GNU Mailman

GNU Mailman 2.1.39

  1. Series 2.1
  2. 2.1.39

Milestone information

Project:
GNU Mailman
Series:
2.1
Version:
2.1.39
Released:
 
Registrant:
Mark Sapiro
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
1 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mailman-2.1.39.tgz (md5, sig) Mailman 2.1.39 release 3,302
last downloaded 24 hours ago
Total downloads: 3,302

Release notes 

Mailman 2.1.39 fixes https://bugs.launchpad.net/mailman/+bug/1954694

This addresses two issues.

The fix for CVE-2021-42097 was case sensitive and should not be.
The fix for CVE-2021-44227 introduced a potential NameError in logging.

Changelog 

View the full changelog

2.1.39 (13-Dec-2021)

  Bug Fixes and other patches

    - User matching for CSRF tokens is no longer case sensitive., and a
      potential NamerError in logging is fixed. (LP: #1954694)

0 blueprints and 1 bug targeted

Bug report Importance Assignee Status
1954694 #1954694 CSRF check for user tokens should not be case sensitive. 4 Medium   10 Fix Released
This milestone contains Public information
Everyone can see this information.