GNU Mailman 2.1.28

Milestone information

GNU Mailman
Mark Sapiro
Release registered:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
3 Mark Sapiro
No blueprints are targeted to this milestone.
3 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mailman-2.1.28.tgz (md5, sig) Mailman 2.1.28 release 153
last downloaded 5 weeks ago
Total downloads: 153

Release notes 

2.1.28 (23-Jul-2018)


    - A content spoofing vulnerability with invalid list name messages in
      the web UI has been fixed. CVE-2018-13796 (LP: #1780874)

  New Features

    - It is now possible to edit HTML and text templates via the web admin
      UI in a supported language other than the list's preferred_language.
      Thanks to Yasuhito FUTATSUKI.


    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ralf Hildebrandt.

    - The Esperanto translation has been updated by Rub�n Fern�ndez Asensio.

  Bug fixes and other patches

    - The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
      not working. This is fixed. (LP: #1779774)

    - Escaping of HTML entities for the web UI is now done more selectively.
      (LP: #1779445)


This release does not have a changelog.

0 blueprints and 3 bugs targeted

Bug report Importance Assignee Status
1779445 #1779445 saves en templates using html entity reference with raw iso-8859-1 character 4 Medium Mark Sapiro  10 Fix Released
1779774 #1779774 The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature doesn't work. 4 Medium Mark Sapiro  10 Fix Released
1780874 #1780874 Arbitrary text injection vulnerability in Mailman CGIs 5 Low Mark Sapiro  10 Fix Released
This milestone contains Public information
Everyone can see this information.