aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman (unfollow)
Commit message (Collapse)AuthorFilesLines
2011-10-13The fix for BUG #266220 (sf1181161) has been enhanced so that if thereMark Sapiro1-1/+18
is a pathological HTML part such that the Approved: password text isn't found, but it is found after stripping out HTML tags, the post is rejected with an informative message.
2011-10-04- Mailman/Gui/General.pyMark Sapiro2-3/+18
Fixed the setting of new_member_options so that unprocessed bits are not changed. Augmented the logic so that bin/config_list can set or reset any bits in mm_cfg.OPTINFO. Bug #865825. - Mailman/Defaulys.py.in Added missing bits to OPTINFO.
2011-09-29Eliminated the list cache from the qrunners. Indirect self-referencesMark Sapiro1-17/+12
caused lists to never be dropped from the cache which in turn caused the qrunners to grow very large in installations with many lists or multiple large lists. Bug #862683.
2011-09-29A problem with the logic avoiding unnecessarily reloading a current listMark Sapiro1-3/+12
object from the config.pck arises if the list is updated by another process within the same second that it was last read/written. That can cause the reading of latest version of the list to be skipped. This has been fixed. Bug #862675.
2011-09-15Strengthened the validation of email address domains.Mark Sapiro1-0/+6
2011-09-15Added Greek translation from Antonis Limperis.Mark Sapiro1-0/+1
2011-06-07The user options 'list my other subscriptions' page now indicates forMark Sapiro1-0/+6
each list if the subscription is 'nomail' or 'digest'. Bug #793669.
2011-06-02Fixed a problem which could result in raw, undecoded message bodiesMark Sapiro1-4/+7
appearing in plain digests and archives. Bug #787790.
2011-05-10Fixed a problem in admindb.py where the character set for the display ofMark Sapiro1-1/+8
the message body excerpt was not correctly determined. Bug #779751.
2011-05-09Prevented setting user passwords with leading/trailing whitespace. Bug #778088.Mark Sapiro3-10/+10
2011-05-01Made the web escaping of additional characters a configuration setting.Mark Sapiro2-12/+31
2011-04-26Since context may be AuthUser, we must refresh the cookie where we have a user.Mark Sapiro1-2/+2
2011-04-26Yet another change to the broken browser HTML escaping.Mark Sapiro1-1/+2
2011-04-26Don't try converting non-ascii to HTML entities in unicode.Mark Sapiro1-2/+5
2011-04-25Don't redefine existing authentication contexts.Mark Sapiro1-2/+2
2011-04-25A new list poster password has been implemented. This password may onlyMark Sapiro6-6/+50
be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581.
2011-04-25Strengthened escaping of user web data by including some characters thatMark Sapiro1-0/+8
some older browsers misinterpret as < or >.
2011-04-25A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added.Mark Sapiro2-1/+10
If this is set to a non-zero value, web authentication cookies will expire that many seconds following their last use. Its default value is zero to preserve current behavior.
2011-04-25Mailman now sets the 'secure' flag in cookies set via https URLs.Mark Sapiro1-1/+6
Bug #770377.
2011-04-23Added a logout link to the admindb interface and made both admin andMark Sapiro2-3/+27
admindb logout effective for a site admin cookie if allowed. Bug #769318.
2011-04-16Changed bin/genaliases to only call the POSTFIX_*_CMD commands once whenMark Sapiro1-2/+5
MTA = 'Postfix'. Bug #266408.
2011-04-15Refactor last change for i18n.Mark Sapiro1-5/+7
2011-04-14Added a report of the affected members to the warnings issued whenMark Sapiro1-3/+5
setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232.
2011-04-12Fixed a problem where content filtering could remove the headers fromMark Sapiro1-1/+8
an attached message/rfc822 part if the message in that part is multipart/alternative and collapse_alternatives is Yes. Bug #757062.
2011-04-07Fix for bug #701558 went to far. Don't recast message/rfc822 parts.Mark Sapiro1-2/+4
We want to keep the headers.
2011-03-29Changed the subscribe CGI to strip leading and trailing whitespace fromMark Sapiro1-2/+2
the supplied email address. Bug #745432.
