Download project files

How do I verify a download?


110 of 65 releases

2.1.34 release from the 2.1 series released 2020-06-27

Release information
Release notes:

2.1.34 (26-Jun-2020)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - The fix for LP: #1859104 can result in ValueError being thrown on
      attempts to subscribe to a list. This is fixed and extended to apply
      REFUSE_SECOND_PENDING to unsubscription as well. (LP: #1878458)

    - DMARC mitigation no longer misses if the domain name returned by DNS
      contains upper case. (LP: #1881035)

    - A new WARN_MEMBER_OF_SUBSCRIBE setting can be set to No to prevent
      mailbombing of a member of a list with private rosters by repeated
      subscribe attempts. (LP: #1883017)

    - Very long filenames for scrubbed attachments are now truncated.
      (LP: #1884456)

File Description Downloads
download icon mailman-2.1.34.tgz (md5, sig) Mailman 2.1.34 60
last downloaded today
Total downloads: 60

2.1.33 release from the 2.1 series released 2020-05-07

Release information
Release notes:

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed. (LP: #1877379)

Changelog:

2.1.33 (07-May-2020)

  Security

    - A content injection vulnerability via the private login page has been
      fixed. (LP: #1877379)

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and uptated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

File Description Downloads
download icon mailman-2.1.33.tgz (md5, sig) Mailman 2.1.33 562
last downloaded 24 hours ago
Total downloads: 562

2.1.32 release from the 2.1 series released 2020-05-05

Release information
Release notes:

2.1.32 (05-May-2020)

  i18n

    Fixed a typo in the Spanish translation and updated mailman.pot and
    the message catalog for 2.1.31 security fix.

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

File Description Downloads
download icon mailman-2.1.32.tgz (md5, sig) Mailman 2.1.32 51
last downloaded 12 days ago
Total downloads: 51

2.1.31 release from the 2.1 series released 2020-05-05

Release information
Release notes:

2.1.31 (05-May-2020)

  Security

    - A content injection vulnerability via the options login page has been
      discovered and reported by Vishal Singh. This is fixed. (LP: #1873722)

  i18n

    - The Spanish translation has been updated by Omar Walid Llorente.

  Bug Fixes and other patches

    - Bounce recognition for a non-compliant Yahoo format is added.

    - Archiving workaround for non-ascii in string.lowercase in some Python
      packages is added.

File Description Downloads
download icon mailman-2.1.31.tgz (md5, sig) Mailman 2.1.31 20
last downloaded 8 days ago
Total downloads: 20

2.1.30 release from the 2.1 series released 2020-04-13

Release information
Release notes:

2.1.30 (13-Apr-2020)

  New Features

    - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
      list setting that can be used to apply dmarc_moderation_action to mail
      From: addresses listed or matching listed regexps. This can be used
      to modify mail to addresses that don't accept external mail From:
      themselves.

    - There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
      obtains a list of the names of all the all the lists in the installation
      in order to determine the maximum length of a legitimate list name. It
      does this on every web access and on sites with a very large number of
      lists, this can have performance implications. See the description in
      Defaults.py for more information.

    - Thanks to...

Changelog:

2.1.30 (13-Apr-2020)

  New Features

    - Thanks to Jim Popovitch, there is now a dmarc_moderation_addresses
      list setting that can be used to apply dmarc_moderation_action to mail
      From: addresses listed or matching listed regexps. This can be used
      to modify mail to addresses that don't accept external mail From:
      themselves.

    - There is a new MAX_LISTNAME_LENGTH setting. The fix for LP: #1780874
      obtains a list of the names of all the all the lists in the installation
      in order to determine the maximum length of a legitimate list name. It
      does this on every web access and on sites with a very large number of
      lists, this can have performance implications. See the description in
      Defaults.py for more information.

    - Thanks to Ralf Jung there is now the ability to add text based captchas
      (aka textchas) to the listinfo subscribe form. See the documentation
      for the new CAPTCHA setting in Defaults.py for how to enable this. Also
      note that if you have custom listinfo.html templates, you will have to
      add a <mm-captcha-ui> tag to those templates to make this work. This
      feature can be used in combination with or instead of the Google
      reCAPTCHA feature added in 2.1.26.

    - Thanks to Ralf Hildebrandt the web admin Membership Management section
      now has a feature to sync the list's membership with a list of email
      addresses as with the bin/sync_members command.

    - There is a new drop_cc list attribute set from DEFAULT_DROP_CC. This
      controls the dropping of addresses from the Cc: header in delivered
      messages by the duplicate avoidance process. (LP: #1845751)

    - There is a new REFUSE_SECOND_PENDING mm_cfg.py setting that will cause
      a second request to subscribe to a list when there is already a pending
      confirmation for that user. This can be set to Yes to prevent
      mailbombing of a third party by repeatedly posting the subscribe form.
      (LP: #1859104)

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ludwig Reiter.

    - The Spanish translation has been updated by Omar Walid Llorente.

