diff options
author | Mark Sapiro <mark@msapiro.net> | 2018-06-22 08:41:29 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2018-06-22 08:41:29 -0700 |
commit | 15e222cef831c9f22890c7d3ec7c0ae93b91b238 (patch) | |
tree | b0cf19f804bfbf1929ac6cc582d87d59e3ac5cf6 | |
parent | 594de91c05384ab6136adfcc9db68f97af3a9d89 (diff) | |
download | mailman2-15e222cef831c9f22890c7d3ec7c0ae93b91b238.tar.gz mailman2-15e222cef831c9f22890c7d3ec7c0ae93b91b238.tar.xz mailman2-15e222cef831c9f22890c7d3ec7c0ae93b91b238.zip |
Preparing 2.1.27 release.
-rw-r--r-- | NEWS | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -5,14 +5,16 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. -2.1.27 (xx-xxx-xxxx) +2.1.27 (22-Jun-2018) Security - Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. + JVN#00846677/JPCERT#97432283 - A few more error messages have had their values HTML escaped. + JVN#00846677/JPCERT#97432283 - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and |