diff options
author | tkikuchi <> | 2005-12-06 00:43:13 +0000 |
---|---|---|
committer | tkikuchi <> | 2005-12-06 00:43:13 +0000 |
commit | 90bd87b9c89bbb4c481405f34cce985b94ca8c80 (patch) | |
tree | 36ac387ef7d0d3a48534e4be4ecdfe0b992ca83a /NEWS | |
parent | 59c3c1ad8fb2bb7265ed8730f41ab897c55a24f1 (diff) | |
download | mailman2-90bd87b9c89bbb4c481405f34cce985b94ca8c80.tar.gz mailman2-90bd87b9c89bbb4c481405f34cce985b94ca8c80.tar.xz mailman2-90bd87b9c89bbb4c481405f34cce985b94ca8c80.zip |
Add Security notes in NEWS.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -6,6 +6,27 @@ Here is a history of user visible changes to Mailman. 2.1.7 (XX-XXX-200X) + Security + + - A note on CVE-2005-3573: Although the RFC2231 bug example in the + CVE has been solved in mailman-2.1.6, there may be more cases + where ToDigest.send_digests() can block regular delivery. + We put the send_digests() calling part in try - except clause and + leave a message in the error log if something happened in + send_digests(). Daily call of cron/senddigests will notify more + detail to the site administrator. + + - List administrators can no longer change the user's option/subscription + globally. Site admin can change these only if + mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes. + + - Script tag is disallowd in edithtml script. + + - Since probe message for the disabled users may reach unexpected + persons, the password was excluded from sendProbe() and probe.txt. + Note that the default value of VERP_PROBE has been set to `No' + from 2.1.6., thus this change doesn't change the default behavior. + New Features - Always remove DomainKey (and similar) headers (1287546) from messages |