Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Defended against a user submitting URLs with query fragments or POST | Mark Sapiro | 2015-09-16 | 1 | -0/+16 |
| | | | data containing multiple occurrences of the same variable. | ||||
* | Improved identification of remote clients coming via a proxy server. | Mark Sapiro | 2015-06-23 | 1 | -1/+8 |
|\ | |||||
| * | Support for HTTP_X_FORWARDED_FOR and HTTP_FORWARDED_FOR (RFC 7239) | Jim Popovitch | 2015-06-23 | 1 | -1/+5 |
|/ | |||||
* | The vette log entry for DMARC policy hits now contains the list name. | Mark Sapiro | 2015-05-01 | 1 | -4/+4 |
| | |||||
* | Fix for path traversal vulnerability. | Mark Sapiro | 2015-03-27 | 1 | -0/+6 |
| | |||||
* | Implemented the equivalent domains feature for list posting/moderation. | Mark Sapiro | 2015-01-23 | 1 | -0/+34 |
| | |||||
* | A number of changes from the unofficial 2.2 branch have been backported to | Mark Sapiro | 2015-01-22 | 1 | -1/+57 |
| | | | | | the 2.1 branch for release with 2.1.19. The 2.2 branch is now no different from the 2.1 branch and will no longer be maintained. | ||||
* | The options CGI now rejects all but HTTP GET and POST requests. | Mark Sapiro | 2014-09-21 | 1 | -0/+5 |
| | |||||
* | If checking DNS for dmarc_moderation_action and DNS lookup is not | Mark Sapiro | 2014-05-29 | 1 | -1/+5 |
| | | | | available, log it. (LP: #1324541) | ||||
* | Make dmarc_quarantine_moderaction_action a list setting. | Mark Sapiro | 2014-05-02 | 1 | -3/+2 |
| | |||||
* | More fine tuning of dmarc_moderation_action. | Mark Sapiro | 2014-05-02 | 1 | -8/+8 |
| | |||||
* | The new Utils.IsDMARCProhibited() used collections.defaultdict which | Mark Sapiro | 2014-04-19 | 1 | -3/+2 |
| | | | requires Python 2.5. Changed to use a dict and setdefault. | ||||
* | Added and modified various options regarding DMARC. See the NEWS file. | Mark Sapiro | 2014-04-15 | 1 | -1/+96 |
|\ | |||||
| * | Added suuport for p=quarantine based on feedback from Franck Martin. | Jim Popovitch | 2013-11-08 | 1 | -0/+5 |
| | | |||||
| * | Incorporated some feedback from Mark S. | Jim Popovitch | 2013-10-20 | 1 | -1/+1 |
| | | |||||
| * | Handle CNAMEs when chasing DMARC TXT records. | Phil Pennock | 2013-03-18 | 1 | -5/+44 |
| | | | | | | | | | | | | | | | | Handle TXT records missing tags, check all such records, etc. Use \b boundary anchors in regexp check. (Should only be one, but if there are multiple, check them all, reject if any of them say p=reject). | ||||
| * | Hold/Reject/Discard moderation support for Senders with a DMARC p=reject policy | Jim Popovitch | 2013-03-03 | 1 | -0/+39 |
| | | |||||
* | | Fixed email address validation to do a bit better in obscure cases. | Mark Sapiro | 2013-12-06 | 1 | -3/+4 |
|/ | |||||
* | Strengthened the validation of email addresses. | Mark Sapiro | 2011-11-13 | 1 | -8/+3 |
| | |||||
* | Strengthened the validation of email address domains. | Mark Sapiro | 2011-09-15 | 1 | -0/+6 |
| | |||||
* | Made the web escaping of additional characters a configuration setting. | Mark Sapiro | 2011-05-01 | 1 | -12/+6 |
| | |||||
* | Yet another change to the broken browser HTML escaping. | Mark Sapiro | 2011-04-26 | 1 | -1/+2 |
| | |||||
* | Don't try converting non-ascii to HTML entities in unicode. | Mark Sapiro | 2011-04-26 | 1 | -2/+5 |
| | |||||
* | Strengthened escaping of user web data by including some characters that | Mark Sapiro | 2011-04-25 | 1 | -0/+8 |
| | | | | some older browsers misinterpret as < or >. | ||||
* | Changed the maximum number of arguments for the who command to be | Mark Sapiro | 2011-03-21 | 1 | -2/+2 |
| | | | | | considered administrivia from 2 to 1 to help avoid false positives. Bug #739524. | ||||
* | Two potential XSS vulnerabilities have been identified and fixed. | Mark Sapiro | 2010-09-09 | 1 | -93/+94 |
| | |||||
* | XSS protection in the web interface went too far in escaping HTML | Mark Sapiro | 2009-08-01 | 1 | -1/+3 |
| | | | | entities. Fixed. | ||||
* | Backported several bug fixes from the 2.2 branch. | Mark Sapiro | 2009-07-31 | 1 | -20/+21 |
| | |||||
* | Mailman/Utils.py | Mark Sapiro | 2009-01-02 | 1 | -2/+2 |
| | | | | | | | | | | - Fixed a long standing error that stopped relative hrefs from being generated for links on Mailman's web pages. Mailman/Cgi/admindb.py - Changed the admindb interface so that when messages are rejected from the summary page, the reject reason is the rejection message from the Errors.HoldMessage subclass instead of the generic "No reason given". | ||||
* | Changed the regexp for Utils.suspiciousHTML to exempt the | Mark Sapiro | 2008-12-05 | 1 | -1/+2 |
| | | | | | <link rel="SHORTCUT ICON" href="<mm-favicon>"> tag in the options.html template. | ||||
