aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fixed a problem which could result in raw, undecoded message bodiesMark Sapiro2011-06-022-4/+10
| | | | appearing in plain digests and archives. Bug #787790.
* Fixed a problem in admindb.py where the character set for the display ofMark Sapiro2011-05-102-1/+11
| | | | the message body excerpt was not correctly determined. Bug #779751.
* Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro2011-05-094-12/+12
|
* Made the web escaping of additional characters a configuration setting.Mark Sapiro2011-05-013-12/+38
|
* Since context may be AuthUser, we must refresh the cookie where we have a user.Mark Sapiro2011-04-261-2/+2
|
* Yet another change to the broken browser HTML escaping.Mark Sapiro2011-04-261-1/+2
|
* Don't try converting non-ascii to HTML entities in unicode.Mark Sapiro2011-04-261-2/+5
|
* Don't redefine existing authentication contexts.Mark Sapiro2011-04-251-2/+2
|
* A new list poster password has been implemented. This password may onlyMark Sapiro2011-04-257-6/+55
| | | | | | be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
* Strengthened escaping of user web data by including some characters thatMark Sapiro2011-04-252-0/+11
| | | | some older browsers misinterpret as < or >.
* A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.Mark Sapiro2011-04-253-1/+15
| | | | | | If this is set to a non-zero value, web authentication cookies will expire that many seconds following their last use. Its default value is zero to preserve current behavior.
* Mailman now sets the 'secure' flag in cookies set via https URLs.Mark Sapiro2011-04-252-1/+9
| | | | Bug #770377.
* Added a logout link to the admindb interface and made both admin andMark Sapiro2011-04-233-3/+31
| | | | | admindb logout effective for a site admin cookie if allowed. Bug #769318.
* Replaced old logos with new ones.Mark Sapiro2011-04-234-0/+4
|
* Changed bin/genaliases to only call the POSTFIX_*_CMD commands once whenMark Sapiro2011-04-163-4/+12
| | | | MTA = 'Postfix'. Bug #266408.
* Updated mailman.pot and various mailman.po files for previous change.Mark Sapiro2011-04-1537-8326/+8920
|
* Refactor last change for i18n.Mark Sapiro2011-04-151-5/+7
|
* Added a report of the affected members to the warnings issued whenMark Sapiro2011-04-142-3/+10
| | | | | setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
* Fixed a problem where content filtering could remove the headers fromMark Sapiro2011-04-123-1/+263
| | | | | an attached message/rfc822 part if the message in that part is multipart/alternative and collapse_alternatives is Yes. Bug #757062.
* Fix for bug #701558 went to far. Don't recast message/rfc822 parts.Mark Sapiro2011-04-071-2/+4
| | | | We want to keep the headers.
* Changed the subscribe CGI to strip leading and trailing whitespace fromMark Sapiro2011-03-292-2/+5
| | | | the supplied email address. Bug #745432.
* Changed the maximum number of arguments for the who command to beMark Sapiro2011-03-212-2/+6
| | | | | considered administrivia from 2 to 1 to help avoid false positives. Bug #739524.
* Added the list name as 'display-name' in added Sender: headers to helpMark Sapiro2011-03-212-3/+7
| | | | mitigate Outlook et al 'on behalf of' displays. Bug #736849.
* An XSS vulnerability, CVE-2011-0707, has been fixed.Mark Sapiro2011-02-182-3/+7
|
* Fixed a typo in the usage() definition cron/gate_news. Bug #721015.Mark Sapiro2011-02-172-2/+4
|
* - Fixed an uncaught KeyError when poster tries to cancel a post which wasMark Sapiro2011-02-072-2/+6
| | | | already handled. Bug #266224.
* - Held message user notifications now come From: list-owner instead ofMark Sapiro2011-02-072-5/+5
| | | | list-bounces. Bug #714424.
* - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to controlMark Sapiro2011-02-074-19/+98
| | | | | | | | | | | | | | | | | | | | how much of the original message is included in automatic responses to email commands. The default is 2 to preserve the prior behavior of including the full message. Setting this to 1 in mm_cfg.py will include only the original headers, and 0 will include none of the original. It is recommended to set this to 0 in mm_cfg.py to minimize the effects of backscatter. Bug #265835. - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added to control the default for respond_to_post_requests for new lists. It is set to Yes for backwards compatibility, but it is recommended that serious consideration be given to setting it to No. Bug #266051. - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to control whether a message to the -request address without any commands or a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP is responded to or just logged. It defaults to Yes which is different from prior behavior. Bug #410236.
* Updated copyright year for previous change.Mark Sapiro2011-02-051-1/+1
|
* Issue an HTTP 404 status for private archive file not found.Mark Sapiro2011-02-052-0/+3
|
* Added one and changed two MimeDel tests for rev 1272 changes.Mark Sapiro2011-01-251-10/+72
|
* @listname entries in *_these_nonmembers are no longer case sensitive.Mark Sapiro2011-01-242-4/+8
| | | | Bug #705715.
* - Changed bin/rmlist to also remove heldmsg files for the removed list andMark Sapiro2011-01-132-8/+19
| | | | fixed a problem with removal of stale locks for the list. Bug #700528.
* - Fixed a bug where content filtering could leave a multipart message orMark Sapiro2011-01-132-1/+25
| | | | | part with just one sub-part. These should be recast to just the sub-part. Bug #701558.
* - Fixed a bug that could erroneously handle posts from addresses inMark Sapiro2011-01-132-5/+11
| | | | | *_these_nonmembers and send held/rejected notices to bogus addresses when The From or other sender header is RFC 2047 encoded. Bug #702516.
* - Updated contrib/mm-handler-2.1.10 to better handle lists with names thatMark Sapiro2011-01-043-3/+13
| | | | look like admin addresses. Bug #697161.
* Added bounce recognition for a bogus Dovecot MDN. Bug #693134.Mark Sapiro2010-12-224-1/+80
|
* - Fixed a problem where an emailed command in the Subject: header with aMark Sapiro2010-12-043-5/+12
| | | | | | | non-ascii l10n of an 'Re:' prefix is ignored. Bug #685261. - Fixed a problem with approving a post by email when the body of the approval mail is base64 encoded. Bug #677115.
* - Fixed a missing format character in the Spanish translation.Mark Sapiro2010-11-043-3/+18
| | | | | | | Bug #670988. - Fixed the host name in the From: address of the owner notification from bin/add_members. Bug #666181.
* Preparing 2.1.14 release.Mark Sapiro2010-09-202-4/+4
|
* Removed '#, fuzzy' indicators resulting from prior change.Mark Sapiro2010-09-1036-159/+0
|
* Made minor wording improvements and typo corrections in some messages.Mark Sapiro2010-09-1042-3863/+4054
| | | | Bug #426979.
* Preparing 2.1.14rc1 release.Mark Sapiro2010-09-09201-1265/+1331
|
* Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro2010-09-094-98/+104
|
* It's not necessary to catch KeyError - dict is a SafeDict().Mark Sapiro2010-09-071-1/+1
|
* Fixed i18n._() to catch exceptions due to bad formats. Bug #632660.Mark Sapiro2010-09-072-2/+8
|
* Fixed admindb interface to decode base64 and quoted-printable encodedMark Sapiro2010-09-032-1/+4
| | | | message body excerpts for display. Bug #629738.
* Fixed a missing format character in the German bin/mailmanctl docstring.Mark Sapiro2010-08-312-1/+3
|
* Fixed web CGI tracebacks to properly report sys.path. Bug #615114.Mark Sapiro2010-08-082-2/+4
|
* Changed the member options login page unsubscribe request to include theMark Sapiro2010-07-272-1/+5
| | | | requesters IP address in the confirmation request. Bug #610527.