Modified SUBSCRIBE_FORM_SECRET hash generation.

1 files changed, 5 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index b89ad032..5ceffc63 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,11 @@ Here is a history of user visible changes to Mailman.
 
     - A few more error messages have had their values HTML escaped.
 
+    - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
+      the same as one generated at the same time for a different list and
+      IP address.  While this is not thought to be exploitable in any way,
+      the generation has been changed to avoid this.  Thanks to Ralf Jung.
+
   New Features
 
     - An option has been added to bin/add_members to issue invitations