Mailman - The GNU Mailing List Management System Copyright (C) 1998-2011 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Here is a history of user visible changes to Mailman. 2.1.15 (xx-xxx-xxxx) Security - An XSS vulnerability, CVE-2011-0707, has been fixed. New Features - The user options 'list my other subscriptions' page now indicates for each list if the subscription is 'nomail' or 'digest'. Bug #793669. - A new list poster password has been implemented. This password may only be used in Approved: or X-Approved: headers for pre-approving posts. Using this password for that purpose precludes compromise of a more valuable password sent in plain text email. Bug #770581. - A new mm_cfg.py setting AUTHENTICATION_COOKIE_LIFETIME has been added. If this is set to a non-zero value, web authentication cookies will expire that many seconds following their last use. Its default value is zero to preserve current behavior. - A new mm_cfg.py setting RESPONSE_INCLUDE_LEVEL has been added to control how much of the original message is included in automatic responses to email commands. The default is 2 to preserve the prior behavior of including the full message. Setting this to 1 in mm_cfg.py will include only the original headers, and 0 will include none of the original. It is recommended to set this to 0 in mm_cfg.py to minimize the effects of backscatter. Bug #265835. - A new mm_cfg.py setting DEFAULT_RESPOND_TO_POST_REQUESTS has been added to control the default for respond_to_post_requests for new lists. It is set to Yes for backwards compatibility, but it is recommended that serious consideration be given to setting it to No. Bug #266051. - A new mm_cfg.py setting DISCARD_MESSAGE_WITH_NO_COMMAND has been added to control whether a message to the -request address without any commands or a message to -confirm whose To: address doesn't match VERP_CONFIRM_REGEXP is responded to or just logged. It defaults to Yes which is different from prior behavior. Bug #410236. - Two new mm_cfg.py settings, BROKEN_BROWSER_WORKAROUND and BROKEN_BROWSER_REPLACEMENTS, have been added to control escaping of additional characters beyond the standard <, >, &, and " in the web UI. See the documentation of these settings in Defaults.py. The default values for these settings result in no change from the prior release. Bug #774588. i18n - Fixed a misspelling in the German invite.txt template. Bug #815444. - Fixed a missing format character in the Spanish translation. Bug #670988. Bug Fixes and other patches - Fixed bin/export.py to accept case insensitive password schemes. Bug #833134. - Added Tokio Kikuchi's icons to the misc/ and installed icons/ directories. Bug #782474. - Fixed a problem which could result in raw, undecoded message bodies appearing in plain digests and archives. Bug #787790. - Fixed a problem in admindb.py where the character set for the display of the message body excerpt was not correctly determined. Bug #779751. - Prevented setting user passwords with leading/trailing whitespace. Bug #778088. - Mailman now sets the 'secure' flag in cookies set via https URLs. Bug #770377. - Added a logout link to the admindb interface and made both admin and admindb logout effective for a site admin cookie if allowed. Bug #769318. - Replaced the old Mailman logos and icon that install to Mailman's icons directory with the new ones. If you copy these elsewhere on your server, please copy these new ones. - Changed bin/genaliases to only call the POSTFIX_*_CMD commands once when MTA = 'Postfix'. Bug #266408. - Added a report of the affected members to the warnings issued when setting a list with digest members digestable=No and when setting a list with non-digest members nondigestable=no. Bug #761232. - Fixed a problem where content filtering could remove the headers from an attached message/rfc822 part if the message in that part is multipart/alternative and collapse_alternatives is Yes. Bug #757062. - Changed the subscribe CGI to strip leading and trailing whitespace from the supplied email address. Bug #745432. - Changed the maximum number of arguments for the who command to be considered administrivia from 2 to 1 to help avoid false positives. Bug #739524. - Added the list name as 'display-name' in added Sender: headers to help mitigate Outlook et al 'on behalf of' displays. Bug #736849. - Fixed a typo in the usage() definition cron/gate_news. Bug #721015. - Fixed an uncaught KeyError when poster tries to cancel a post which was already handled. Bug #266224. - Held message user notifications now come From: list-owner instead of list-bounces. Bug #714424. - Issue an HTTP 404 status for private archive file not found. - @listname entries in *_these_nonmembers are no longer case sensitive. Bug #705715. - Changed bin/rmlist to also remove heldmsg files for the removed list and fixed a problem with removal of stale locks for the list. Bug #700528. - Fixed a bug where content filtering could leave a multipart message or part with just one sub-part. These should be recast to just the sub-part. Bug #701558. - Fixed a bug that could erroneously handle posts from addresses in *_these_nonmembers and send held/rejected notices to bogus addresses when The From or other sender header is RFC 2047 encoded. Bug #702516. - Updated contrib/mm-handler-2.1.10 to better handle lists with names that look like admin addresses. Bug #697161. - Added bounce recognition for a bogus Dovecot MDN. Bug #693134. - Fixed a problem where an emailed command in the Subject: header with a non-ascii l10n of an 'Re:' prefix is ignored. Bug #685261. - Fixed a problem with approving a post by email when the body of the approval mail is base64 encoded. Bug #677115. - Fixed the host name in the From: address of the owner notification from bin/add_members. Bug #666181. 2.1.14 (20-Sep-2010) Security - Two potential XSS vulnerabilities have been identified and fixed. New Features - A new feature for controlling the addition/replacement of the Sender: header in outgoing mail has been implemented. This allows a list owner to set include_sender_header on the list's General Options page in the admin GUI. The default for this setting is Yes which preserves the prior behavior of removing any pre-existing Sender: and setting it to the list's -bounces address. Setting this to No stops Mailman from adding or modifying the Sender: at all. Additionally, there is a new Defaults.py/mm_cfg.py setting ALLOW_SENDER_OVERRIDES which defaults to Yes but which can be set to No to remove the include_sender_header setting from General Options, and thus preserve the prior behavior completely. - Bounce processing has been enhanced so that if a bounce is returned to a list from a non-member who is a member of a regular_include_list, the bounce will be processed as a bounce for the included list. i18n - Fixed a missing format character in the German bin/mailmanctl docstring. - Updated Dutch translation from Jan Veuger. - Updated Japanese Translation from Tokio Kikuchi. - Updated Finnish translation from Joni Töyrylä. - Made a few corrections to some Polish templates. Bug #566731. - Made a minor change to the Chinese (China) message catalog. Bug #545772. - Changed a few DOCTYPE directives in templates for compliance. Bug #500952 and Bug #500955. Bug Fixes and other patches - Made minor wording improvements and typo corrections in some messages. Bug #426979. - Fixed i18n._() to catch exceptions due to bad formats. Bug #632660. - Fixed admindb interface to decode base64 and quoted-printable encoded message body excerpts for display. Bug #629738. - Fixed web CGI tracebacks to properly report sys.path. Bug #615114. - Changed the member options login page unsubscribe request to include the requesters IP address in the confirmation request. Bug #610527. - Changed fix_url to lock the list if not locked. Bug #610364. - Made a minor change to the English subscribeack.txt (welcome message) template to emphasize that a password is only required to unsubscribe *without confirmation*. - Fixed an issue in admindb that could result in a KeyError and "we hit a bug" response when a moderator acts on a post that had been handled by someone else after the first moderator had retrieved it. Bug #598671. - Fixed a bug which would fail to show a list on the admin and listinfo overview pages if its web_page_url contained a :port. Bug # 597741. - Fixed bin/genaliases to not throw TypeError when MTA = None. Bug #587657. - Provided the ability to specify in mm_cfg.py a local domain (e.g. 'localhost') for the local addresses in the generated virtual-mailman when MTA = 'Postfix'. See VIRTUAL_MAILMAN_LOCAL_DOMAIN in Defaults.py. Bug #328907. - Made a minor change to the removal of an Approved: pseudo-header from a text/html alternative to allow for an inserted '\xA0' before the password. - Fixed Content Filtering collapse_alternatives to work on deeply nested multipart/alternative parts. Bug #576675. - We now accept/remove X-Approved: and X-Approve: headers in addition to Approved: and Approve: for pre-approving posts. Bug #557750. - Reordered the 'cancel' and 'subscribe' buttons on the subscription confirmation web page so the default action upon 'enter' will be the subscribe button in browsers that pick the first button. Bug #530654. - Fixed a bug in the admindb interface that could apply a moderator action to a message not displayed. Bug #533468. - Added a traceback to the log message produced when processing the digest.mbox throws an exception. - Added a urlhost argument to the MailList.MailList.Create() method to allow bin/newlist and the the create CGI to pass urlhost so the host will be correct in the listinfo link on the emptyarchive page. Bug #529100. - Added the List-Post header to the default list of headers retained in messages in the MIME digest. Bug #526143. - When daemonizing mailmanctl, we now ensure terminal files are closed. - Fixed a bug in pipermail archiving that caused fallback threading by subject to fail. Bug #266572. - We now give an HTTP 401 status for authentication failures from admin, admindb, private, options and roster CGIs, and an HTTP 404 status from all the CGIs for an invalid list name. - Backported the listinfo template change from the 2.2 branch to fix Bug #514050. - Fixed a bug where going to an archives/private/list.mbox/list.mbox URL would result in a munged URL if authentication was required. Bug #266164. - Fixed a bug where check_perms would throw an OSError if an entry in Mailman's lists/ directory was not a directory. Bug #265613. - Fixed a bug where a message with an Approved: header held by a handler that precedes Approve (SpamDetect by default) would not have the Approved: header removed if the held message was approved. Bug #501739. 2.1.13 (22-Dec-2009) i18n - Updated Dutch message catalog from Jan Veuger. - Added Asturian translation from Marcos Costales and the Asturian Language Team. Bug Fixes and other patches - Added "white-space: pre-wrap" style for
 tag in archives.
      Bug #266467.

