-*- coding: iso-8859-1 -*-
Mailman - The GNU Mailing List Management System
Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Here is a history of user visible changes to Mailman.
2.1.24 (xx-xxx-xxxx)
Security
- A most likely unexploitable XSS attach that relies on the Mailman web
server passing a crafted Host: header to the CGI environment has been
fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam.
New Features
- cron/senddigests has a new -e/--exceptlist option to send pending
digests for all but a named list. (LP: #1619770)
- The values for DEFAULT_DIGEST_FOOTER and DEFAULT_MSG_FOOTER have been
changed to use a standard signature separator for DEFAULT_MSG_FOOTER
and to remove the unneded line of underscores from DEFAULT_DIGEST_FOOTER.
(LP: #266269)
i18n
- The Polish html templates have been recoded to use html entities
instead of non-ascii characters.
- The Basque (Euskara) translation has been updated by Gari Araolaza.
- The German "details for personalize" page has been updated by
Christian F Buser.
- The Japanese translation has been updated by Yasuhito FUTATSUKI.
Bug fixes and other patches
- Subject prefixing has been improved to always have a space between
the prefix and the subject even with non-ascii in the prefix. This
will sometimes result in two spaces when the prefix is non-ascii but
the subject is ascii, but this is the lesser evil. (LP: #1525954)
- Treat message and digest headers and footers as empty if they contain
only whitespace. (LP: #1673307)
- Ensured that added message and digest headers and footers always have
a terminating new-line. (LP: #1670033)
- Fixed an uncaught TypeError in the subscribe CGI. (LP: #1667215)
- Added recognition for a newly seen mailEnable bounce.
- Fixed an uncaught NotAMemberError when a member is removed before a
probe bounce for the member is returned. (LP: #1664729)
- Fixed a TypeError thrown in the roster CGI when called with a listname
containing a % character. (LP: #1661810)
- Fixed a NameError issue in bin/add_members with
DISABLE_COMMAND_LOCALE_CSET = yes. (LP: #1647450)
- The CleanseDKIM handler has been removed from OWNER_PIPELINE. It isn't
needed there and has adverse DMARC implications for messages to -owner
of an anonymous list. (LP: #1645901)
- Fixed an issue with properly RFC 2047 encoding the display name in the
From: header for messages with DMARC mitigations. (LP: #1643210)
- Fixed an issue causing UnicodeError in sending digests following a
change of a list's preferred_language. (LP: #1644356)
- Enhanced the fix for race conditions in MailList().Load(). (LP: #266464)
- Fixed a typo in Utils.py that could have resulted in a NameError in
logging an unlikely occurrence. (LP: #1637745)
- Fixed a bug which created incorrect "view more members" links at the
bottom of the admin Membership List pages. (LP: #1637061)
- The 2.1.23 fix for LP: #1604544 only fixed the letter links at the top
of the Membership List. The links at the bottom have now been fixed.
- paths.py now adds dist-packages as well as site-packages to sys.path.
(LP: #1621172)
- INIT INFO has been added to the sample init.d script. (LP: #1620121)
2.1.23 (27-Aug-2016)
Security
- CSRF protection has been extended to the user options page. This was
actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and
intended for Mailman 2.1.15, but that fix wasn't completely merged at the
time. The full fix also addresses the admindb, and edithtml pages as
well as the user options page and the previously fixed admin pages.
Thanks to Nishant Agarwala for reporting the issue. CVE-2016-6893
(LP: #1614841)
New Features
- For header_filter_rules matching, RFC 2047 encoded headers, non-encoded
headers and header_filter_rules patterns are now all decoded to unicode.
Both XML character references of the form nnnn; and unicode escapes
of the form \Uxxxx in patterns are converted to unicodes as well. Both
headers and patterns are normalized to 'NFKC' normal form before
matching, but the normalization form can be set via a new NORMALIZE_FORM
mm_cfg setting. Also, the web UI has been updated to encode characters
in text fields that are invalid in the character set of the page's
language as XML character references instead of '?'. This should help
with entering header_filter_rules patterns to match 'odd' characters.
