| Commit message (Collapse) | Author | Files | Lines | ||
|---|---|---|---|---|---|
| 2020-05-07 | Fixed content injection vulnerability via the private login page. | Mark Sapiro | 1 | -7/+3 | |
| 2019-03-06 | Strip leading/trailing spaces from login email for private and options login. | Mark Sapiro | 1 | -1/+1 | |
| 2018-06-17 | Bump copyright dates. | Mark Sapiro | 1 | -1/+1 | |
| 2018-06-10 | Changes based on feedback from Mark. | Jim Popovitch | 1 | -1/+2 | |
| 2018-06-06 | Improved logging of security related events | Jim Popovitch | 1 | -0/+5 | |
| 2017-06-05 | Bumped Copyrights and fixed a bug in prior commit. | Mark Sapiro | 1 | -1/+1 | |
| 2017-06-05 | Defend against CGI requests with multiple values for the same parameter. | Mark Sapiro | 1 | -2/+2 | |
| 2016-07-14 | Catch TypeError from certain defective crafted POST requests. | Mark Sapiro | 1 | -2/+11 | |
| 2014-03-21 | - Added the list name to the vette log "held message approved" entry. | Mark Sapiro | 1 | -2/+2 | |
| (LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries. | |||||
| 2012-06-20 | Fixed a typo in the UPGRADING doc - bin/upgrade -> bin/update. | Mark Sapiro | 1 | -0/+0 | |
| 2012-03-25 | Backported the password reminder from private archive login feature from the | Mark Sapiro | 1 | -1/+22 | |
| 2.2 branch. | |||||
| 2011-02-05 | Updated copyright year for previous change. | Mark Sapiro | 1 | -1/+1 | |
| 2011-02-05 | Issue an HTTP 404 status for private archive file not found. | Mark Sapiro | 1 | -0/+1 | |
| 2010-03-29 | Added roster to the CGIs that return HTTP 401 status for an authentication | Mark Sapiro | 1 | -0/+2 | |
| failure, and return HTTP 404 status from all CGIs for an invalid list name. | |||||
| 2010-02-04 | We now give an HTTP 401 status for authentication failures from admin, | Mark Sapiro | 1 | -0/+2 | |
| admindb, private and options logins. | |||||
| 2010-01-21 | - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL | Mark Sapiro | 1 | -1/+3 | |
| would result in a munged URL if authentication was required. Bug #266164. | |||||
| 2006-04-04 | Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512) | tkikuchi | 1 | -2/+3 | |
| 2005-12-30 | A cleansing pass, almost entirely cosmetic. Such things as whitespace | bwarsaw | 1 | -12/+10 | |
| normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk. | |||||
| 2005-12-12 | Log hostile path to mischief, not error | msapiro | 1 | -1/+1 | |
| 2005-12-12 | Fixes for bug 1080943. | msapiro | 1 | -6/+27 | |
| Add error response for ./ and ../ in URL | |||||
| 2005-08-27 | FSF office has moved to 51 Franklin Street. | tkikuchi | 1 | -1/+1 | |
| 2005-02-10 | Spelling and copyright years updates. | bwarsaw | 1 | -3/+3 | |
| 2005-02-10 | Checkin for initial workaround for directry traverse flaw in private.py. | tkikuchi | 1 | -3/+6 | |
| This is for the people who think 'CVS should be safe' and not final solution. | |||||
| 2003-02-08 | Backporting from the trunk. | bwarsaw | 1 | -13/+15 | |
 |
index : mailman2 | |
| mirror of https://code.launchpad.net/~mailman-coders/mailman/2.1 | git |
| aboutsummaryrefslogtreecommitdiffstats |