diff options
| author | Mark Sapiro <mark@msapiro.net> | 2017-03-30 12:20:45 -0700 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2017-03-30 12:20:45 -0700 |
| commit | f2d4b816b39a77c32562dc8a23b1fcd0e61cc869 (patch) | |
| tree | a8c5760ba45740c7c6b78922e330602b23d6c728 /NEWS | |
| parent | bb0383b9174e1afb5939928539bfd9c20c8829f2 (diff) | |
| download | mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.tar.gz mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.tar.xz mailman2-f2d4b816b39a77c32562dc8a23b1fcd0e61cc869.zip | |
Fixed unexploitable XSS attach via crafted HTTP Host: header.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -7,6 +7,12 @@ Here is a history of user visible changes to Mailman. 2.1.24 (xx-xxx-xxxx) + Security + + - A most likely unexploitable XSS attach that relies on the Mailman web + server passing a crafted Host: header to the CGI environment has been + fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam. + New Features - cron/senddigests has a new -e/--exceptlist option to send pending |