This feature is experimental and is problematic for some cases where it
is desired to have a header_filter_rules pattern with characters not in
the character set of the list's preferred language. For patterns
without such characters, the only change in behavior should be because
of unicode normalization which should improve matching. For other
situations such as trying to match a Subject: with CJK characters (range
U+4E00..U+9FFF) on an English language (ascii) list, one can enter a
pattern like '^subject:.*[一-鿿]' or
'^subject:.*[\u4e00;-\u9fff;]' to match a Subject with any character in
the range, and it will work, but depending on the actual characters and
the browser, submitting another, even unrelated change can garble the
original entry although this usually occurs only with ascii pages and
characters in the range \u0080-\u00ff. The \Uxxxx unicode escapes must
have exactly 4 hex digits, but they are case insensitive. (LP: #558155)
- Thanks to Jim Popovitch REMOVE_DKIM_HEADERS can now be set to 3 to
preserve the original headers as X-Mailman-Original-... before removing
them.
- Several additional templates have been added to those that can be edited
via the web admin GUI. (LP: #1583387)
- SMTPDirect.py can now do SASL authentication and STARTTLS security when
connecting to the outgoiung MTA. Associated with this are new
Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and
SMTP_USE_TLS. (LP: #558281)
- There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which
can be set to 1 to enable verbose smtplib debugging to Mailman's error
log to help with debugging 'low level smtp failures'. (LP: #1573074)
- A list's nonmember_rejection_notice attribute will now be the default
rejection reason for a held non-member post in addition to it's prior
role as the reson for an automatically rejected non-member post.
(LP: #1572330)
i18n
- The French translation of 'Dutch' is changed from 'Hollandais' to
'Néerlandais' per Francis Jorissen.
- Some German language templates that were incorrectly utf-8 encoded have
been recoded as iso-8859-1. (LP: #1602779)
- Japanese translation and documentation in messages/ja has been updated by
Yasuhito FUTATSUKI.
Bug fixes and other patches
- The admin Membership List letter links could be incorrectly rendered as
Unicode strings following a search. (LP: #1604544)
- We no longer throw an uncaught TypeError with certain defective crafted
POST requests to Mailman's CGIs. (LP: #1602608)
- Scrubber links in archives are now in the list's preferred_language
rather than the poster's language. (LP: #1586505)
- Improved logging of banned subscription and address change attempts.
(LP: #1582856)
- In rare circumstances a list can be removed while the admin or listinfo
CGI or bin/list_lists is running causing an uncaught MMUnknownListError
to be thrown. The exception is now caught and handled. (LP: #1582532)
- Set the Date: header in the wrapper message when from_is_list or
dmarc_moderation_action is Wrap Message. (LP: #1581215)
- A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the
null string if it wants to avoid using this. (LP: #1578450)
- The white space to the left of the admindb Logout link is no longer
part of the link. (LP: #1573623)
2.1.22 (17-Apr-2016)
i18n
- Fixed a typo in the German options.html template. (LP: #1562408)
- An error in the Brazilian Portugese translation of Quarterly has been
fixed thanks to Kleber A. Benatti.
- The Brazilian Portugese translation has been updated by Emerson Ribeiro
de Mello.
Bug fixes and other patches
- All addresses in data/virtual-mailman are now properly appended with
VIRTUAL_MAILMAN_LOCAL_DOMAIN and duplicates are not generated if the
site list is in a virtual domain. (LP: #1570630)
- DMARC mitigations will now find the From: domain to the right of the
rightmost '@' rather than the leftmost '@'. (LP: #1568445)
- DMARC mitigations for a sub-domain of an organizational domain will now
use the organizational domain's sp= policy if any. (LP: #1568398)
- Modified NewsRunner.py to ensure that messages gated to Usenet have a
non-blank Subject: header and when munging the Message-ID to add the
original to References: to help with threading. (LP: #557955)
- Fixed the pipermail archiver to do a better job of figuring the date of
a post when its Date: header is missing, unparseable or has an obviously
out of range date. This should only affect bin/arch as ArchRunner has
code to fix dates at least if ARCHIVER_CLOBBER_DATE_POLICY has not been
set to 0 in mm_cfg.py. If posts have been added in the past to a list's
archive using bin/arch and an imported mbox, running bin/arch again could
result is some of those posts being archived with a different date.
