diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -12,6 +12,14 @@ Here is a history of user visible changes to Mailman. - An XSS vulnerability, CVE-2011-0707, has been fixed. + - The web admin interface has been hardened against CSRF attacks by adding + a hidden, encrypted token with a time stamp to form submissions and not + accepting authentication by cookie if the token is missing, invalid or + older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one + hour. Posthumous thanks go to Tokio Kikuchi for this implementation + which is only one of his many contributions to Mailman prior to his + death from cancer on 14 January 2012. + New Features - Eliminated the list cache from the qrunners. Indirect self-references |