    - Added vette logging for rejected and discarded (un)subscribe requests.

    - Fixed a bug in admindb.py that could erroneously discard an unsubscribe
      request as a duplicate.

    - Decoded RFC 2047 encoded message subjects for a few reports.
      Bug #266428.

    - Fixed the French, Spanish and Hebrew translations which improperly
      translated the 'coding:' line in bin/config_list output.

    - Fixed the auto-responder to treat messages to -confirm, -join, -leave,
      -subscribe and -unsubscribe as requests rather than posts.  Bug #427962.

    - Configure/make no longer builds Japanese and Korean codecs in
      pythonlib if Python already has them.

    - Inadvertently setting a null site or list password allowed access
      to a list's web admin interface without authentication.  Fixed by
      not accepting null passwords.

    - Changed VERP_CONFIRM_REGEXP  in Defaults.py to work if the replying
      MUA folds the To: header and in cases where the list name includes '+'.

    - Fixed some paths in contrib/check_perms_grsecurity.py. Bug #411192.

    - Replies to commands sent to list-request now come From: list-owner
      instead of list-bounces.

    - Mailman no longer folds long sub-part headers in multipart messages.
      In addition, Mailman no longer escapes From_ lines in the body of
      messages sent to regular list members, although MTA's may do it anyway.
      This is to avoid breaking signatures per Bug #265967.

    - XSS protection in the web interface went too far in escaping HTML
      entities.  Fixed.

    - Removed or anonymized additional headers in posts to anonymous lists.

    - Fixed a bug that could cause incorrect threading of replies to archived
      messages that arrive with timestamps in the same second.

    - Scrubbed HTML attachments containing tab characters would get the tabs
      replaced by a string of ' ' without a semicolon.  Fixed.

    - Caught a TypeError in content filtering, collapse alternatives that
      occurred with a malformed message if a multipart/alternative part
      wasn't multi-part.  Reported in comments to bug #266230.

    - Fixed a few things in bin/update:
      - Changed some old messages for more current meaning.
      - Fixed qfiles update to not lose metadata from 2.1.5+ format entries.
      - Fixed 2.0.x template migration to not die if the templates/ tree
        contains subdirectories from a version control system.

    - Fixed a bug that would show a list on the admin and listinfo overview
      pages if its web_page_url host contained the current host as a
      substring.  Bug #342162.

    - Fixed a bug in Utils.canonstr() that would throw a UnicodeDecodeError
      if the string contained an HTML entity > 255 and also characters in the
      128-255 range.  Bug #341594.

    - Added recognition for more bounces.

    - Updated contrib/mmdsr to report preserved messages and to use mktemp to
      create temp files.

2.1.12 (23-Feb-2009)

  Bug fixes and other patches

    - Fix compatibility with Python 2.6.

    - Fixed a bug in admin.py which would result in chunked pages of the
      membership list for members whose address begins with a non-alphanumeric
      character to not be visible or retrievable.

    - Changed ListAdmin.py to make rejected post messages From: the -owner
      address instead of the -bounces address.

    - With MTA = 'Postfix', if the STANZA END for a list being removed is
      missing or munged, the remainder of the aliases and/or virtual-mailman
      file is lost.  Fixed.