2011-03-21Changed the maximum number of arguments for the who command to beMark Sapiro1-2/+2
considered administrivia from 2 to 1 to help avoid false positives. Bug #739524.
2011-03-21Added the list name as 'display-name' in added Sender: headers to helpMark Sapiro1-3/+4
mitigate Outlook et al 'on behalf of' displays. Bug #736849.
2011-02-18An XSS vulnerability, CVE-2011-0707, has been fixed.Mark Sapiro1-3/+3
2011-02-07- Fixed an uncaught KeyError when poster tries to cancel a post which wasMark Sapiro1-2/+3
already handled. Bug #266224.
2011-02-07- Held message user notifications now come From: list-owner instead ofMark Sapiro1-5/+2
list-bounces. Bug #714424.
2011-02-07- A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to controlMark Sapiro3-19/+77
how much of the original message is included in automatic responses to email commands. The default is 2 to preserve the prior behavior of including the full message. Setting this to 1 in mm_cfg.py will include only the original headers, and 0 will include none of the original. It is recommended to set this to 0 in mm_cfg.py to minimize the effects of backscatter. Bug #265835. - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added to control the default for respond_to_post_requests for new lists. It is set to Yes for backwards compatibility, but it is recommended that serious consideration be given to setting it to No. Bug #266051. - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to control whether a message to the -request address without any commands or a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP is responded to or just logged. It defaults to Yes which is different from prior behavior. Bug #410236.
2011-02-05Updated copyright year for previous change.Mark Sapiro1-1/+1
2011-02-05Issue an HTTP 404 status for private archive file not found.Mark Sapiro1-0/+1
2011-01-24 @listname entries in *_these_nonmembers are no longer case sensitive.Mark Sapiro1-4/+5
Bug #705715.
2011-01-13- Fixed a bug where content filtering could leave a multipart message orMark Sapiro1-1/+21
part with just one sub-part. These should be recast to just the sub-part. Bug #701558.
2011-01-13- Fixed a bug that could erroneously handle posts from addresses inMark Sapiro1-5/+7
*_these_nonmembers and send held/rejected notices to bogus addresses when The From or other sender header is RFC 2047 encoded. Bug #702516.
2010-12-22Added bounce recognition for a bogus Dovecot MDN. Bug #693134.Mark Sapiro1-1/+7
2010-12-04 - Fixed a problem where an emailed command in the Subject: header with aMark Sapiro2-5/+6
non-ascii l10n of an 'Re:' prefix is ignored. Bug #685261. - Fixed a problem with approving a post by email when the body of the approval mail is base64 encoded. Bug #677115.
2010-09-20Preparing 2.1.14 release.Mark Sapiro1-3/+3
2010-09-10Made minor wording improvements and typo corrections in some messages.Mark Sapiro4-14/+14
Bug #426979.
2010-09-09Preparing 2.1.14rc1 release.Mark Sapiro1-4/+4
2010-09-09Two potential XSS vulnerabilities have been identified and fixed.Mark Sapiro3-98/+100
2010-09-07It's not necessary to catch KeyError - dict is a SafeDict().Mark Sapiro1-1/+1
2010-09-07Fixed i18n._() to catch exceptions due to bad formats. Bug #632660.Mark Sapiro1-2/+6
2010-09-03Fixed admindb interface to decode base64 and quoted-printable encodedMark Sapiro1-1/+1
message body excerpts for display. Bug #629738.
2010-07-27Changed the member options login page unsubscribe request to include theMark Sapiro1-1/+2
requesters IP address in the confirmation request. Bug #610527.
2010-07-11Bounce processing has been enhanced so that if a bounce is returned to aMark Sapiro1-2/+31
list from a non-member who is a member of a regular_include_list, the bounce will be processed as a bounce for the included list.
2010-07-02Increased the font size of 'Welcome!'on admin overview for consistency with ↵Mark Sapiro1-1/+1
listinfo.
2010-06-30Bump DATA_FILE_VERSION.Malte S. Stretz1-1/+1