Download project files

How do I verify a download?


110 of 70 releases

2.1.39 release from the 2.1 series released

Release information
Release notes:

Mailman 2.1.39 fixes https://bugs.launchpad.net/mailman/+bug/1954694

This addresses two issues.

The fix for CVE-2021-42097 was case sensitive and should not be.
The fix for CVE-2021-44227 introduced a potential NameError in logging.

Changelog:

2.1.39 (13-Dec-2021)

  Bug Fixes and other patches

    - User matching for CSRF tokens is no longer case sensitive., and a
      potential NamerError in logging is fixed. (LP: #1954694)

File Description Downloads
download icon mailman-2.1.39.tgz (md5, sig) Mailman 2.1.39 release 3,707
last downloaded 24 hours ago
Total downloads: 3,707

2.1.38 release from the 2.1 series released

Release information
Release notes:

2.1.38 (30-Nov-2021)

  Security

    - A potential CSRF attack against a list admin from a list member or
      moderator has been blocked. CVE-2021-44227 (LP: #1952384)

  Bug Fixes and other patches

    - NotAMemberError exception from the user options page when the user has
      been asynchronously unsubscribed is fixed. (LP: #1951769)

File Description Downloads
download icon mailman-2.1.38.tgz (md5, sig) Mailman 2.1.38 release 230
last downloaded 5 days ago
Total downloads: 230

2.1.37 release from the 2.1 series released

Release information
Release notes:

2.1.37 (12-Nov-2021)

  Bug Fixes and other patches

    - A bug in the fix for CVE-2021-43332 has neen fixed. (LP: #1950833)

File Description Downloads
download icon mailman-2.1.37.tgz (md5, sig) Mailman 2.1.37 release 270
last downloaded today
Total downloads: 270

2.1.36 release from the 2.1 series released

Release information
Release notes:

2.1.36 (12-Nov-2021)

  Security

    - A potential XSS attack via the user options page has been reported by
      Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)

    - A potential for for a list moderator to carry out an off-line brute force
      attack to obtain the list admin password has been reported by Andre
      Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
      CVE-2021-43332 (LP: #1949403)

File Description Downloads
download icon mailman-2.1.36.tgz (md5, sig) Release tarball 89
last downloaded 5 days ago
Total downloads: 89

2.1.35 release from the 2.1 series released

Release information
Release notes:

A security release with a few additional fixes. See the Changelog for details.

Changelog:

2.1.35 (19-Oct-2021)

  Security

    - A potential for for a list member to carry out an off-line brute force
      attack to obtain the list admin password has been reported by Andre
      Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
      CVE-2021-42096 (LP:#1947639)

    - A CSRF attack via the user options page could allow takeover of a users
      account. This is fixed. CVE-2021-42097 (LP:#1947640)

  Bug Fixes and other patches

    - Fixed an issue where sometimes the wrapper message for DMARC mitigation
      Wrap Message has no Subject:. (LP: #1915655)

    - Plain text message bodies with Content-Disposition: and no declared
      charset are no longer scrubbed. (LP: #1917968)

    - CommandRunner now recodes message bodies in the charset of the user's
      or list's language to avoid a possible UnicodeError when including the
      message body in the reply. (LP: #1921682)

    - Delivery disabled by bounce notices to admins now have 'disabled'
      properly translated. (LP: #1922843)

    - DMARC policy discovery ignores domains with multiple DMARC records per
      RFC 7849, (LP: 1931029)

File Description Downloads
download icon mailman-2.1.35.tgz (md5, sig) Mailman 2.1.35 release. 429
last downloaded 10 days ago
Total downloads: 429

2.1.34 release from the 2.1 series released

Release information
Release notes:

2.1.34 (26-Jun-2020)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - The fix for LP: #1859104 can result in ValueError being thrown on
      attempts to subscribe to a list. This is fixed and extended to apply
      REFUSE_SECOND_PENDING to unsubscription as well. (LP: #1878458)

    - DMARC mitigation no longer misses if the domain name returned by DNS
      contains upper case. (LP: #1881035)

    - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent
      mailbombing of a member of a list with private rosters by repeated
      subscribe attempts. (LP: #1883017)

    - Very long filenames for scrubbed attachments are now truncated.
      (LP: #1884456)

File Description Downloads
download icon mailman-2.1.34.tgz (md5, sig) Mailman 2.1.34 2,780
last downloaded 7 days ago
Total downloads: 2,780

2.1.33 release from the 2.1 series released

Release information
Release notes:

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed. (LP: #1877379)