(LP: #1555798)
- Fixed an issue with CommandRunner shunting a malformed message with a
null byte in the body. (LP: #1553888)
- Don't collapse multipart with a single sub-part inside multipart/signed
parts. (LP: #1551075)
2.1.21 (28-Feb-2016)
New Features
- There is a new dmarc_none_moderation_action list setting and a
DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
apply Munge From or Wrap Message actions to posts From: domains that
publish DMARC p=none. The intent is to eliminate failure reports to
the domain owner for messages that would be munged or wrapped if the
domain published a stronger DMARC policy. See the descriptions in
Defaults.py, the web UI and the bug report for more. (LP: #1539384)
- Thanks to Jim Popovitch there is now a feature to automatically turn
on moderation for a malicious list member who attempts to flood a list
with spam. See the details for the Privacy options ... -> Sender
filters -> member_verbosity_threshold and member_verbosity_interval
settings in the web admin UI and the documentation in Defaults.py for
the DEFAULT_MEMBER_VERBOSITY_* and VERBOSE_CLEAN_LIMIT settings for
information.
- bin/list_members now has options to display all moderated or all
non-moderated members.
- There is now a mm_cfg.py setting GLOBAL_BAN_LIST which is like the
individual list's ban_list but applies globally to all subscribe
requests. See the description in Defaults.py for more details.
i18n
- The Japanese translation has been updated by Yasuhito FUTATSUKI.
- Also thanks to Miloslav Trmac and Yasuhito FUTATSUKI, the l10n for
Mailman's bin/ commands has been fixed to display using the character
set of the user's work station even when Mailman's character set for
the language is different. Because this has not been tested over a
wide set of locales, there is an mm_cfg.py switch
DISABLE_COMMAND_LOCALE_CSET to disable it if it causes problems.
(LP: #558167)
- The Polish translation has been updated by Stefan Plewako.
- The German translation has been updated by Mirian Margiani and
Bernhard Schmidt.
- The Russian translation has been updated by Danil Smirnov.
- Several Galician templates that were improperly encoded as iso-8859-1
have been fixed. (LP: #1532504)
- The Brazilian Portugese translation has been updated by Emerson Ribeiro
de Mello.
Bug fixes and other patches
- If DMARC lookup fails to find a policy, also try the Organizational
Domain. Associated with this is a new mm_cfg.py setting
DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL which sets the URL used to
retrieve the data for the algorithm that computes the Organizational
Domain. See https://publicsuffix.org/list/ for info. (LP: #1549420)
- Modified contrib/mmdsr to correctly report No such list names that
contain ".
- User's "Acknowledge" option will now be honored for posts to anonymous
lists. (LP: #1546679)
- Fixed a typo in the Non-digest options regular_exclude_ignore
description thanks to Yasuhito FUTATSUKI.
- DEFAULT_PASS_MIME_TYPES has been changed to accept text/plain sub-parts
from message/rfc822 parts and multipart parts other than mixed and
alternative and also accept pgp signatures. This only applies to newly
created lists and other than pgp signatures, still only accepts
text/plain. (LP: #1517446)
- Modified contrib/mmdsr to report held and banned subscriptions and DMARC
lookups in their own categories.