    - Since Mailman 2.1.1, 2.0.x outstanding subscription and held message
      requests have not been migrated properly.  This is fixed.
      Bug #266106 (sf998384).

    - Changed cron/gate_news to continue processing the remaining lists on
      certain errors that can be caused by configuration of a particular list.
      Bug #265941 (sf775100).

    - Fixed a bug in AvoidDuplicates.py that caused it to fail if the address
      in the To: or Cc: header differed in case from the case-preserved member
      address.  Bug #297795.

    - Fixed a problem in SecurityManager that caused it to not find the
      cookie when CheckCookie was not given a user and the user in the cookie
      had a %xx encoded character.  Bug # 299220.

    - Fixed a minor fromusenet reporting issue in the contributed mmdsr
      script.

    - Fixed a minor issue in cron/gate_news that could cause a list's
      watermark to not be completely updated.

    - Fixed an issue that prevented editing the options.html template from
      the web admin interface. SF Bug #2164798.

    - Fixed a problem in Decorate which could throw a TypeError on conversion
      to unicode of a header/footer that was already unicode because of
      interpolating a unicode value.

    - Fixed an issue where list creation would report bad owner email
      instead of bad listname when the list name had non-ascii characters.
      SF Bug #2126489.

    - Fixed an issue where in some circumstances HyperArch.py would translate
      ' at ' into the wrong language ultimately throwing a UnicodeDecodeError
      when the translation was decoded with a different character set.
      Bug #308152.

    - Corrected a typo in Mailman/Gui/Privacy.py. Bug #309757.

    - Changed the pattern used to recognize URLs in messages for the pipermail
      archive in order to try to do a better job of making hyperlinks.
      Bug #310124.

    - Added missing --bare option to French translation of list_lists help.
      Bug #312119.

    - Fixed a long standing error that stopped relative hrefs from being
      generated for links on Mailman's web pages.

    - Changed the admindb interface so that when messages are rejected from
      the summary page, the reject reason is the rejection message from the
      Errors.HoldMessage subclass instead of the generic "No reason given".

    - Fixed the admin Membership List Find member function so the 'letter'
      links to a chunked result would still be limited to the Find member
      search. SF patch #1532081.

    - Changed scripts/driver to return a 405 status for non GET, POST, HEAD
      methods. SF patch #1578756.

    - Fixed a bug in admindb.py in the implementation of replacing "No Reason
      Given" with the default rejection reason.  Bug #325016.

    - Changed Gui/Topics.py to validate regexps in VERBOSE mode.  Bug #327008.

    - Worked around a potential problem in HyperArch.py with unicode character
      set arguments.  Bug #328353.

    - Recognize a couple more bounces.

    - Fixed a bug introduced in 2.1.11 which would attempt to store bounce info
      for a member just deleted if bounce_you_are_disabled_warnings is zero.

  i18n

    - Updated Dutch, Catalan and Polish translations.

  Miscellaneous

    - Added Lindsay Haisley's courier_to_mailman.py to the contrib directory.

    - Added John Dennis' (RedHat) FHS patch to the contrib directory.

2.1.11 (30-Jun-2008)

  New Features

    - Added a new cron/cull_bad_shunt script to cull and optionally
      archive old entries from the bad and shunt queues. This is controlled
      by new Defaults.py/mm_cfg.py settings BAD_SHUNT_STALE_AFTER (default
      7 days) and BAD_SHUNT_ARCHIVE_DIRECTORY (default None) which determine
      how long to keep bad and shunt queue entries and optionally, where to
      archive removed entries.

    - Prepended list name to bounce log unrecognized bounce messages.

    - Added a new Defaults.py|mm_cfg.py setting ACCEPTABLE_LISTNAME_CHARACTERS
      with default value '[-+_.=a-z0-9]'.  This Python regular expression
      character class specifies the characters allowed in list names.  The
      motivation for this is the fact that previously, a list named, e.g.,
      xxx&yyy could be created and MTA aliases generated that would cause
      The MTA to execute yyy as a command.  There is a possible security issue
      here, but it is not believed to be exploitable in any meaningful way.

  Bug fixes and other patches

    - Changed the preservation of unparseable messages to be conditional on
      the Defaults.py/mm_cfg.py setting of QRUNNER_SAVE_BAD_MESSAGES and
      changed the queue directory in which messages are preserved from 'shunt'
      to 'bad'.

    - Fixed a bug introduced in 2.1.10 that caused some email subscribe
      requests to be shunted (1966837).