    - The Brazilian Portugese translation has been updated by Emerson de Mello.

  Bug Fixes and other patches

    - Fixed the confirm CGI to catch a rare TypeError on simultaneous
      confirmations of the same token. (LP: #1785854)

    - Scrubbed application/octet-stream MIME parts will now be given a
      .bin extension instead of .obj.

    - Added bounce recognition for a non-compliant opensmtpd DSN with
      Action: error. (LP: #1805137)

    - Corrected and augmented some security log messages. (LP: #1810098)

    - Implemented use of QRUNNER_SLEEP_TIME for bin/qrunner --runner=All.
      (LP: #1818205)

    - Leading/trailing spaces in provided email addresses for login to private
      archives and the user options page are now ignored. (LP: #1818872)

    - Fixed the spelling of the --no-restart option for mailmanctl.

    - Fixed an issue where certain combinations of charset and invalid
      characters in a list's description could produce a List-ID header
      without angle brackets. (LP: #1831321)

    - With the Postfix MTA and virtual domains, mappings for the site list
      -bounces and -request addresses in each virtual domain are now added
      to data/virtual-mailman (-owner was done in 2.1.24). (LP: #1831777)

    - The paths.py module now extends sys.path with the result of
      site.getsitepackages() if available. (LP: #1838866)

    - A bug causing a UnicodeDecodeError in preparing to send the confirmation
      request message to a new subscriber has been fixed. (LP: #1851442)

    - The SimpleMatch heuristic bounce recognizer has been improved to not
      return most invalid email addresses. (LP: #1859011)

File Description Downloads
download icon mailman-2.1.30.tgz (md5, sig) Mailman 2.1.30 334
last downloaded 12 days ago
Total downloads: 334

2.1.29 release from the 2.1 series released 2018-07-24

Release information
Release notes:

2.1.29 (24-Jul-2018)

  Bug Fixes

    - Fixed the listinfo and admin overview pages that were broken by
      LP: #1780874. (LP: #1783417)

2.1.28 (23-Jul-2018)

  Security

    - A content spoofing vulnerability with invalid list name messages in
      the web UI has been fixed. CVE-2018-13796 (LP: #1780874)

  New Features

    - It is now possible to edit HTML and text templates via the web admin
      UI in a supported language other than the list's preferred_language.
      Thanks to Yasuhito FUTATSUKI.

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ralf Hildebrandt.

    - The Esperanto translation has been updated by Rub�n Fern�ndez Asensio.

  Bug fixes and other patches

    - The BLOCK_SPAM...

File Description Downloads
download icon mailman-2.1.29.tgz (md5, sig) Mailman 2.1.29 release 3,950
last downloaded 7 days ago
Total downloads: 3,950

2.1.28 release from the 2.1 series released 2018-07-23

Release information
Release notes:

2.1.28 (23-Jul-2018)

  Security

    - A content spoofing vulnerability with invalid list name messages in
      the web UI has been fixed. CVE-2018-13796 (LP: #1780874)

  New Features

    - It is now possible to edit HTML and text templates via the web admin
      UI in a supported language other than the list's preferred_language.
      Thanks to Yasuhito FUTATSUKI.

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ralf Hildebrandt.

    - The Esperanto translation has been updated by Rub�n Fern�ndez Asensio.

  Bug fixes and other patches

    - The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
      not working. This is fixed. (LP: #1779774)

    - Escaping of HTML entities for ...

File Description Downloads
download icon mailman-2.1.28.tgz (md5, sig) Mailman 2.1.28 release 102
last downloaded 12 days ago
Total downloads: 102

2.1.27 release from the 2.1 series released 2018-06-22

Release information
Release notes:

2.1.27 (22-Jun-2018)

  Security

    - Existing protections against malicious listowners injecting evil
      scripts into listinfo pages have had a few more checks added.
      JVN#00846677/JPCERT#97432283

    - A few more error messages have had their values HTML escaped.
      JVN#00846677/JPCERT#97432283

    - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
      the same as one generated at the same time for a different list and
      IP address. While this is not thought to be exploitable in any way,
      the generation has been changed to avoid this. Thanks to Ralf Jung.

  New Features

    - An option has been added to bin/add_members to issue invitations
      instead of immediately adding members. (LP: #1773064)

    - A new BLOCK_SPAMHAUS_LISTED_I...

