From 2be3678296dfe921fc9cf4a2cd3a8ed71fdd4232 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Tue, 29 Oct 2013 13:24:47 -0700
Subject: Implemented whitelist for headers to keep for anonymous lists.

---
 NEWS | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 56e0cd60..d7cb9b85 100755
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,16 @@ Here is a history of user visible changes to Mailman.
 
 2.1.17 (xx-xxx-xxxx)
 
+  New Features
+
+    - There is a new mm_cfg.py setting ANONYMOUS_LIST_KEEP_HEADERS.  Since it
+      is not possible to know which non-standard headers in a message might
+      reveal sender information, we now remove all headers from incoming posts
+      to anonymous lists except those which match regular expressions in this
+      list. The default setting keeps non X- headers except those known to
+      reveal sender information, Mailman added X- headers and x-Spam- headers.
+      See the description in Defaults.py for more information.  (LP: #1246039)
+
   Bug Fixes and other patches
 
     - Fixed a possible UnicodeDecodeError in bin/sync_members.  (LP: #1243343)
-- 
cgit v1.2.3