Commit message (Collapse) | Author | Files | Lines | ||
---|---|---|---|---|---|
2012-02-23 | Added a few more safe_params to the CSRF check. | Mark Sapiro | 1 | -1/+2 | |
2012-02-17 | Subscription disabled warnings are now sent without a Precedence: | Mark Sapiro | 2 | -5/+6 | |
header. Bug #808821. | |||||
2012-02-05 | Backported 2.2 branch fix for a problem in SpamDetect.py that could | Mark Sapiro | 1 | -36/+20 | |
cause header_filter_rules to fail to match RFC 2047 encoded headers. | |||||
2012-02-05 | Added Tokio Kikuchi's Cross-site Request Forgery hardening to the admin UI. | Mark Sapiro | 4 | -9/+114 | |
2011-12-31 | Fix for bug #629738 could cause a crash in the admindb details display | Mark Sapiro | 1 | -1/+3 | |
if the decoded message body contained characters not in the character set of the list's preferred language. Fixed. Bug #910440. | |||||
2011-12-25 | Added recognition for another Qmail bounce. | Mark Sapiro | 1 | -2/+3 | |
2011-12-12 | Fixed an erroneous seek in the Mailman.Mailbox.Mailbox.AppendMessage | Mark Sapiro | 1 | -3/+4 | |
method that could cause a corrupt mailbox for files opened 'w+'. Bug #901957. | |||||
2011-11-29 | A held message with a null sender caused a crash in the admindb | Mark Sapiro | 1 | -1/+3 | |
interface. This is fixed by changing the sender to <missing>. Bug #897103. | |||||
2011-11-27 | Added some missing German templates from Egon Frerich. | Mark Sapiro | 1 | -0/+0 | |
2011-11-26 | Removed Python 2.5 dependency from fix for Bug #770377. | Mark Sapiro | 1 | -2/+2 | |
2011-11-22 | Changed subject prefixing to allow for possible whitespace between an | Mark Sapiro | 1 | -2/+2 | |
'Re' and the following colon when determining how to add the prefix. Bug #893290. | |||||
2011-11-17 | Fixed a problem where topics regexps would not match RFC 2047 encoded | Mark Sapiro | 1 | -4/+13 | |
Keywords: and/or Subject: headers. Bug #891676. | |||||
2011-11-13 | Strengthened the validation of email addresses. | Mark Sapiro | 1 | -8/+3 | |
2011-11-13 | Fixed misleading response to an email approval of a held message. | Mark Sapiro | 2 | -4/+15 | |
Bug #889968. | |||||
2011-11-12 | Added masthead.txt to the list of templates that can be edited via the | Mark Sapiro | 1 | -1/+2 | |
web admin interface. Bug #266805. | |||||
2011-11-11 | Changed the way digest_footer is added to the RFC 1153 (plain) format | Mark Sapiro | 1 | -7/+8 | |
digest for RFC compliance. Bug #887610. | |||||
2011-10-13 | The fix for BUG #266220 (sf1181161) has been enhanced so that if there | Mark Sapiro | 1 | -1/+18 | |
is a pathological HTML part such that the Approved: password text isn't found, but it is found after stripping out HTML tags, the post is rejected with an informative message. | |||||
2011-10-04 | - Mailman/Gui/General.py | Mark Sapiro | 2 | -3/+18 | |
Fixed the setting of new_member_options so that unprocessed bits are not changed. Augmented the logic so that bin/config_list can set or reset any bits in mm_cfg.OPTINFO. Bug #865825. - Mailman/Defaulys.py.in Added missing bits to OPTINFO. | |||||
2011-09-29 | Eliminated the list cache from the qrunners. Indirect self-references | Mark Sapiro | 1 | -17/+12 | |
caused lists to never be dropped from the cache which in turn caused the qrunners to grow very large in installations with many lists or multiple large lists. Bug #862683. | |||||
2011-09-29 | A problem with the logic avoiding unnecessarily reloading a current list | Mark Sapiro | 1 | -3/+12 | |
object from the config.pck arises if the list is updated by another process within the same second that it was last read/written. That can cause the reading of latest version of the list to be skipped. This has been fixed. Bug #862675. | |||||
2011-09-15 | Strengthened the validation of email address domains. | Mark Sapiro | 1 | -0/+6 | |
2011-09-15 | Added Greek translation from Antonis Limperis. | Mark Sapiro | 1 | -0/+1 | |
2011-06-07 | The user options 'list my other subscriptions' page now indicates for | Mark Sapiro | 1 | -0/+6 | |
each list if the subscription is 'nomail' or 'digest'. Bug #793669. | |||||
2011-06-02 | Fixed a problem which could result in raw, undecoded message bodies | Mark Sapiro | 1 | -4/+7 | |
appearing in plain digests and archives. Bug #787790. | |||||
2011-05-10 | Fixed a problem in admindb.py where the character set for the display of | Mark Sapiro | 1 | -1/+8 | |
the message body excerpt was not correctly determined. Bug #779751. | |||||
2011-05-09 | Prevented setting user passwords with leading/trailing whitespace. Bug #778088. | Mark Sapiro | 3 | -10/+10 | |