Changelog:

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed. (LP: #1877379)

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and uptated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

File Description Downloads
download icon mailman-2.1.33.tgz (md5, sig) Mailman 2.1.33 737
last downloaded 6 days ago
Total downloads: 737

2.1.32 release from the 2.1 series released

Release information
Release notes:

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and updated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

File Description Downloads
download icon mailman-2.1.32.tgz (md5, sig) Mailman 2.1.32 146
last downloaded 5 days ago
Total downloads: 146

2.1.31 release from the 2.1 series released

Release information
Release notes:

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

File Description Downloads
download icon mailman-2.1.31.tgz (md5, sig) Mailman 2.1.31 101
last downloaded 6 days ago
Total downloads: 101

2.1.30 release from the 2.1 series released

Release information
Release notes:

2.1.30 (13-Apr-2020)

  New Features

    - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
      list setting that can be used to apply dmarc_moderation_action to mail
      From: addresses listed or matching listed regexps. This can be used
      to modify mail to addresses that don't accept external mail From:
      themselves.

    - There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
      obtains a list of the names of all the all the lists in the installation
      in order to determine the maximum length of a legitimate list name. It
      does this on every web access and on sites with a very large number of
      lists, this can have performance implications. See the description in
      Defaults.py for more information.

    - Thanks to...

Changelog:

2.1.30 (13-Apr-2020)

  New Features

    - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
      list setting that can be used to apply dmarc_moderation_action to mail
      From: addresses listed or matching listed regexps. This can be used
      to modify mail to addresses that don't accept external mail From:
      themselves.

    - There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
      obtains a list of the names of all the all the lists in the installation
      in order to determine the maximum length of a legitimate list name. It
      does this on every web access and on sites with a very large number of
      lists, this can have performance implications. See the description in
      Defaults.py for more information.

    - Thanks to Ralf Jung there is now the ability to add text based captchas
      (aka textchas) to the listinfo subscribe form. See the documentation
      for the new CAPTCHA setting in Defaults.py for how to enable this. Also
      note that if you have custom listinfo.html templates, you will have to
      add a <mm-captcha-ui> tag to those templates to make this work. This
      feature can be used in combination with or instead of the Google
      reCAPTCHA feature added in 2.1.26.

    - Thanks to Ralf Hildebrandt the web admin Membership Management section
      now has a feature to sync the list's membership with a list of email
      addresses as with the bin/sync_members command.

    - There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This
      controls the dropping of addresses from the Cc: header in delivered
      messages by the duplicate avoidance process. (LP: #1845751)

    - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
      a second request to subscribe to a list when there is already a pending
      confirmation for that user. This can be set to Yes to prevent
      mailbombing of a third party by repeatedly posting the subscribe form.
      (LP: #1859104)

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ludwig Reiter.

    - The Spanish translation has been updated by Omar Walid Llorente.

    - The Brazilian Portugese translation has been updated by Emerson de Mello.

  Bug Fixes and other patches

    - Fixed the confirm CGI to catch a rare TypeError on simultaneous
      confirmations of the same token. (LP: #1785854)

    - Scrubbed application/octet-stream MIME parts will now be given a
      .bin extension instead of .obj.

    - Added bounce recognition for a non-compliant opensmtpd DSN with
      Action: error. (LP: #1805137)

    - Corrected and augmented some security log messages. (LP: #1810098)

    - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
      (LP: #1818205)

    - Leading/trailing spaces in provided email addresses for login to private
      archives and the user options page are now ignored. (LP: #1818872)

    - Fixed the spelling of the --no-restart option for mailmanctl.

    - Fixed an issue where certain combinations of charset and invalid
      characters in a list's description could produce a List-ID header
      without angle brackets. (LP: #1831321)

    - With the Postfix MTA and virtual domains, mappings for the site list
      -bounces and -request addresses in each virtual domain are now added
      to data/virtual-mailman (-owner was done in 2.1.24). (LP: #1831777)

    - The paths.py module now extends sys.path with the result of
      site.getsitepackages() if available. (LP: #1838866)

    - A bug causing a UnicodeDecodeError in preparing to send the confirmation
      request message to a new subscriber has been fixed. (LP: #1851442)

    - The SimpleMatch heuristic bounce recognizer has been improved to not
      return most invalid email addresses. (LP: #1859011)

File Description Downloads
download icon mailman-2.1.30.tgz (md5, sig) Mailman 2.1.30 548
last downloaded 24 hours ago
Total downloads: 548

110 of 70 releases