Lurker / News: Recent posts

Lurker 2.1 released; fixes security vulnerabilities

This update closes three remotely exploitable security vulnerabilities in lurker. All lurker versions from 0.1a to 2.0 are affected. The initial vulnerabilities were discovered by Moritz Naumann.

The specific weaknesses which have been closed include:
1. Reading any file accessible to the user executing lurker.cgi
2. (Over)writing chosen files in any writable directory called mbox
3. Stealing users' browser cookies via cross-site scripting

Posted by Wesley W. Terpstra 2006-03-06

Lurker 2.0 released

Lurker 2.0 introduces oft-requested support of private mailing lists (via multiple frontends). Additionally, one can now delete pesky spam and reply to an email directly from the web. Much of the documentation has been improved (notably the installation documentation), and there have been many minor bugfixes/improvements under the hood.

Change log:
Zap XOPEN_SOURCE/GNU_SOURCE defines for broken systems (osx, freebsd)
Minor documentation fix in lurker.conf about list id limit (128)
Include a fix for Solaris my_timegm from Moritz Eysholdt
Add mimelib workaround for MacOS X
Extend the trimming of []s in subjects to 40 (for japanese lists)
Removed the 'regroupable' option, this is now manditory off
Language is now a manditory field for mailing lists
A single mailing list may now host multiple written languages
All tools now have a default config file location
ui/ files are now installed to ui
New automake 1.9.6, autoconf 2.59
Removed old '-b' option; '-m' remains to import a single message
Add configure option to control web directories
Every list must now be contained in a group
Added frontend support to the config file
Prune no longer needs/supports the '-d' option
Lurker-search uses a new trick to correct cache
Fixed searching for 'id:messsage-id'
lurker.cgi parameters are now 'document?config-file'
- document must be either a frontend path, or the missing document
- config-file is optional
Include an apache.conf which should work with the given settings
Messages from unavailable lists appear to completely not exist
Brought back an improved version of the reply link
Art no longer matches paragraph starts, only trailing signatures
Include trash can icon for deleting junk email
Adjusted gpg settings to be more modern
Modernized the INSTALL documentation
Updated lurker-regenerate to work with deleted email
Improved error reporting on bad command-line options
Fixed a bug in lurker-prune that aborted list loading or delete flags
lurker-search now supports specifying messages by raw id
Add a new command (zap) and option (delete) to delete from web
Include attached images in message view

Posted by Wesley W. Terpstra 2006-02-28

Lurker 1.3 released

This is primarily a bugfix release to address a bug for daylight savings triggered in some timezones. Several other cosmetic fixes are included as well. No new features.

Here's the ChangeLog:
Applied a patch from Benjamin Boksa to fix highlight under MacOS IE
Included French localization
Fixed an (unexploitable) stack-overflow from very repeated keywords
Changed date widths to 170 for MSIE under Windows 2000.
Decoding of international headers no longer injects incorrect spaces
Message-id now don't break in some timezones during daylight savings
Use sysexits.h if available for mailer compatible return codes
Increased maximum lengths of some config-file fields
Suggest attachment filenames via Content-Disposition
Due to popular demand, reversed the direction of thread arrows
Fixed transparency of the house icon under IE

Posted by Wesley W. Terpstra 2005-05-03

Lurker 1.2 released

Version 1.2 of lurker is a major feature improvement of the version 1.1 (which for some reason wasn't posted)

The changes for lurker 1.2:

Language support
- users can pick an interface language from the web
- users can search by language
- admins can set the language of mailing lists
- admins can localize descriptions in the config file
- lurker includes 14 languages for the UI
Not searching
- searches from the web can exclude messages ala google
Message deleting
- finally those annoying spams can be zapped!
- lurker-search executes a search to pick doomed emails
New options
- maildir support
- can index from a file/dir instead of stdin with -i
- override lurker's date magic and use the Date header -u
- prune can purge all lurker cache with -p
- offline mailing lists link to other sites
- raw_email can disable attachments and mbox access
- regroupable -- see lurker.conf
- man pages are utf-8 terminal friendly
- From "john doe" works as an mbox divider
- lurker-prune only deletes lurker cache
- cache depends on included config files too
- the next year is not hard-coded in ;-)
- CRs in message bodies are trimmed

Posted by Wesley W. Terpstra 2004-08-29

Lurker 1.0 released (stable)

The release of lurker marks the first stable release.
Improvements since the last beta include gpg support and local timezones.
The major bug fix since the last beta is mailbox delimiter correction.

Supported platforms: Linux, * BSD, Solaris, Mac OS, and windows.
Supported browsers: IE, Mozilla, Konqueror, Opera, and lynx.
Others will probably also work.

PS. I have removed all versions of the alpha 0.1* and beta 0.* series except for the very last release. Similarily the news has been trimmed.

Posted by Wesley W. Terpstra 2003-07-03

Lurker 0.9 released

Version 0.9 of lurker is a major change from 0.8.

The most obvious new feature is the completely rewritten UI. Now lurker runs
good _and_ looks good doing it! But just as importantly, it now features
grouping for mailing lists and active threads. The message groups are
documented in the example lurker.conf. The active threads page includes a
graph of the new posts over the last 14 days and the total number of posts
in that period.... read more

Posted by Wesley W. Terpstra 2003-06-13

Lurker 0.8 released

This release primarily improves the portability of the codebase.
It has been tested on Solaris, FreeBSD, MacOS X, cygwin, and Linux.

Lurker-prune is new to this version. It is to be run in a cronjob in place of
the regular removal of cache files. It can determine which files are obsolete
and delete only those which have changed or been unneccessary.

The behaviour of the indexer has changed to include fsync() calls to
guarantee that the database is consistent even if the power fails. This
costs speed and can be disabled with '-f'.

Posted by Wesley W. Terpstra 2003-05-19

Lurker 0.7 released

The lurker cgi files may now be installed in a seperate location
from the content they generate. This is useful for situations where
cgis may only be installed in a location such as cgi-bin. See the
new INSTALL file.

Searching has been improved to allow you to move backwards,
forwards, and jump through time. The results now operate nearly
exactly the same as the mailing list index view, except you may
refine searches at the current time.... read more

Posted by Wesley W. Terpstra 2003-04-28

Lurker 0.6 released (beta)

I am proud to announce the first beta version of lurker: 0.6
This release is the first non-prototype version of lurker.

I highly recommend reading the documentation file: INSTALL.
The old INSTALL file describes a completely different setup procedure.

The main difference you need to be aware of is: There is no daemon
-> mail must fed through lurker-index
-> cache purging must be done via cron

The major improvements in this version of lurker:... read more

Posted by Wesley W. Terpstra 2003-04-21

Lurker 0.1f released

This release is just a bugfix release.
Unless serious issues come up after this release, this will be the last release of the 0.1x series.
The next release will be 0.5a which will feature the final database strategy for lurker and a switch from libc-client to mime++.

Posted by Wesley W. Terpstra 2002-11-01

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks