aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-07-09Fixed a possible list membership leak via the user options CGI.HEADupstream/2.1masterMark Sapiro1-30/+30
2022-02-22Improve fix for lp:1961762 in prior commit.Mark Sapiro1-1/+2
2022-02-22Avoid 500 Internal Server Error for non-member with private roster.Mark Sapiro1-2/+2
2021-12-13Bumped branch version to: 2.1.39Mark Sapiro1-2/+2
2021-12-13Fix NameError and case sensitivity in CSRF check.Mark Sapiro1-2/+2
2021-11-30Bumped branch version to: 2.1.38Mark Sapiro1-2/+2
2021-11-30Block CSRF attack against admin or admindb pages.Mark Sapiro4-5/+21
2021-11-23Prior commit was incomplete.Mark Sapiro1-4/+5
2021-11-21Avoid NotAMemberError in CSRF check from user options page.Mark Sapiro1-11/+11
2021-11-12Bumped branch version to: 2.1.37Mark Sapiro1-2/+2
2021-11-12Fix admindb for list with no mod password.Mark Sapiro2-2/+3
2021-11-11Bumped branch version to: 2.1.36Mark Sapiro1-2/+2
2021-11-03Use moderator rather than admin for admindb CSRF token.Mark Sapiro1-2/+1
2021-11-03Fix a potentail XSS attack via the user options page.Mark Sapiro1-0/+2
2021-10-19Bumped branch version to: 2.1.35Mark Sapiro1-2/+2
2021-10-18Fixes for CVEs 2021-42096 and 2021-42097.Mark Sapiro3-16/+32
2021-10-01Improve doc for VERP_PASSWORD_REMINDERS.Mark Sapiro1-1/+4
2021-06-06DMARC policy ignores domains with multiple DMARC records.Mark Sapiro1-1/+2
2021-04-07Translate 'disabled' when used.Mark Sapiro1-1/+3
2021-03-31Improve fix for lp:1921682.Mark Sapiro1-2/+4
2021-03-30Decode message bodies for replies in CommandRunner.Mark Sapiro1-0/+3
2021-03-06Fix bug in prior commit.Mark Sapiro1-2/+2
2021-03-05Thghten conditions for scrubbing text/plain.Mark Sapiro1-1/+7
2021-02-14Fix missing Subject: in some Wrap Message wrappers.Mark Sapiro1-2/+8
2020-12-18Added recognition for a non-compliant DSN from an unknown MTA.Mark Sapiro1-0/+4
2020-10-22Added onhashchange to the HTML _badwords list.Mark Sapiro1-0/+1
2020-06-26Bumped branch version to: 2.1.34Mark Sapiro1-2/+2
2020-06-21Truncate very long names for scrubbed attachments.Mark Sapiro1-1/+2
2020-06-10Implement WARN_MEMBER_OF_SUBSCRIBE subscribe setting.Mark Sapiro2-0/+5
2020-05-28DMARC mitigation no longer misses upper case names.Mark Sapiro1-2/+4
2020-05-18Extend REFUSE_SECOND_PENDING to unsubscription as well.Mark Sapiro4-8/+21
2020-05-13Fix potential ValueError in MailList.CheckPending.Mark Sapiro1-4/+3
2020-05-07Bumped branch version to: 2.1.33Mark Sapiro1-2/+2
2020-05-07Fixed content injection vulnerability via the private login page.Mark Sapiro1-7/+3
2020-05-05Bumped branch version to: 2.1.32Mark Sapiro1-2/+2
2020-05-05Bumped branch version to: 2.1.31Mark Sapiro1-2/+2
2020-05-05Fixed options login content injection vulnerability.Mark Sapiro1-1/+1
2020-04-25Workaround non-ascii in string.lowercase.Mark Sapiro1-0/+4
2020-04-25Updates to bounce recognition.Mark Sapiro1-0/+4
2020-04-13Bumped branch version to: 2.1.30Mark Sapiro1-3/+3
2020-01-16Valid address pattern needs to consume the whole string.Mark Sapiro1-1/+1
2020-01-16Fixed SimpleMatch to only return valid addresses.Mark Sapiro2-7/+28
2020-01-11Bumped branch version to: 2.1.30rc1Mark Sapiro1-4/+4
2020-01-09Implement REFUSE_SECOND_PENDING setting to prevent multiple pending subscribes.Mark Sapiro5-0/+37
2019-11-08Fix possible UnicodeDecodeError in sending subscription confirmation.Mark Sapiro1-2/+3
2019-11-08Implement new drop_cc switch.Mark Sapiro6-3/+30
2019-10-05Changed new 'Successfully unsubscribed:' to existingMark Sapiro1-1/+1
'Successfully Unsubscribed:' and updated i18n.
2019-09-17Implemented web admin sync members.Mark Sapiro2-2/+110
2019-06-10Don't enable CAPTCHA if 'en' key is not setRalf Jung1-1/+1
2019-06-10Mention in the docs that 'en' is used as the default keyRalf Jung1-0/+3