diff options
| author | Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> | 2018-06-23 05:57:21 +0900 |
|---|---|---|
| committer | Yasuhito FUTATSUKI at POEM <futatuki@poem.co.jp> | 2018-06-23 05:57:21 +0900 |
| commit | f647dd6c9e7e50b21150076bc9dfc3792f63e022 (patch) | |
| tree | 74fcfa8883921abdd5cc08f35f29852d3a8ec440 /NEWS | |
| parent | cb03394bc0ec828ddc23b22392ea8d1a21798644 (diff) | |
| parent | 11c0af19222d0176b4f9c9c515274c61b49eec33 (diff) | |
| download | mailman2-f647dd6c9e7e50b21150076bc9dfc3792f63e022.tar.gz mailman2-f647dd6c9e7e50b21150076bc9dfc3792f63e022.tar.xz mailman2-f647dd6c9e7e50b21150076bc9dfc3792f63e022.zip | |
merge lp:mailman/2.1 up to rev 1784 (release 2.1.27)
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -5,14 +5,16 @@ Copyright (C) 1998-2018 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. -2.1.27 (xx-xxx-xxxx) +2.1.27 (22-Jun-2018) Security - Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. + JVN#00846677/JPCERT#97432283 - A few more error messages have had their values HTML escaped. + JVN#00846677/JPCERT#97432283 - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and @@ -94,6 +96,10 @@ Here is a history of user visible changes to Mailman. - Approving a held subscription for a user with a 'different' preferred language no longer corrupts the results page. (LP: #1777222) + - An issue with garbled descriptions on listinfo and admin overview pages + and the heading of a list's listinfo page due to incompatible character + sets has been fixed thanks to Yasuhito FUTATSUKI. + Miscellaneous - Added to the contrib directory, a script from Jim Popovitch to generate |