diff options
author | Mark Sapiro <mark@msapiro.net> | 2019-06-19 16:56:49 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2019-06-19 16:56:49 -0700 |
commit | 1799a87556e18776e64df28ff2ac4fee190f2dc1 (patch) | |
tree | 670eea11f001d2273da50af94c9f949b85ded058 /NEWS | |
parent | 56188e427f80ed350b6608ce47124402c90b9d40 (diff) | |
parent | 91203be694e4ca836b862b7921e119b2f55a8307 (diff) | |
download | mailman2-1799a87556e18776e64df28ff2ac4fee190f2dc1.tar.gz mailman2-1799a87556e18776e64df28ff2ac4fee190f2dc1.tar.xz mailman2-1799a87556e18776e64df28ff2ac4fee190f2dc1.zip |
Implement Ralf Jung's captcha feature for the subscribe form.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 24 |
1 files changed, 16 insertions, 8 deletions
@@ -21,9 +21,17 @@ Here is a history of user visible changes to Mailman. does this on every web access and on sites with a very large number of lists, this can have performance implications. See the description in Defaults.py for more information. - + + - Thanks to Ralph Jung there is now the ability to add text based captchas + (aka textchas) to the listinfo subscribe form. See the documentation + for the new CAPTCHA setting in Defaults.py for how to enable this. Also + note that if you have custom listinfo.html templates, you will have to + add a <mm-captcha-ui> tag to those templates to make this work. This + feature can be used in combination with or instead of the Google + reCAPTCHA feature added in 2.1.26. + Bug Fixes and other patches - + - Fixed the confirm CGI to catch a rare TypeError on simultaneous confirmations of the same token. (LP: #1785854) @@ -61,7 +69,7 @@ Here is a history of user visible changes to Mailman. 2.1.28 (23-Jul-2018) Security - + - A content spoofing vulnerability with invalid list name messages in the web UI has been fixed. CVE-2018-13796 (LP: #1780874) @@ -400,7 +408,7 @@ Here is a history of user visible changes to Mailman. well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue. CVE-2016-6893 (LP: #1614841) - + New Features - For header_filter_rules matching, RFC 2047 encoded headers, non-encoded @@ -483,7 +491,7 @@ Here is a history of user visible changes to Mailman. - A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the null string if it wants to avoid using this. (LP: #1578450) - + - The white space to the left of the admindb Logout link is no longer part of the link. (LP: #1573623) @@ -711,11 +719,11 @@ Here is a history of user visible changes to Mailman. and deleting the old address. (LP: #266809) i18n - + - The Russian translation has been updated by Danil Smirnov. - The Polish translation has been updated by Stefan Plewako. - + Bug fixes and other patches - A LookupError in SpamDetect on a message with RFC 2047 encoded headers @@ -954,7 +962,7 @@ Here is a history of user visible changes to Mailman. - If checking DNS for dmarc_moderation_action and DNS lookup is not available, log it. (LP: #1324541) - + - Handle missing From: header addresses for DMARC mitigation actions. (LP: #1318025) |