* | Apply Heiko Rommel's patch for hashlib deprecation warnings for bug 293178. | Barry Warsaw | 2008-11-12 | 1 | -3/+14 |
| | | | | I've modified the patch to improve some of the stylistic issues. | ||||
* | Changed Utils.ValidateEmail to not allow specials (particularly ':') | Mark Sapiro | 2008-05-07 | 1 | -2/+9 |
| | | | | | in unquoted local parts (SF bug # 1956393). | ||||
* | Mailman/Cgi/edithtml.py | Mark Sapiro | 2007-12-04 | 1 | -0/+151 |
| | | | | | | | | | | | | Mailman/Gui/General.py Mailman/Utils.py - Better detection of potentially evil HTML in GUI. Mailman/Version.py NEWS - Updates for 2.1.10b1 release. Mailman/Gui/General.py messages/mailman.pot - Added admin_member_chunksize to Gui. Two new associated messages. | ||||
* | Mailman/Defaults.py.in | Mark Sapiro | 2007-11-25 | 1 | -0/+3 |
| | | | | | | | | | | | Mailman/Utils.py Mailman/htmlformat.py Mailman/Cgi/create.py messages/ja/doc/Defaults.py.in - Added direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table to support the Hebrew translation. messages/he/LC_MESSAGES/mailman.po - Corrected a typo '\b' -> '\n'. messages/zh_CN/LC_MESSAGES/mailman.po - Corrected a typo '\\b' -> '/b'. | ||||
* | Detect 'who' with 1 or 2 arguments as administrivia. | Mark Sapiro | 2007-07-17 | 1 | -2/+2 |
| | |||||
* | CVE-2006-3636. Fixes for various cross-site scripting issues. Discovery by | bwarsaw | 2006-08-30 | 1 | -1/+1 |
| | | | | | Moritz Naumann and most of the repair work done by Mark Sapiro (with some additional work by Barry). | ||||
* | Back port Python 2.5 compatibility changes to Mailman 2.1. Specifically, | bwarsaw | 2006-07-30 | 1 | -3/+5 |
| | | | | | | | | | | | | | | | | | | - In SecurityManager.py, fix the parsecookie() code to work with Python 2.5 generated cookie text. The latter was changed to be more RFC compliant so it does not output trailing semicolons for each line of cookie text. This broke the splitting rules, so now first split on newlines, then on ';\s*'. This should work across all Python versions. - In Python 2.5, exceptions are new-style, and thus are no longer of ClassType. The instantiation type test in hold_for_approval() was too naive. This one is fixed differently here than in the MM trunk because in Python 2.1, 'type' isn't a type, it's a function and so can't be used as the second argument to isinstance() directly. - Raising strings generates deprecation warnings in Python 2.5. Switch the one weird use of this in Utils.py to use a class exception. Don't call it "quick exit" though because it's probably not. | ||||
* | - Decorate.py Fixed bug 1507248 by ignoring header/footer characters | msapiro | 2006-06-23 | 1 | -2/+8 |
| | | | | | | | | outside the character set of the list's language. - Utils.py Fixed a security hole which allowed a crafted URI to inject bogus apparent messages into the error log, possibly inducing an admin to visit a phishing site. | ||||
* | Improved fix for bug 1275856 to return host part of DEFAULT_URL if any from | msapiro | 2006-03-18 | 1 | -7/+5 |
| | | | | get_domain() if VIRTUAL_HOST_OVERVIEW off. | ||||
* | Fixed long standing bug (1275856) - get_domain() returned DEFAULT_EMAIL_HOST | msapiro | 2006-03-12 | 1 | -3/+8 |
| | | | | instead of DEFAULT_URL_HOST is VIRTUAL_HOST_OVERVIEW was off. | ||||
* | FSF office has moved to 51 Franklin Street. | tkikuchi | 2005-08-27 | 1 | -1/+1 |
| | |||||
* | New names added to ACKNOWLEDGMENTS. Updated NEWS in preparation for 2.1.6b1. | bwarsaw | 2005-01-16 | 1 | -1/+1 |
| | | | | Update copyright years for files changes in 2005. Whitespace normalization. | ||||
* | Sorry, leagality of '%' and '!' is a matter of MTA (of the user's). | tkikuchi | 2005-01-11 | 1 | -1/+1 |
| | | | | Canceling last check in. | ||||
* | Add '%' and '!' in _badchars. They are used for source routing. | tkikuchi | 2005-01-11 | 1 | -1/+1 |
| | |||||
* | Secure_MakeRandomPassword(): Log an error when secure passwords were requested | bwarsaw | 2004-12-31 | 1 | -0/+3 |
| | | | | but urandom is not available. | ||||
* | From the NEWS file: | bwarsaw | 2004-12-30 | 1 | -6/+45 |
| | | | | | | | | | | - Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators. | ||||
* | [ 1030228 ] Mass Subscribe address with control character - can't delete | tkikuchi | 2004-10-09 | 1 | -1/+1 |
| | | | | Also, '/' can be used now. | ||||
* | More error handling for oneline(). | tkikuchi | 2004-09-18 | 1 | -1/+2 |
| | |||||
* | oneline(): Another part of TK's patch # 865661. This one adds a | bwarsaw | 2003-12-26 | 1 | -0/+15 |
| | | | | | utility function that returns a header in an i18n-safe way such that it is guaranteed to span exactly one line. | ||||
* | True/False where appropriate. | bwarsaw | 2003-12-01 | 1 | -1/+1 |
| |