    - Fixed a problem with bin/update erroneously moving templates from
      templates/xx to lists/xx if a list has the same name as a language
      code.  Also fixed the absolute path to lists/ (1418670 ).

    - Changed Utils.ValidateEmail to not allow specials (particularly ':')
      in unquoted local parts (1956393).

    - Changed bin/update to remove .bak files erroneously left behind in
      qfiles/*/ by a 2.1.9 bug.

    - Added 's' to %(listname) in templates/ia/admlogin.html and
      templates/sl/help.txt (1682990).

    - Use newer template variable for site-owner address in
      templates/ko/newlist.txt and templates/ru/newlist.txt (1578766).

    - Corrections to Spanish translation submitted by Wikimedia Foundation
      (1433262) and Debian.

    - Corrections to German translation submitted by Ralf Doeblitz (916196).

    - Correction to French translation submitted by Maxime Carron (1588617).

    - Correction to Portuguese translation submitted by Gabriel P. Silva
      (1733057).

    - Add #! line to fblast.py test script (1578740).

    - Fixed unescaped '%' in templates/nl/newlist.txt (1719017).

    - Changed non-ascii characters in some templates/*/*.html files to HTML
      entities.

    - Fixed a problem in Decorate.py that could result in a multipart
      message with no part headers for the original body part (1991348).

    - Improved recognition of some bounce messages.

    - Rearranged calls to the list setBounceInfo() method in Bouncer.py
      to accommodate MemberAdaptors that store bounce info outside the
      list instance.

    - Fixed CookHeaders.py which in some cases with new style prefixing
      would insert an extra space between the prefix and the subject.

    - Changed OldStyleMemberships.py to remove the member from one_last_digest
      when changing from regular to digest delivery to avoid the possibility
      of a duplicate digest in some circumstances.

    - Patched Danish message catalog for proper use of HTML entities per
      Jonas Smedegaard (1999966).

    - Improved bounce loop detection and handling in BounceRunner.py.

    - Merged the Catalan i18n from the Mailman Catalan Translation Team.

    - German translation updated by Peer Heinlein.

    - Added check for gateway_to_news before holding for ModeratedNewsgroup.

    - At some point, cron/senddigests and bin/update were inadvertently
      'preconfigured'. This has been fixed.

    - Brazilian Portuguese translation updated by Diego Francisco
      de Gastal Morales.

    - Added 'listname' to the replacements for the archidxfoot.html template.

  Miscellaneous

    - Brad Knowles' mailman daily status report script updated to 0.0.18.

2.1.10 (21-Apr-2008)

  Security

    - The 2.1.9 fixes for CVE-2006-3636 were not complete.  In particular,
      some potential cross-site scripting attacks were not detected in
      editing templates and updating the list's info attribute via the web
      admin interface.  This has been assigned CVE-2008-0564 and has been
      fixed.  Thanks again to Moritz Naumann for assistance with this.

    - There is a new mm_cfg.py/Defaults.py variable
      OWNERS_CAN_CHANGE_MEMBER_PASSWORDS which controls whether the list
      owner can change a member's password from the member's options page.
      This defaults to No and should be changed to Yes only if list owners
      are trusted to not change a member's password, log in as the member
      and make global membership changes.

  New Features

    - Changed cmd_who.py to list all members if authorization is with the
      list's admin or moderator password and to accept the password if the
      roster is public.  Also changed the web roster to show hidden members
      when authorization is by site or list's admin or moderator password
      (1587651).

    - Added the ability to put a list name in accept_these_nonmembers
      to accept posts from members of that list (1220144).

    - Added a new 'sibling list' feature to exclude members of another list
      from receiving a post from this list if the other list is in the To: or
      Cc: of the post or to include members of the other list if that list is
      not in the To: or Cc: of the post (Patch ID 1347962).

    - Added the admin_member_chunksize attribute to the admin General Options
      interface (Bug 1072002, Partial RFE 782436).

Internationalization

    - Added the Hebrew translation from Dov Zamir.  This includes addition of
      a direction ('ltr', 'rtl') to the LC_DESCRIPTIONS table.  The
      add_language() function defaults direction to 'ltr' to not break
      existing mm_cfg.py files.

    - Added the Slovak translation from Martin Matuska.

    - Added the Galician translation from Frco. Javier Rial Rodríguez.

