Inadvertently setting a null site or list password allowed access

to a list's web admin interface without authentication. Fixed by not accepting null passwords.
author: Mark Sapiro <mark@msapiro.net> 2009-09-03 11:12:06 -0700
committer: Mark Sapiro <mark@msapiro.net> 2009-09-03 11:12:06 -0700
commit: ceb88caaee06806576bbaab2a4a313d9e7823d07 (patch)
tree: 702f957c2f01004481e477805ea2b6449a289ea6 /NEWS
parent: ab93e70f12da510902dffa7a393f5173c2073d6e (diff)
download: mailman2-ceb88caaee06806576bbaab2a4a313d9e7823d07.tar.gz
mailman2-ceb88caaee06806576bbaab2a4a313d9e7823d07.tar.xz
mailman2-ceb88caaee06806576bbaab2a4a313d9e7823d07.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index cc3f2e48..f2228cc3 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,10 @@ Here is a history of user visible changes to Mailman.
 
   Bug Fixes and other patches
 
+    - Inadvertently setting a null site or list password allowed access
+      to a list's web admin interface without authentication.  Fixed by
+      not accepting null passwords.
+
     - Changed VERP_CONFIRM_REGEXP  in Defaults.py to work if the replying
       MUA folds the To: header and in cases where the list name includes '+'.
author	Mark Sapiro <mark@msapiro.net>	2009-09-03 11:12:06 -0700
committer	Mark Sapiro <mark@msapiro.net>	2009-09-03 11:12:06 -0700
commit	ceb88caaee06806576bbaab2a4a313d9e7823d07 (patch)
tree	702f957c2f01004481e477805ea2b6449a289ea6 /NEWS
parent	ab93e70f12da510902dffa7a393f5173c2073d6e (diff)
download	mailman2-ceb88caaee06806576bbaab2a4a313d9e7823d07.tar.gz mailman2-ceb88caaee06806576bbaab2a4a313d9e7823d07.tar.xz mailman2-ceb88caaee06806576bbaab2a4a313d9e7823d07.zip