diff options
author | bwarsaw <> | 2005-05-30 20:09:15 +0000 |
---|---|---|
committer | bwarsaw <> | 2005-05-30 20:09:15 +0000 |
commit | a3a2e764e98755d616c6c661ca7a9aadb6f0dc84 (patch) | |
tree | 4ca62bf167314d0e7211fe107299387bba2c624a /admin/www/security.ht | |
parent | a3bafc9a8a54e2bfe5a9a37e6444908cd9659f22 (diff) | |
download | mailman2-a3a2e764e98755d616c6c661ca7a9aadb6f0dc84.tar.gz mailman2-a3a2e764e98755d616c6c661ca7a9aadb6f0dc84.tar.xz mailman2-a3a2e764e98755d616c6c661ca7a9aadb6f0dc84.zip |
Updates for 2.1.6 final.
Diffstat (limited to 'admin/www/security.ht')
-rw-r--r-- | admin/www/security.ht | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/admin/www/security.ht b/admin/www/security.ht index 249b7745..afe39420 100644 --- a/admin/www/security.ht +++ b/admin/www/security.ht @@ -12,8 +12,8 @@ This is a closed list that reaches the core Mailman developers. <ul> <li><b>CAN-2005-0202</b> -- This is a very serious issue affecting the Mailman -2.1 series up to and including version 2.1.5. Mailman 2.1.6 is not -affected. This issue can allow for the leakage of member passwords. +2.1 series up to and including version 2.1.5. <b>Mailman 2.1.6 is not +affected</b>. This issue can allow for the leakage of member passwords. <p>A quick, immediate fix is to remove the /usr/local/mailman/cgi-bin/private executable. However, this will break any private archives your lists may be @@ -36,4 +36,9 @@ will be informed of their new passwords. <p>Credit goes to Marcus Meissner for finding this issue. </li> + +<li><b>Mailman 2.1.6</b> -- allows for more cryptographically secure (but less +user-friendly) list admin and auto-generated user passwords. Also, a +potential cross-site scripting hole has been closed. + </ul> |