  Bug fixes and other patches

    - Added bounce recognition for several additional bounce formats.

    - Fixed CommandRunner.py to decode a quoted-printable or base64 encoded
      message part (1829061).

    - Fixed Scrubber.py to avoid loss of an implicit text/plain message part
      with no Content-* headers in a MIME multipart message (759841).  Fixed
      several other minor scrubber issues (1242450).

    - Added Date and Message-ID headers to the confirm reply message that
      Mailman adds to the admin notification (1471318).

    - Fixed Cgi/options.py to not present the "empty" topic to user.

    - Fixed Handlers/CalcRecips.py to not process topics if topics are
      disabled for the list.  This caused users who had previously subscribed
      to topics and elected to not receive non-matching posts to receive no
      messages after topics were disabled for the list.

    - Fixed MaildirRunner.py to handle hyphenated list names.

    - Fixed a bug in MimeDel.py (content filtering) which caused
      *_filename_extensions to not match if the extension in the message was
      not all lower case.

    - Fixed versions.py to not call a non-existant method when converting held
      posts from Mailman 1.0.x lists.

    - Added a test to configure to detect a missing python-devel package on
      some RedHat systems.

    - Fixed bin/dumpdb to once again be able to dump marshals (broken since
      2.1.5) (963137).

    - Worked around a bug in the Python email library that could cause Mailman
      to not get the correct value for the sender of a message from an RFC
      2231 encoded header causing spurious held messages.

    - Fixed bin/check_perms to detect certain missing permissions on the
      archives/private/ and archives/private//database/ directories.

    - Improved exception handling in cron/senddigests.

    - Changed the admindb page to not show the "Discard all messages marked
      Defer" checkbox when there are only (un)subscribes and no held messages.
      Also added a separator and heading for "Held Messages" like the ones for
      "Subscribe Requests" and "Unsubscribe Requests".  Suppressed the
      "Database Updated" message when coming from the login page.  Also
      removed the "Discard all messages marked Defer" checkbox from the
      details page where it didn't work (1562922, 1000699).

    - Fixed admin.py so null VARHELP category is handled (1573393).

    - Fixed OldStyleMemberships.py to preserve delivery statuses BYADMIN
      and BYUSER on a straight change of address (1642388).  Also fixed a
      bug that could result in a member key with uppercase in the domain.

    - Fixed bin/withlist so that -r can take a full package path to a
      callable.

    - Removal of DomainKey/DKIM signatures is now controlled by Defaults.py
      mm_cfg.py variable REMOVE_DKIM_HEADERS (default = No).  Also, if
      REMOVE_DKIM_HEADERS = Yes, an Authentication-Results: header will be
      removed if present.

    - The DeprecationWarning issued by Python 2.5 regarding string exceptions
      is supressed.

    - format=flowed and delsp=yes are now preserved for message bodies when
      message headers/footers are added and attachments are scrubbed
      (1495122).

    - Queue runner processing is improved to log and preserve for analysis in
      the shunt queue certain bad queue entries that were previously logged
      but lost.  Also, entries are preserved when an attempt to shunt throws
      an exception (1656289).

    - The admin Membership List pages have been changed in that the email
      address which forms a part of the various CGI data keys is now
      urllib.quote()ed. This allows changing options for and unsubbing an
      address which contains a double-quote character, but it may require
      changes to scripts that screen-scrape the web admin interface to
      produce a membership list so they will report an unquoted address.

    - The fix for bug 1181161 in 2.1.7 was incomplete.  The Approve(d): line
      wasn't always found in quoted-printable encoded parts and was never
      found in base64 encoded parts.  This is now fixed.

    - Fixed a mail loop if a list owner puts the list's -bounces or -admin
      address in the list's owner attribute (1834569).

    - Fixed the mailto: link in archived messages to prefix the subject with
      Re: and to put the correct message-id in In-Reply-To (1621278, 1834281).

    - Coerced list name arguments to lower case in the change_pw, inject,
      list_admins and list_owners command line tools (patch 1842412).

    - Fixed cron/disabled to test if bounce info is stale before disabling
      a member when the threshold has been reduced.

    - It wasn't noted here, but in 2.1.9, queue runner processing was made
      more robust by making backups of queue entries when they were dequeued
      so they could be recovered in the event of a system failure.  This
      opened the possibility that if a message itself caused a runner to
      crash, a loop could result that would endlessly reprocess the message.
      This has now been fixed by adding a dequeue count to the entry and
      moving the entry aside and logging the fact after the third dequeue of
      the same entry.

