralf Jung.

  New Features

- An option has been added to bin/add_members to issue invitations
  instead of immediately adding members.  (LP: #1773064)

- A new BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE setting has been added to
  enable blocking web subscribes from IPv4 addresses listed in Spamhaus
  SBL, CSS or XBL.  It will work with IPv6 addresses if Python's
  py2-ipaddress module is installed.  The module can be installed via pip
  if not included in your Python.

- Thanks to Jim Popovitch, Mailman has a new 'security' log and logs
  authentication failures to the various web CGI functions.  The logged
  data include the remote IP and can be used to automate blocking of IPs
  with something like fail2ban.  Since Mailman 2.1.14, these have returned
  an http 401 status and the information should be logged by the web
  server, but this new log makes that more convenient.  Also, the
  'mischief' log entries for 'hostile listname' noe include the remote IP
  if available.

- Thanks to Jim Popovitch, admin notices of (un)subscribes now may give
  the source of the action.  This consists of a %(whence)s replacement
  that has been added to the admin(un)subscribeack.txt templates.  Thanks
  to Yasuhito FUTATSUKI for updating the non-English templates and help
  with internationalizing the reasons.

- Thanks to Jim Popovitch, there is a new
  BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE setting to enable blocking web
  subscribes for addresses in domains listed in the Spamhaus DBL.

  i18n

- The Japanese translation has been updated by Yasuhito FUTATSUKI.

- The Russian translation has been updated by Danil Smirnov.

- A partial Esperanto translation has been added.  Thanks to
  Rubén Fernández Asensio.

- Fixed a '# -*- coding:' line in the Russian message catalog that was
  mistakenly translated to Russian.  (LP: #1777342)

  Bug fixes and other patches

- Some messages from bin/arch were not issued in the charset of the system
  locale when DISABLE_COMMAND_LOCALE_CSET is No.  Thanks to Yasuhito
  FUTATSUKI this is now fixed.  (LP: #1768892)

- The message displayed in the browser when accessing a Mailman CGI when
  mm_cfg.py can't be imported due to some exception other than ImportError
  has been improved.  (LP: #1760506)

- The reimplementation of DELIVERY_RETRY_WAIT in 2.1.26 could cause extra
  dequeueing and requeueing in the out queue by OutgoingRunner.  This is
  fixed.  (LP: #1762871)

- A Python 2.7 dependency introduced in the ToDigests handler in Mailman
  2.1.24 has been removed.  (LP: #1755317)

- Bad values in a list's topics will no longer break everything that
  might instantiate the list.  (LP: #1754516)

- A Python 2.7 dependency introduced with the reCAPTCHA feature in 2.1.26
  has been removed.  (LP: #1752658)

- The reCAPTCHA feature requires JavaScript.  If JavaScript is not enabled,
  a message will be displayed on the subscribe form that JavaScript is
  required.  (LP: #1769374)

- Quoting in the mailman-config command has been changed from double to
  single quotes to allow double-quoted parameters.  (LP: #1774986)

- Approving a held subscription for a user with a 'different' preferred
  language no longer corrupts the results page.  (LP: #1777222)

- An issue with garbled descriptions on listinfo and