Software Update: Mailman 2.1.6 RC 4

Mailman is an open source system for maintaining mailing lists and newsletters. The built-in web interface provides quick and easy access for users and administrators. It also supports archiving, automatic bounce processing, content filtering and spam filters, as well as 26 different languages† Mailman is largely developed in the Python programming language and recently the fourth release candidate of version 2.1.6 has been released. The changelog looks like this:

One more release candidate to fix some last minute bugs.

Changes in 2.1.6:

• Mail-to-news gateway now strips subject prefix off from a response by a mail user if news_prefix_subject_too is not set.
• Critical security patch for path traversal vulnerability in private archive script (CAN-2005-0202).
• Date and Message-Id headers are added for digests. (1116952)
• List owners can now cusomize the non-member rejection notice from admin//privacy/sender page. (1107169)
• Most of the installation instructions have been moved to a latex document. See admin/www/mailman-install/index.html for details.
• VERP_PROBES is disabled by default.
• bin/withlist can be run without a list name, but only if -i is given. Also, withlist puts the directory it’s found in at the end of sys.path, making it easier to run withlist scripts that live in $prefix/bin.
• bin/newlist grew two new options: -u/–urlhost and -e/–emailhost which lets the user provide the web and email hostnames for the new mailing list. This is a better way to specify the domain for the list, rather than the old ‘mylist@hostname’ syntax (which is still supported for backward compatibility, but deprecated).
• Added the ability for Mailman generated passwords (both member and list admin) to be more cryptographically secure. See new configuration variables USER_FRIENDLY_PASSWORDS, MEMBER_PASSWORD_LENGTH, and ADMIN_PASSWORD_LENGTH. Also added a new bin/withlist script called reset_pw.py which can be used to reset all member passwords. Passwords generated by Mailman are now 8 characters by default for members, and 10 characters for list administrators.
• Allow editing of the welcome message from the admin page (1085501).
• A potential cross-site scripting hole in the driver script has been closed. Thanks to Florian Weimer for its discovery. Also, turn STEALTH_MODE on by default.
• Chinese languages ​​moved from ‘big5’ and ‘gb’ to ‘zh_TW’ and ‘zh_CN’ respectively for compliance to the IANA spec. Note, however, that the character sets were changed from ‘Big5’ or ‘GB2312’ to ‘UTF-8’ to cope with the insufficient codecs support in Python 2.3 and earlier. You may have to install Chinese capable codecs (like CJKCodecs) separately to handle the incoming messages which are in local charsets, or upgrade your Python to 2.4 or newer.
• Python 2.4 compatibility issue: time.strftime() became strict about the ‘day of year’ range. (1078482)
• New feature: automatic discards of held messages. List owners can now set how many days to hold the messages in the moderator request queue. cron/checkdb will automatically discard old messages. See the max_days_to_hold variable in the General Options and DEFAULT_MAX_DAYS_TO_HOLD in Defaults.py. This defaults to 0 (ie disabled). (790494)
• Improved mail address sanity check. (1030228)
• SpamDetect.py now checks attachment header. (1026977)
• New feature: subject_prefix can be configured to include a sequence number which is taken from the post_id variable. Also, the prefix is ​​always put at the start of the subject, ie “[list-name] Re: original subject”, if mm_cfg.OLD_STYLE_PREFIXING is set No. The default style is “Re: [list-name]” if numbering is not set, for backward compatibility. If the list owner is using numbering feature by “%d” directive, the new style, “[list-name 123] Re:”, is always used.
• List owners can now use Scrubber to get the attachments scrubbed (held in the web archive), if the site admin permits it in mm_cfg.py. New variables introduced are SCRUBBER_DONT_USE_ATTACHMENT_FILENAME and SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION in Defaults.py for scrubber behavior. (904850)
• Filter attachments by filename extensions. (1027882)
• Bugs and patches: 955381 (older Python compatibility), 1020102/1013079/1020013 (fix spam filter removed), 665569 (newer Postfix bounce detection), 970383 (moderator -1 admin requests pending), 873035 (subject handling in -request mail) , 799166/946554 (makefile compatibility), 872068 (add header/footer via unicode), 1032434 (KNOWN_SPAMMERS check for multi-header), 1025372 (empty Cc:), 789015 (fix pipermail URL), 948152 (Out of date link on Docs), 1099138 (Scrubber.py breaks on None part), 1099840/1099840 (deprecated % insertion), 880073/933762 (List-ID RFC compliance), 1090439 (passwd reminder shunted), 1112349 (case insensitivity in acceptable_aliases), 1117618 (Don’t Cc for personalized anonymous list), 1190404 (wrong permission after editing html)