From cd65f1c896d71cedeae02abde1ffcbb6cbb1e6b1 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Mon, 25 Sep 2023 18:28:02 +0900
Subject: [PATCH 1/7] Update NEWS.md

---
 NEWS.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/NEWS.md b/NEWS.md
index 7b21252dd..533d09ede 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,5 +1,26 @@
 # Change Log
 
+## [6.2.74](https://github.com/sympa-community/sympa/tree/6.2.74) (2023-XX-XX)
+
+[Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.72...6.2.74)
+
+**Incompatible changes:**
+
+
+**Implemented enhancements:**
+
+- Overall statistics panel [\#1661](https://github.com/sympa-community/sympa/issues/1661)
+
+**Fixed bugs:**
+
+- WWSympa: Invalid input on sso\_login form floods listmaster notification [\#1654](https://github.com/sympa-community/sympa/issues/1654)
+- Deprecate "System log" setting in Listmaster Admin menu [\#1649](https://github.com/sympa-community/sympa/issues/1649)
+- Confusing labels for ttl and distribution\_ttl [\#896](https://github.com/sympa-community/sympa/issues/896)
+- Broken links in sympa\_config.pod [\#1675](https://github.com/sympa-community/sympa/pull/1675)
+- Some typos in docs and comments [\#1653](https://github.com/sympa-community/sympa/pull/1653)
+- Correct texts about obsoleted `dkim` authentication method for scenarios [\#1599](https://github.com/sympa-community/sympa/pull/1599)
+- When owners/moderators are added, "N subscribers added" is shown [\#1584](https://github.com/sympa-community/sympa/pull/1584)
+
 ## [6.2.72](https://github.com/sympa-community/sympa/tree/6.2.72) (2023-06-01)
 
 [Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.71b.1...6.2.72)

From af0a12e5f81011217d000960322a1e73b22bf775 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Wed, 29 Nov 2023 17:09:17 +0900
Subject: [PATCH 2/7] Update NEWS.md

---
 NEWS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NEWS.md b/NEWS.md
index 533d09ede..c9a98e5f1 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -9,6 +9,7 @@
 
 **Implemented enhancements:**
 
+- Support for LDAP paged queries [\#57](https://github.com/sympa-community/sympa/issues/57)
 - Overall statistics panel [\#1661](https://github.com/sympa-community/sympa/issues/1661)
 
 **Fixed bugs:**

From 0e1bb6f4877918ddd7e8e14a17db275e61dfd02f Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Sat, 24 Feb 2024 15:52:03 +0900
Subject: [PATCH 3/7] Update NEWS.md

---
 NEWS.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/NEWS.md b/NEWS.md
index c9a98e5f1..1d5b24b4c 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -9,11 +9,47 @@
 
 **Implemented enhancements:**
 
+- WWSympa: Save default sort key in review [\#1577](https://github.com/sympa-community/sympa/issues/1577)
+- Add `.eml` extension to archives files [\#1581](https://github.com/sympa-community/sympa/issues/1581)
+- Additional localised "Re:" prefixes in subject [\#1668](https://github.com/sympa-community/sympa/pull/1668)
 - Support for LDAP paged queries [\#57](https://github.com/sympa-community/sympa/issues/57)
 - Overall statistics panel [\#1661](https://github.com/sympa-community/sympa/issues/1661)
 