- Fixed a bug that could create a garbled From: header with certain DMARC
mitigation actions. (LP: #1536816)
- Treat a poster's address which matches an equivalent_domains address as
a list member for the regular_exclude_ignore check. (LP: #1526550)
- Fixed an issue that sometimes left no white space following
subject_prefix. (LP: #1525954)
- Vette log entries for banned subscriptions now include the source of
the request if available. (LP: #1525733)
- Submitting the user options form for a user who was asynchronously
unsubscribed would throw an uncaught NotAMemberError. (LP: #1523273)
- It was possible under some circumstances for a message to be shunted
after a handler rejected or discarded it, and the handler would be
skipped upon unshunting and the message accepted. (LP: #1519062)
- Posts gated to usenet will no longer have other than the target group
in the Newsgroups: header. (LP: #1512866)
- Invalid regexps in *_these_nonmembers, subscribe_auto_approval and
ban_list are now logged. (LP: #1507241)
- Refactored the GetPattern list method to simplify extending @listname
syntax to new attributes in the future. Changed Moderate.py to use the
GetPattern method to process the *_these_nonmembers lists.
- Changed CookHeaders to default to using space rather than tab as
continuation_ws when folding headers. (LP: #1505878)
- Fixed the 'pidfile' path in the sample init.d script. (LP: #1503422)
- Subject prefixing could fail to collapse multiple 'Re:' in an incomming
message if they all came after the list's subject_prefix. This is now
fixed. (LP: #1496620)
- Defended against a user submitting URLs with query fragments or POST
data containing multiple occurrences of the same variable.
(LP: #1496632)
- Fixed bin/mailmanctl to check its effective rather than real uid.
(LP: #1491187)
- Fixed cron/gate_news to catch EOFError on opening the newsgroup.
(LP: #1486263)
- Fixed a bug where a delayed probe bounce can throw an AttributeError.
(LP: #1482940)
- If a list is not digestable an the user is not currently set to
receive digests, the digest options will not be shown on the user's
options page. (LP: #1476298)
- Improved identification of remote clients for logging and subscribe
form checking in cases where access is via a proxy server. Thanks to
Jim Popovitch. Also updated contrib/mmdsr for log change.
- Fixed an issue with shunted messages on a list where the charset for
the list's preferred_language had been changed from iso-8859-1 to
utf-8 without recoding the list's description. (LP: #1462755)
- Mailman-Postfix integration will now add mailman@domain entries in
data/virtual-mailman for each domain in POSTFIX_STYLE_VIRTUAL_DOMAINS
which is a host_name of a list. This is so the addresses which are
exposed on admin and listinfo overview pages of virtual domains will
be deliverable. (LP: #1459236)
- The vette log entry for DMARC policy hits now contains the list name.
(LP: #1450826)
- If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load
balancer or similar in use the POSTing IP might not exactly match the
GETting IP. This is now accounted for by not requiring the last
octet (16 bits for ipV6) to match. (LP: #1447445)
- DKIM-Signature:, DomainKey-Signature: and Authentication-Results:
headers are now removed by default from posts to anonymous lists.
(LP: #1444673)
- The list admin web UI Mambership List search function often doesn't
return correct results for search strings (regexps) that contain
non-ascii characters. This is partially fixed. (LP: #1442298)
2.1.20 (31-Mar-2015)
Security
- A path traversal vulnerability has been discovered and fixed. This
vulnerability is only exploitable by a local user on a Mailman server
where the suggested Exim transport, the Postfix postfix_to_mailman.py
transport or some other programmatic MTA delivery not using aliases
is employed. CVE-2015-2775 (LP: #1437145)
New Features
- There is a new Address Change sub-section in the web admin Membership
Management section to allow a list admin to change a list member's
address in one step rather than adding the new address, copying settings
and deleting the old address. (LP: #266809)
i18n
- The Russian translation has been updated by Danil Smirnov.
- The Polish translation has been updated by Stefan Plewako.
Bug fixes and other patches
- A LookupError in SpamDetect on a message with RFC 2047 encoded headers
in an unknown character set is fixed. (LP: #1427389)
- Fixed a bug in CommandRunner that could process the second word of a
body line as a command word and a case sensitivity in commands in
Subject: with an Re: prefix. (LP: #1426829)
- Fixed a bug in CommandRunner that threw an uncaught KeyError if
the input to the list-request address contained a command word
terminated by a period. (LP: #1426825)
2.2 Branch Backports (released in conjunction with 2.1.19)
The following New Features and Bug Fixes have been in an "unofficial,
never to be released" Mailman 2.2 branch for several years. Until now,
they were never implemented on the official 2.1 branch because of their
i18n impacts. Given that there have been a number of i18n impacting
changes due to DMARC mitigations in the last few releases, it has been
decided to backport these as well.
