From 6fac67d23d53d2bb46b300e53a33da1c8f09cb86 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Wed, 10 Jun 2020 15:04:26 -0700 Subject: Implement WARN_MEMBER_OF_SUBSCRIBE subscribe setting. --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 692731a1..8a9e2b85 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,10 @@ Here is a history of user visible changes to Mailman. - DMARC mitigation no longer misses if the domain name returned by DNS contains upper case. (LP: #1881035) + - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent + mailbombing of a member of a list with private rosters by repeated + subscribe attempts. (LP: #1883017) + 2.1.33 (07-May-2020) Security -- cgit v1.2.3 From 53a0828d3ee7eb1ea2726c12495e22e0640dade3 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Sun, 21 Jun 2020 11:45:30 -0700 Subject: Truncate very long names for scrubbed attachments. --- NEWS | 3 +++ 1 file changed, 3 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 8a9e2b85..d818e086 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,9 @@ Here is a history of user visible changes to Mailman. mailbombing of a member of a list with private rosters by repeated subscribe attempts. (LP: #1883017) + - Very long filenames for scrubbed attachments are now truncated. + (LP: #1884456) + 2.1.33 (07-May-2020) Security -- cgit v1.2.3 From b5f560fadeeaee6cef743607cb6edbe07ab9d22d Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Fri, 26 Jun 2020 17:08:07 -0700 Subject: Added a couple of CVE references. --- NEWS | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index d818e086..e9a68427 100644 --- a/NEWS +++ b/NEWS @@ -32,13 +32,13 @@ Here is a history of user visible changes to Mailman. Security - A content injection vulnerability via the private login page has been - fixed. (LP: #1877379) + fixed. CVE-2020-15011 (LP: #1877379) 2.1.32 (05-May-2020) i18n - Fixed a typo in the Spanish translation and uptated mailman.pot and + Fixed a typo in the Spanish translation and updated mailman.pot and the message catalog for 2.1.31 security fix. 2.1.31 (05-May-2020) @@ -46,7 +46,8 @@ Here is a history of user visible changes to Mailman. Security - A content injection vulnerability via the options login page has been - discovered and reported by Vishal Singh. This is fixed. (LP: #1873722) + discovered and reported by Vishal Singh. This is fixed. CVE-2020-12108 + (LP: #1873722) i18n -- cgit v1.2.3 From 9abf613d3922c0a753cedc89796386f1ab585585 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Fri, 26 Jun 2020 17:15:40 -0700 Subject: Prepare for 2.1.34 release. --- NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index e9a68427..85bb2288 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ Copyright (C) 1998-2020 by the Free Software Foundation, Inc. Here is a history of user visible changes to Mailman. -2.1.34 (xx-xxx-xxxx) +2.1.34 (26-Jun-2020) i18n -- cgit v1.2.3