diff options
| -rw-r--r-- | Mailman/Utils.py | 2 | ||||
| -rw-r--r-- | NEWS | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 7bae2e6e..739def1d 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -759,7 +759,7 @@ def get_domain(): if port and host.endswith(':' + port): host = host[:-len(port)-1] if mm_cfg.VIRTUAL_HOST_OVERVIEW and host: - return host.lower() + return websafe(host.lower()) else: # See the note in Defaults.py concerning DEFAULT_URL # vs. DEFAULT_URL_HOST. @@ -7,6 +7,12 @@ Here is a history of user visible changes to Mailman. 2.1.24 (xx-xxx-xxxx) + Security + + - A most likely unexploitable XSS attach that relies on the Mailman web + server passing a crafted Host: header to the CGI environment has been + fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam. + New Features - cron/senddigests has a new -e/--exceptlist option to send pending |