aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2018-06-22 08:41:29 -0700
committerMark Sapiro <mark@msapiro.net>2018-06-22 08:41:29 -0700
commit15e222cef831c9f22890c7d3ec7c0ae93b91b238 (patch)
treeb0cf19f804bfbf1929ac6cc582d87d59e3ac5cf6
parent594de91c05384ab6136adfcc9db68f97af3a9d89 (diff)
downloadmailman2-15e222cef831c9f22890c7d3ec7c0ae93b91b238.tar.gz
mailman2-15e222cef831c9f22890c7d3ec7c0ae93b91b238.tar.xz
mailman2-15e222cef831c9f22890c7d3ec7c0ae93b91b238.zip
Preparing 2.1.27 release.
-rw-r--r--NEWS4
1 files changed, 3 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 7bc1b4c7..6e3a8a09 100644
--- a/NEWS
+++ b/NEWS
@@ -5,14 +5,16 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
Here is a history of user visible changes to Mailman.
-2.1.27 (xx-xxx-xxxx)
+2.1.27 (22-Jun-2018)
Security
- Existing protections against malicious listowners injecting evil
scripts into listinfo pages have had a few more checks added.
+ JVN#00846677/JPCERT#97432283
- A few more error messages have had their values HTML escaped.
+ JVN#00846677/JPCERT#97432283
- The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
the same as one generated at the same time for a different list and