Changelog:

  Bug fixes and other patches

    - Some messages from bin/arch were not issued in the charset of the system
      locale when DISABLE_COMMAND_LOCALE_CSET is No. Thanks to Yasuhito
      FUTATSUKI this is now fixed. (LP: #1768892)

    - The message displayed in the browser when accessing a Mailman CGI when
      mm_cfg.py can't be imported due to some exception other than ImportError
      has been improved. (LP: #1760506)

    - The reimplementation of DELIVERY_RETRY_WAIT in 2.1.26 could cause extra
      dequeueing and requeueing in the out queue by OutgoingRunner. This is
      fixed. (LP: #1762871)

    - A Python 2.7 dependency introduced in the ToDigests handler in Mailman
      2.1.24 has been removed. (LP: #1755317)

    - Bad values in a list's topics will no longer break everything that
      might instantiate the list. (LP: #1754516)

    - A Python 2.7 dependency introduced with the reCAPTCHA feature in 2.1.26
      has been removed. (LP: #1752658)

    - The reCAPTCHA feature requires JavaScript. If JavaScript is not enabled,
      a message will be displayed on the subscribe form that JavaScript is
      required. (LP: #1769374)

    - Quoting in the mailman-config command has been changed from double to
      single quotes to allow double-quoted parameters. (LP: #1774986)

    - Approving a held subscription for a user with a 'different' preferred
      language no longer corrupts the results page. (LP: #1777222)

    - An issue with garbled descriptions on listinfo and admin overview pages
      and the heading of a list's listinfo page due to incompatible character
      sets has been fixed thanks to Yasuhito FUTATSUKI.

File Description Downloads
download icon mailman-2.1.27.tgz (md5, sig) Mailman 2.1.27 release 333
last downloaded 12 days ago
Total downloads: 333

2.1.26 release from the 2.1 series released 2018-02-04

Release information
Release notes:

2.1.26 (04-Feb-2018)

  Security

    - An XSS vulnerability in the user options CGI could allow a crafted URL
      to execute arbitrary javascript in a user's browser. A related issue
      could expose information on a user's options page without requiring
      login. These are fixed. Thanks to Calum Hutton for the report.
      CVE-2018-5950 (LP: #1747209)

  New Features

    - Thanks to David Siebörger who adapted an existing patch by Andrea
      Veri to use Google reCAPTCHA v2 there is now the ability to add
      reCAPTCHA to the listinfo subscribe form. There are two new mm_cfg.py
      settings for RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY, the values
      for which you obtain for your domain(s) from Google at
      <https://www.google.com/recaptcha/admin>.

    - Th...

Changelog:

  Bug fixes and other patches

    - Fixed an i18n bug in the reCAPTCHA feature. (LP: #1746189)

    - Added a few more environment variables to the list of those passed
      to CGIs to support an nginx/uwsgi configuration. (LP #1744739)

    - Mailman 2.1.22 introduced a Python 2.7 dependency that could affect
      bin/arch processing a message without a valid Date: header. The
      dependency has been removed. (LP: #1740543)

    - Messages held for header_filter_rules now show the matched regexp in
      the hold reason. (LP: #1737371)

    - When updating the group and mode of a .db file with Mailman's Postfix
      integration, a missing file is ignored. (LP: #1734162)

    - The DELIVERY_RETRY_WAIT setting is now effective. (LP: #1729472)

File Description Downloads
download icon mailman-2.1.26.tgz (md5, sig) Mailman 2.1.26 release 1,219
last downloaded 7 days ago
Total downloads: 1,219

2.1.25 release from the 2.1 series released 2017-10-26

Release information
Release notes:

This is a routine bug fix release with a minor new feature and some
accessibility improvements for screen readers.

See the change log for details.

Changelog:

2.1.25 (26-Oct-2017)

  New Features

    - The admindb held subscriptions listing now includes the date of the
      most recent request from the address. (LP: #1697097)

  Accessibility

    - The admin Membership List now includes text for screen readers which
      identifies the function of each checkbox. CSS is added to the page to
      visually hide the text but still allow screen readers to read it.
      Similar text has been added to some radio buttons on the admindb pages.

  i18n

    - The Russian translation has been updated by Sergey Matveev.
      (LP:#1708016)

  Bug fixes and other patches

    - Thanks to Jim Popovitch, certain failures in DNS lookups of DMARC policy
      will now result in mitigations being applied. (LP: #1722013)

    - The default DMARC reject reason now properly replaces %(listowner)s.
      (LP: #1718962)

    - The web roster page now shows case preserved email addresses.
      (LP: #1707447)

    - Changed the SETGID wrappers to only pass those items in the environment
      that are needed by the called scripts. (LP: #1705736)

    - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
      virtual-mailman(.db) files are readable by Postfix and the .db files are
      owned by the Mailman user. (LP: #1696066)

    - Defended against certain web attacks that cause exceptions and "we hit
      a bug" responses when POST data or query fragments contain multiple
      values for the same parameter. (LP: #1695667)

    - The fix for LP: #1614841 caused a regression in the options CGI. This
      has been fixed. (LP: #1602608)

    - Added a -a option to the (e)grep commands in contrib/mmdsr to account
      for logs that may have non-ascii and be seen as binary.

    - Fixed the -V option to bin/list_lists to not show lists whose host is a
      subdomain of the given domain. (LP: #1695610)

File Description Downloads
download icon mailman-2.1.25.tgz (md5, sig) Mailman 2.1.25 final 1,042
last downloaded 4 weeks ago
Total downloads: 1,042

110 of 65 releases