    - Fixed the command line scripts add_members, sync_members and
      clone_member to properly handle banned addresses (1904737).

    - Fixed bin/newlist to add the list's preferred language to the list's
      available_languages if it is other than the server's default language
      (1906368).

    - Changed the first URL in the RFC 2369 List-Unsubscribe: header to go
      to the options login page instead of the listinfo page.

    - Changed the options login page to not issue the "No address given" error
      when coming from the List-Unsubscribe and other direct links.  Also
      changed to remember the user's language selection when redisplaying the
      page following an error.

    - Changed cmd_subscribe.py to properly accept (no)digest without a
      password and to recognize (no)digest and address= case insensitively.

    - Fixed a problem where GuiBase._getValidValue() would truncate a
      floating point Number type to an int if the value was a float instead
      of a numeric string. This affected setting floating point values with
      config_list.

  Miscellaneous

    - Brad Knowles' mailman daily status report script updated to 0.0.17.

    - An updated mm-handler (mm-handler-2.1.10) that can help reduce
      backscatter has been added to the contrib directory.

2.1.9 (12-Sep-2006)

  Security

    - A malicious user could visit a specially crafted URI and inject an
      apparent log message into Mailman's error log which might induce an
      unsuspecting administrator to visit a phishing site.  This has been
      blocked.  Thanks to Moritz Naumann for its discovery.

    - Fixed denial of service attack which can be caused by some
      standards-breaking RFC 2231 formatted headers.  CVE-2006-2941.

    - Several cross-site scripting issues have been fixed.  Thanks to Moritz
      Naumann for their discovery.  CVE-2006-3636

    - Fixed an unexploitable format string vulnerability.  Discovery and fix
      by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
      Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.

  Internationalization

    - New languages: Arabic, Vietnamese.

  Bug fixes and other patches

    - Fixed Decorate.py so that characters in message header/footer which
      are not in the character set of the list's language are ignored rather
      than causing shunted messages (1507248).

    - Switchboard.py - Closed very tiny holes at the upper ends of queue
      slices that could result in unprocessable queue entries.  Improved FIFO
      processing when two queue entries have the same timestamp.

2.1.8 (15-Apr-2006)

  Security

    - A cross-site scripting hole in the private archive script of 2.1.7
      has been closed.  Thanks to Moritz Naumann for its discovery.

  Bug fixes and other patches

    - Bouncers support added: 'unknown user', Microsoft SMTPSVC, Prodigy.net
      and several others.

    - Updated email library to 2.5.7 which will encode payload into qp/base64
      upon setting.  This enabled backing out the scrubber related patches
      including 'X-Mailman-Scrubbed' header in 2.1.7.

    - Fix SpamDetect.py potential hold/reject loop problem.

    - A warning message from email package to the stderr can cause error
      in Logging because stderr may be detached from the process during
      the qrunner run.  We chose not to output errors to stderr but to
      the logs/error if the process is running under mailmanctl subprocess.

    - DKIM header cleansing was separated from Cleanse.py and added to
      -owner messages too.

    - Fixes: Lose Topics when go directly to topics URL (1194419).
      UnicodeError running bin/arch (1395683).  edithtml.py missing import
      (1400128).  Bad escape in cleanarch.  Wrong timezone in list archive
      index pages (1433673).  bin/arch fails with TypeError (1430236).
      Subscription fails with some Language combinations (1435722).
      Postfix delayed notification not recognized (863989).  2.1.7 (VERP)
      mistakes delay notice for bounce (1421285).  show_qfiles: 'str'
      object has no attribute 'as_string' (1444447).  Utils.get_domain()
      wrong if VIRTUAL_HOST_OVERVIEW off (1275856).

  Miscellaneous

    - Brad Knowles' mailman daily status report script updated to 0.0.16.

2.1.7 (31-Dec-2005)

  Security

    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
      message instead of just quietly dropping ./ and ../ from URLs.

    - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
      been solved in Mailman 2.1.6, there may be more cases where
      ToDigest.send_digests() can block regular delivery.  We put the
      send_digests() calling part in a try/except clause and leave a message
      in the error log if something happened in send_digests().  Daily call of
      cron/senddigests will provide more detail to the site administrator.

    - List administrators can no longer change the user's option/subscription
      globally.  Site admin can change these only if
      mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

    -