All of these changes have been running in production on several lists
for years without problems other than untranslated strings, so they should
be reasonably "bug free".
New Features
- There is a new list attribute 'subscribe_auto_approval' which is a list
of email addresses and regular expressions matching email addresses
whose subscriptions are exempt from admin approval. (LP: #266609)
- Confirmed member change of address is logged in the 'subscribe' log,
and if admin_notify_mchanges is true, a notice is sent to the list
owner using a new adminaddrchgack.txt template.
- Added an 'automate' option to bin/newlist to send the notice to the
admin without the prompt.
- The processing of Topics regular expressions has changed. Previously the
Topics regexp was compiled in verbose mode but not documented as such
which caused some confusion. Also, the documentation indicated that
topic keywords could be entered one per line, but these entries were not
handled properly. Topics regexps are now compiled in non-verbose mode
and multi-line entries are 'ored'. Existing Topics regexps will be
converted when the list is updated so they will continue to work.
- Added real name display to the web roster. (LP: #266754)
Bug fixes and other patches
- Changed the response to an invalid confirmation to be more generic.
Not all confirmations are subscription requests.
- Changed the default nonmember_rejection_notice to be more user friendly.
(LP: #418728)
- Added "If you are a list member" qualification to some messages from the
options login page. (LP: #266442)
- Changed the 'Approve' wording in the admindbdetails.html template to
'Accept/Approve' for better agreement with the button labels.
- Added '(by thread)' to the previous and next message links in the
archive to emphasize that even if you got to the message from a
subject, date or author index, previous and next are still by thread.
2.1.19 (28-Feb-2015)
New Features
- The subscribe_auto_approval feature backported from the 2.2 branch and
described above has been enhanced to accept entries of the form
@listname to auto approve members of another list. (LP: #1417093)
- There is a new list attribute dmarc_wrapped_message_text and a
DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new
lists. This text is added to a message which is wrapped because of
dmarc_moderation_action in a separate text/plain part that precedes the
message/rfc822 part containing the original message. It can be used to
provide an explanation of why the message was wrapped or similar info.
- There is a new list attribute equivalent_domains and a
DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which
in turn defaults to the empty string. This provides a way to specify one
or more groups of domains, e.g., mac.com, me.com, icloud.com, which are
considered equivalent for validating list membership for posting and
moderation purposes.
- There is a new WEB_HEAD_ADD setting to specify text to be added to the
section of Mailman's internally generated web pages. This doesn't
apply to pages built from templates, but in those cases, custom templates
can be created. (LP: #1409396)
- There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting. Set this to Yes
to make the default selection on the admin Mass Subscriptions page
Invite rather than Subscribe. (LP: #1404511)
- There is a new list attribute in the Bounce processing section.
bounce_notify_owner_on_bounce_increment if set to Yes will cause
Mailman to notify the list owner on every bounce that increments a
list member's score but doesn't result in a probe or disable. There
is a new configuration setting setting
DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT to set the default
for new lists. This in turn defaults to No. (LP: #1382150)
Changed behavior
- Mailman's log files, request.pck files and heldmsg-* files are no
longer created world readable to protect against access by untrusted
local users. Note that permissions on existing log files won't be
changed so if you are concerned about this and don't rotate logs or
have a logrotate process that creates new log files instead of letting
Mailman create them, you will need to address that. (LP: #1327404)
Other changes
- The Python Powered logo image has been replaced in the misc/ directory
in the source distribution. Depending on how you've installed these
images, you may need to copy PythonPowered.png from the misc/ directory
in the source or from the $prefix/icons/ installed directory to another
location for your web server. (LP: #1408575)
i18n
- The Polish translation has been updated by Stefan Plewako.
