Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixed content injection vulnerability via the private login page. | Mark Sapiro | 2020-05-07 | 1 | -7/+3 |
| | |||||
* | Strip leading/trailing spaces from login email for private and options login. | Mark Sapiro | 2019-03-06 | 1 | -1/+1 |
| | |||||
* | Bump copyright dates. | Mark Sapiro | 2018-06-17 | 1 | -1/+1 |
| | |||||
* | Implement security log. | Mark Sapiro | 2018-06-11 | 1 | -0/+7 |
|\ | |||||
| * | Changes based on feedback from Mark. | Jim Popovitch | 2018-06-10 | 1 | -1/+2 |
| | | |||||
| * | Improved logging of security related events | Jim Popovitch | 2018-06-06 | 1 | -0/+5 |
|/ | |||||
* | Bumped Copyrights and fixed a bug in prior commit. | Mark Sapiro | 2017-06-05 | 1 | -1/+1 |
| | |||||
* | Defend against CGI requests with multiple values for the same parameter. | Mark Sapiro | 2017-06-05 | 1 | -2/+2 |
| | |||||
* | Catch TypeError from certain defective crafted POST requests. | Mark Sapiro | 2016-07-14 | 1 | -2/+11 |
| | |||||
* | - Added the list name to the vette log "held message approved" entry. | Mark Sapiro | 2014-03-21 | 1 | -2/+2 |
| | | | | | | | | | | (LP: 1295875) - Added the CGI module name to various "No such list" error log entries. (LP: 1295875) - Modified contrib/mmdsr to report module name if present in "No such list error log entries. | ||||
* | Fixed a typo in the UPGRADING doc - bin/upgrade -> bin/update. | Mark Sapiro | 2012-06-20 | 1 | -0/+0 |
| | |||||
* | Backported the password reminder from private archive login feature from the | Mark Sapiro | 2012-03-25 | 1 | -1/+22 |
| | | | | 2.2 branch. | ||||
* | Updated copyright year for previous change. | Mark Sapiro | 2011-02-05 | 1 | -1/+1 |
| | |||||
* | Issue an HTTP 404 status for private archive file not found. | Mark Sapiro | 2011-02-05 | 1 | -0/+1 |
| | |||||
* | Added roster to the CGIs that return HTTP 401 status for an authentication | Mark Sapiro | 2010-03-29 | 1 | -0/+2 |
| | | | | failure, and return HTTP 404 status from all CGIs for an invalid list name. | ||||
* | We now give an HTTP 401 status for authentication failures from admin, | Mark Sapiro | 2010-02-04 | 1 | -0/+2 |
| | | | | admindb, private and options logins. | ||||
* | - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL | Mark Sapiro | 2010-01-21 | 1 | -1/+3 |
| | | | | would result in a munged URL if authentication was required. Bug #266164. | ||||
* | Fix XSS bug: Thanks Moritz Naumann. (CVE-2006-1512) | tkikuchi | 2006-04-04 | 1 | -2/+3 |
| | |||||
* | A cleansing pass, almost entirely cosmetic. Such things as whitespace | bwarsaw | 2005-12-30 | 1 | -12/+10 |
| | | | | | | | | | | | | | normalization, removal of tabs, copyright year updates to changed files, docstring and comment fixes, and usage of True/False. I also made a pass through the NEWS file. One import was reordered, and after this commit I will move the mmdsr.readme file to README.mmdsr. From my perspective, after that we're ready to go. I will port these changes forward to the trunk. | ||||
* | Log hostile path to mischief, not error | msapiro | 2005-12-12 | 1 | -1/+1 |
| | |||||
* | Fixes for bug 1080943. | msapiro | 2005-12-12 | 1 | -6/+27 |
| | | | | Add error response for ./ and ../ in URL | ||||
* | FSF office has moved to 51 Franklin Street. | tkikuchi | 2005-08-27 | 1 | -1/+1 |
| | |||||
* | Spelling and copyright years updates. | bwarsaw | 2005-02-10 | 1 | -3/+3 |
| | |||||
* | Checkin for initial workaround for directry traverse flaw in private.py. | tkikuchi | 2005-02-10 | 1 | -3/+6 |
| | | | | This is for the people who think 'CVS should be safe' and not final solution. | ||||
* | Backporting from the trunk. | bwarsaw | 2003-02-08 | 1 | -13/+15 |
| | |||||
* | This commit was manufactured by cvs2svn to create branch | 2003-01-02 | 1 | -0/+162 | |
'Release_2_1-maint'. |