aboutsummaryrefslogtreecommitdiffstats
path: root/Mailman (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Separate data in CSRF token by colon to avoid collisions.Ralf Jung2018-06-032-6/+6
| | | | | | This makes the data-to-token function injective. Previously, for example, the list called "list1" and the IP "10.0.0.0" would have the same hash as the list called "list" and the IP "110.0.0.0", as the strings were just concatenated.
* Internationalize the noscript note added to reCAPTCHA.Mark Sapiro2018-05-261-2/+3
|
* A few more error messages have had their values HTML escaped.Mark Sapiro2018-05-211-1/+2
|
* Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.Mark Sapiro2018-05-051-0/+1
|
* bin/arch now uses i18n.C_ for progress messages.Mark Sapiro2018-05-032-11/+12
|
* Improve DELIVERY_RETRY_WAIT reimplementation.Mark Sapiro2018-04-102-6/+9
|
* Fixed another Python 2.7 dependency.Mark Sapiro2018-03-121-3/+2
|
* Added a few more badword checks to Utils.suspiciousHTML().Mark Sapiro2018-03-082-5/+36
| | | Added validation of GUI updates to host_name.
* Bad values in topics no longer break the list.Mark Sapiro2018-03-081-2/+10
|
* Removed a Python 2.7 dependency introduced in 2.1.26.Mark Sapiro2018-03-011-1/+1
|
* Bumped branch version to: 2.1.26Mark Sapiro2018-02-041-2/+2
|
* Fix XSS and info leak in options CGI - CVE-2018-5950Mark Sapiro2018-02-041-15/+17
|
* It's not necessary to replace _ with - in language codes for reCAPTCHA.Mark Sapiro2018-02-031-3/+1
|
* Corrected i18n from rev. 1738 and updated message catalogs.Mark Sapiro2018-01-301-3/+5
|
* Added the ability to add reCAPTCHA to the listinfo subscribe form.Mark Sapiro2018-01-293-3/+44
|\
| * Allow the list subscription form to be protected from spam bots usingDavid Siebörger2018-01-293-0/+38
|/ | | | reCAPTCHA.
* Removed a Python 2.7 dependency from pipermail.py.Mark Sapiro2017-12-291-2/+2
|
* Show match in hold reason for header_filter_rules.Mark Sapiro2017-12-091-2/+8
|
* Ignore missing .db files when updating group and mode.Mark Sapiro2017-11-231-1/+6
|
* The DELIVERY_RETRY_WAIT setting is now effective.Mark Sapiro2017-11-022-1/+7
|
* Bumped branch version to: 2.1.25Mark Sapiro2017-10-261-2/+2
|
* Updated i18n in preparation for 2.1.25 release.Mark Sapiro2017-10-261-2/+2
| | | Fixed a minor typo.
* Improved DMARC testing for domains with DNSSEC validation problems.Mark Sapiro2017-10-071-2/+14
|
* The default DMARC reject reason now properly replaces %(listowner)s.Mark Sapiro2017-09-221-0/+1
|
* Show case preserved emails in the roster.Mark Sapiro2017-07-301-0/+1
|
* Added screen reader labels to some admindb radio buttons.Mark Sapiro2017-06-242-24/+13
|
* Added text for screen readers only to checkboxes on admin Membership List.Mark Sapiro2017-06-212-8/+36
|
* Display date of held subscriptions and keep newest.Mark Sapiro2017-06-091-6/+11
|
* Reverted another getfirst in the multi-value CGI defence.Mark Sapiro2017-06-071-1/+1
|
* Ensure aliases.db and virtual-mailman.db are world readable and ownedMark Sapiro2017-06-061-3/+25
| | | by the Mailman user.
* Bumped Copyrights and fixed a bug in prior commit.Mark Sapiro2017-06-0512-14/+14
|
* Defend against CGI requests with multiple values for the same parameter.Mark Sapiro2017-06-0513-114/+114
|
* Fixed a regression in Cgi/options.py.Mark Sapiro2017-06-041-12/+12
|
* Bumped branch version to: 2.1.24Mark Sapiro2017-06-021-2/+2
|
* Added list-owner@virtual.domain addresses to virtual-mailman.Mark Sapiro2017-05-301-6/+29
|
* Display only the list-owner address in the 'list run by' footer.Mark Sapiro2017-05-301-3/+2
|
* Changed member_verbosity_threshold from a >= test to a strictly > test.Mark Sapiro2017-05-241-2/+2
|
* Implement base64 encoded recipient header.Mark Sapiro2017-05-232-0/+16
|
* Changed DEFAULT_MSG_FOOTER to use standard sig separator.Mark Sapiro2017-05-121-2/+5
|
* Improvements in subject prefixing with encoded prefixes.Mark Sapiro2017-05-121-6/+8
|
* Change 'subscribees' to 'subscribers' on admin mass subscribe page.Mark Sapiro2017-04-251-1/+1
| | | Update i18n.
* Fixed unexploitable XSS attach via crafted HTTP Host: header.Mark Sapiro2017-03-301-1/+1
|
* Treat message and digest headers and footers as empty if they containMark Sapiro2017-03-152-7/+11
| | | only whitespace.
* Fixed a long standing typo.Mark Sapiro2017-03-061-2/+2
|
* Ensure added headers and footers have a trailing new-line.Mark Sapiro2017-03-041-0/+3
|
* Fixed an uncaught TypeError in the subscribe CGI.Mark Sapiro2017-02-221-1/+1
|
* Added recognition for a newly seen mailEnable bounce.Mark Sapiro2017-02-141-0/+4
|
* Catch NotAMemberError when member is removed before probe bounce returns.Mark Sapiro2017-02-141-13/+21
|
* Fixed a TypeError thrown in the roster CGI when called with a listnameMark Sapiro2017-02-031-3/+3
| | | containing a % character.
* Fixed a NameError issue in bin/add_members with DISABLE_COMMAND_LOCALE_CSET ↵Mark Sapiro2016-12-051-1/+3
| | | | = yes.