Download Latest Version
mailman-2.1.39.tgz (9.5 MB)
Get an email when there's a new version of Mailman
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| mailman-2.1.35.tgz | 2021-10-20 | 9.5 MB | |
| mailman-2.1.35.tgz.sig | 2021-10-20 | 95 Bytes | |
| README | 2021-10-20 | 1.2 kB | |
| Totals: 3 Items | 9.5 MB | 0 | |
2.1.35 (19-Oct-2021)
Security
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (LP:#1947639)
- A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (LP:#1947640)
Bug Fixes and other patches
- Fixed an issue where sometimes the wrapper message for DMARC mitigation
Wrap Message has no Subject:. (LP: #1915655)
- Plain text message bodies with Content-Disposition: and no declared
charset are no longer scrubbed. (LP: #1917968)
- CommandRunner now recodes message bodies in the charset of the user's
or list's language to avoid a possible UnicodeError when including the
message body in the reply. (LP: #1921682)
- Delivery disabled by bounce notices to admins now have 'disabled'
properly translated. (LP: #1922843)
- DMARC policy discovery ignores domains with multiple DMARC records per
RFC 7849, (LP: 1931029)