- The Interlingua translation has been updated by Martijn Dekker.
- The Japanese message catalog has been updated by SATOH Fumiyasu.
- Mailman's character set for Romanian has been changed from iso-8859-2
to utf-8 and the templates and messages recoded. This change will
require running 'bin/arch --wipe' on any existing Romanian language
lists in order to recode the list's archives, and will require recoding
any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and
templates/site/ro/*. It may also require recoding any existing
iso-8859-2 text in list attributes. (LP: #1418735)
- Mailman's character set for Russian has been changed from koi8-r to
utf-8 and the templates and messages recoded. This change will
require running 'bin/arch --wipe' on any existing Russian language
lists in order to recode the list's archives, and will require recoding
any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and
templates/site/ru/*. It may also require recoding any existing koi8-r
text in list attributes. (LP: #1418448)
- Mailman's versions.py has been augmented to help with the above two
character set changes. The first time a list with preferred_language
of Romanian or Russian is accessed or upon upgrade to this release,
any list attributes which have string values such as description, info,
welcome_msg, etc. that appear to be in the old character set will be
converted to utf-8. This is done recursively for the values (but not
the keys) of dictionary attributes and the elements of list and tuple
attributes.
- The Russian message catalog and templates have been further updated by
Danil Smirnov.
- The Romanian message catalog has been updated. (LP: #1415489)
- The Russian templates have been updated by Danil Smirnov. (LP: #1403462)
- The Japanese translation has been updated by SATOH Fumiyasu.
(LP: #1402989)
- A minor change in the French translation of a listinfo subscribe form
message has been made. (LP: #1331194)
Bug fixes and other patches
- Because of privacy concerns with the 2.2 backport adding real name to
list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME
setting that defaults to No. You may wish to set this to Yes in
mm_cfg.py.
- Organization: headers are now unconditionally removed from posts to
anonymous lists. Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept
if the regexp included the trailing ':'. This is fixed too.
(LP: #1419132)
- The admindb interface has been fixed so the the detail message body
display doesn't lose part of a multi-byte character, and characters which
are invalid in the message's charset are replaced rather than the whole
body not being converted to the display charset. (LP: #1415406)
- Fixed a bug in bin/rmlist that would throw an exception or just fail to
remove held message files for a list with regexp special characters in
its name. (LP:#1414864)
- When applying DMARC mitigations, CookHeaders now adds the original From:
to Cc: rather than Reply-To: in some cases to make MUA 'reply' and
'reply all' more consistent with the non-DMARC cases. (LP: #1407098)
- The Subject: of the list welcome message wasn't always in the user's
preferred language. Fixed. (LP: #1400988)
- Accept email command in Subject: prefixed with Re: or similar with no
intervening space. (LP: #1400200)
- Fixed a UnicodeDecodeError that could occur in the web admin interface
if 'text' valued attributes have unicode values. (LP: #1397170)
- We now catch the NotAMemberError exception thrown if an authenticated
unsubscribe is submitted from the user options page for a nonmember.
(LP: #1390653)
- Fixed an archiving bug that would cause messages with 'Subject: Re:'
only to be indexed in the archives without a link to the message.
(LP: #1388614)
- The vette log entry for a message discarded by a handler now includes
the list name and the name of the handler. (LP: #558096)
- The options CGI now rejects all but HTTP GET and POST requests.
(LP: #1372199)
- A list's poster password will now be accepted on an Urgent: header.
(LP: #1371678)
- Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be
ignored. (LP: #1363278)
- Renamed messages/sr/readme.sr to README.sr. (LP: #1360616)
- Moved the dmarc_moderation_action checks from the Moderate handler to
the SpamDetect handler so that the Reject and Discard actions will be
done before the message might be held by header_filter_rules, and the
Wrap Message and Munge From actions will be done on messages held by
header_filter_rules if the message is approved. (LP: #1334450)
-