aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
authorMark Sapiro <mark@msapiro.net>2019-06-19 16:56:49 -0700
committerMark Sapiro <mark@msapiro.net>2019-06-19 16:56:49 -0700
commit1799a87556e18776e64df28ff2ac4fee190f2dc1 (patch)
tree670eea11f001d2273da50af94c9f949b85ded058 /NEWS
parent56188e427f80ed350b6608ce47124402c90b9d40 (diff)
parent91203be694e4ca836b862b7921e119b2f55a8307 (diff)
downloadmailman2-1799a87556e18776e64df28ff2ac4fee190f2dc1.tar.gz
mailman2-1799a87556e18776e64df28ff2ac4fee190f2dc1.tar.xz
mailman2-1799a87556e18776e64df28ff2ac4fee190f2dc1.zip
Implement Ralf Jung's captcha feature for the subscribe form.
Diffstat (limited to '')
-rw-r--r--NEWS24
1 files changed, 16 insertions, 8 deletions
diff --git a/NEWS b/NEWS
index 2f4ed388..507791c3 100644
--- a/NEWS
+++ b/NEWS
@@ -21,9 +21,17 @@ Here is a history of user visible changes to Mailman.
does this on every web access and on sites with a very large number of
lists, this can have performance implications. See the description in
Defaults.py for more information.
-
+
+ - Thanks to Ralph Jung there is now the ability to add text based captchas
+ (aka textchas) to the listinfo subscribe form. See the documentation
+ for the new CAPTCHA setting in Defaults.py for how to enable this. Also
+ note that if you have custom listinfo.html templates, you will have to
+ add a <mm-captcha-ui> tag to those templates to make this work. This
+ feature can be used in combination with or instead of the Google
+ reCAPTCHA feature added in 2.1.26.
+
Bug Fixes and other patches
-
+
- Fixed the confirm CGI to catch a rare TypeError on simultaneous
confirmations of the same token. (LP: #1785854)
@@ -61,7 +69,7 @@ Here is a history of user visible changes to Mailman.
2.1.28 (23-Jul-2018)
Security
-
+
- A content spoofing vulnerability with invalid list name messages in
the web UI has been fixed. CVE-2018-13796 (LP: #1780874)
@@ -400,7 +408,7 @@ Here is a history of user visible changes to Mailman.
well as the user options page and the previously fixed admin pages.
Thanks to Nishant Agarwala for reporting the issue. CVE-2016-6893
(LP: #1614841)
-
+
New Features
- For header_filter_rules matching, RFC 2047 encoded headers, non-encoded
@@ -483,7 +491,7 @@ Here is a history of user visible changes to Mailman.
- A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the
null string if it wants to avoid using this. (LP: #1578450)
-
+
- The white space to the left of the admindb Logout link is no longer
part of the link. (LP: #1573623)
@@ -711,11 +719,11 @@ Here is a history of user visible changes to Mailman.
and deleting the old address. (LP: #266809)
i18n
-
+
- The Russian translation has been updated by Danil Smirnov.
- The Polish translation has been updated by Stefan Plewako.
-
+
Bug fixes and other patches
- A LookupError in SpamDetect on a message with RFC 2047 encoded headers
@@ -954,7 +962,7 @@ Here is a history of user visible changes to Mailman.
- If checking DNS for dmarc_moderation_action and DNS lookup is not
available, log it. (LP: #1324541)
-
+
- Handle missing From: header addresses for DMARC mitigation actions.
(LP: #1318025)