2011-05-01 | Made the web escaping of additional characters a configuration setting. | Mark Sapiro | 2 | -12/+31 | |
2011-04-26 | Since context may be AuthUser, we must refresh the cookie where we have a user. | Mark Sapiro | 1 | -2/+2 | |
2011-04-26 | Yet another change to the broken browser HTML escaping. | Mark Sapiro | 1 | -1/+2 | |
2011-04-26 | Don't try converting non-ascii to HTML entities in unicode. | Mark Sapiro | 1 | -2/+5 | |
2011-04-25 | Don't redefine existing authentication contexts. | Mark Sapiro | 1 | -2/+2 | |
2011-04-25 | A new list poster password has been implemented. This password may only | Mark Sapiro | 6 | -6/+50 | |
be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581. | |||||
2011-04-25 | Strengthened escaping of user web data by including some characters that | Mark Sapiro | 1 | -0/+8 | |
some older browsers misinterpret as < or >. | |||||
2011-04-25 | A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added. | Mark Sapiro | 2 | -1/+10 | |
If this is set to a non-zero value, web authentication cookies will expire that many seconds following their last use. Its default value is zero to preserve current behavior. | |||||
2011-04-25 | Mailman now sets the 'secure' flag in cookies set via https URLs. | Mark Sapiro | 1 | -1/+6 | |
Bug #770377. | |||||
2011-04-23 | Added a logout link to the admindb interface and made both admin and | Mark Sapiro | 2 | -3/+27 | |
admindb logout effective for a site admin cookie if allowed. Bug #769318. | |||||
2011-04-16 | Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when | Mark Sapiro | 1 | -2/+5 | |
MTA = 'Postfix'. Bug #266408. | |||||
2011-04-15 | Refactor last change for i18n. | Mark Sapiro | 1 | -5/+7 | |
2011-04-14 | Added a report of the affected members to the warnings issued when | Mark Sapiro | 1 | -3/+5 | |
setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232. | |||||
2011-04-12 | Fixed a problem where content filtering could remove the headers from | Mark Sapiro | 1 | -1/+8 | |
an attached message/rfc822 part if the message in that part is multipart/alternative and collapse_alternatives is Yes. Bug #757062. | |||||
2011-04-07 | Fix for bug #701558 went to far. Don't recast message/rfc822 parts. | Mark Sapiro | 1 | -2/+4 | |
We want to keep the headers. | |||||
2011-03-29 | Changed the subscribe CGI to strip leading and trailing whitespace from | Mark Sapiro | 1 | -2/+2 | |
the supplied email address. Bug #745432. | |||||
2011-03-21 | Changed the maximum number of arguments for the who command to be | Mark Sapiro | 1 | -2/+2 | |
considered administrivia from 2 to 1 to help avoid false positives. Bug #739524. | |||||
2011-03-21 | Added the list name as 'display-name' in added Sender: headers to help | Mark Sapiro | 1 | -3/+4 | |
mitigate Outlook et al 'on behalf of' displays. Bug #736849. | |||||
2011-02-18 | An XSS vulnerability, CVE-2011-0707, has been fixed. | Mark Sapiro | 1 | -3/+3 | |
2011-02-07 | - Fixed an uncaught KeyError when poster tries to cancel a post which was | Mark Sapiro | 1 | -2/+3 | |
already handled. Bug #266224. | |||||
2011-02-07 | - Held message user notifications now come From: list-owner instead of | Mark Sapiro | 1 | -5/+2 | |
list-bounces. Bug #714424. | |||||
2011-02-07 | - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control | Mark Sapiro | 3 | -19/+77 | |
how much of the original message is included in automatic responses to email commands. The default is 2 to preserve the prior behavior of including the full message. Setting this to 1 in mm_cfg.py will include only the original headers, and 0 will include none of the original. It is recommended to set this to 0 in mm_cfg.py to minimize the effects of backscatter. Bug #265835. - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added to control the default for respond_to_post_requests for new lists. It is set to Yes for backwards compatibility, but it is recommended that serious consideration be given to setting it to No. Bug #266051. - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to control whether a message to the -request address without any commands or a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP is responded to or just logged. It defaults to Yes which is different from prior behavior. Bug #410236. | |||||
2011-02-05 | Updated copyright year for previous change. | Mark Sapiro | 1 | -1/+1 | |
2011-02-05 | Issue an HTTP 404 status for private archive file not found. | Mark Sapiro | 1 | -0/+1 | |