- gc configure patch since it hasn't been required since introducing
--without-permcheck in configure, despite the comment in Makefile.
- Some of Defaults.py are now upstream defaults.
Remove FLAVORs:
- Rewrite src/common.c:check_caller() for the cgi/mail wrapper to now
look at the defined group membership instead, _mailmanq (a new group).
This allows the administrator to switch mail servers and web servers
without requiring a FLAVOR for each combination; but rather, by simply
adding the cgi/mail user to the _mailmanq group. This is a diversion
from upstream, but will be proposed. At least sthen@ and dlg@ agree to
go in this general direction.
- multi-lingual support
- list creation/removal through web interface
- MIME base content filtering (demime et.al.)
- new architecture of mail delivery subsystem
- better, faster, cheaper, ... ;-)
naddy@ OK
From maintainer Nikolay Sturm <sturm@sec.informatik.tu-darmstadt.de>.
mailman changes:
- Implemented a guard against some reply loops and 'bot subscription
attacks. Specifically, if a message to -request has a Precedence:
bulk (or list, or junk) header, the command is ignored. Well-behaved
'bots should always include such a header.
- Changes to the configure script so that you can pass in the mail host
and web host by setting the environment variables MAILHOST and WWWHOST
respectively. configure will also exit if it can't figure out these
values (usually due to broken dns).
- Closed another minor cross-site scripting vulnerability.