 **Fixed bugs:**
 
+
+- Display name in `From:` header field should be quoted / unquoted appropriately [\#1572](https://github.com/sympa-community/sympa/pull/1572)
+- sympa instantiate: Progress bar could not be inactivated [\#1567](https://github.com/sympa-community/sympa/issues/1567)
+- WWSympa: Noise in Apache error_log [\#1325](https://github.com/sympa-community/sympa/issues/1325)
+- WWSympa: Enable autofilling of password only if necessary [\#1033](https://github.com/sympa-community/sympa/issues/1033)
+- WWSympa: Direct link to reject action crashes [\#1703](https://github.com/sympa-community/sympa/issues/1703)
+- SOAP: Broken output with SOAP API due to mixture of byte- and utf8-strings [\#1541](https://github.com/sympa-community/sympa/issues/1541)
+- MacPorts: Fixes for `service/sympa.in` [\#1642](https://github.com/sympa-community/sympa/pull/1642)
+- "warning: ignoring prerequisites on suffix rule definition" with GNU make 4.3 [\#1651](https://github.com/sympa-community/sympa/pull/1651)
+- Manually deleted list blocks closure of the list which has been included by the former [\#1660](https://github.com/sympa-community/sympa/issues/1660)
+- WWSympa: A workaround for the browser back to let the "Please Wait..." spinner remain [\#1666](https://github.com/sympa-community/sympa/pull/1666)
+- WWSympa: Lower the list of months in the calendar and allow it scrolling [\#1672](https://github.com/sympa-community/sympa/pull/1672)
+- RSS: lastBuildDate element in RSS feed was inproperly formatted [\#1680](https://github.com/sympa-community/sympa/pull/1680)
+- WWSympa: Fixes for Sympa Accessibility Issues - Review by UIUC
+  [\#1744](https://github.com/sympa-community/sympa/issues/1744)
+  [\#1747](https://github.com/sympa-community/sympa/issues/1747)
+  [\#1748](https://github.com/sympa-community/sympa/issues/1748)
+  [\#1751](https://github.com/sympa-community/sympa/issues/1751)
+  [\#1752](https://github.com/sympa-community/sympa/issues/1752)
+  [\#1753](https://github.com/sympa-community/sympa/issues/1753)
+  [\#1761](https://github.com/sympa-community/sympa/issues/1761)
+  [\#1763](https://github.com/sympa-community/sympa/issues/1763)
+  [\#1767](https://github.com/sympa-community/sympa/issues/1767)
+  [\#1776](https://github.com/sympa-community/sympa/issues/1776)
+- [CVE-2021-41183] [CVE-2021-41182] [CVE-2021-41184] [CVE-2022-31160] WWSympa: Update jquery-ui from 1.12.1 to 1.13.2 [\#1719](https://github.com/sympa-community/sympa/issues/1719)
+- DSN with status `4.3.0` may mess the parent(s) of nested list [\#1699](https://github.com/sympa-community/sympa/issues/1699)
+- `INFO` mail command pulls different owners and/or moderators than those with web UI [\#1732](https://github.com/sympa-community/sympa/issues/1732)
+- DKIM: Default value of `dkim_signature_apply_on` in domain context was ignored [\#1739](https://github.com/sympa-community/sympa/issues/1739)
+- Upgrade command should fail if no previuos version number can be found [\#1741](https://github.com/sympa-community/sympa/pull/1741)
+- WWSympa: Missing validation on Digest frequency in Edit Config [\#1742](https://github.com/sympa-community/sympa/issues/1742)
+- WWSympa: 🐛 — Fix error when rejecting message from direct URL [\#1687](https://github.com/sympa-community/sympa/pull/1687)
+- SOAP: Fix typos in `sympa.wsdl` [\#1676](https://github.com/sympa-community/sympa/issues/1676) [\#1696](https://github.com/sympa-community/sympa/issues/1696)
+- Crashes by "Can't locate object method "new" via package "Sympa::Aliases"" [\#1710](https://github.com/sympa-community/sympa/issues/1710)
 - WWSympa: Invalid input on sso\_login form floods listmaster notification [\#1654](https://github.com/sympa-community/sympa/issues/1654)
 - Deprecate "System log" setting in Listmaster Admin menu [\#1649](https://github.com/sympa-community/sympa/issues/1649)
 - Confusing labels for ttl and distribution\_ttl [\#896](https://github.com/sympa-community/sympa/issues/896)
@@ -22,6 +58,10 @@
 - Correct texts about obsoleted `dkim` authentication method for scenarios [\#1599](https://github.com/sympa-community/sympa/pull/1599)
 - When owners/moderators are added, "N subscribers added" is shown [\#1584](https://github.com/sympa-community/sympa/pull/1584)
 
+**Merged pull requests:**
+
+- Tracking: Remove outdated heuristics for bounce processing [\#1701](https://github.com/sympa-community/sympa/pull/1701)
+
 ## [6.2.72](https://github.com/sympa-community/sympa/tree/6.2.72) (2023-06-01)
 
 [Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.71b.1...6.2.72)

From 798be6aa260a163a111e0cfbf707122cbf6f3a9f Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Tue, 17 Sep 2024 23:19:25 +0900
Subject: [PATCH 4/7] Update NEWS.md

---
 NEWS.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/NEWS.md b/NEWS.md
index 1d5b24b4c..0b7e22666 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,11 +1,20 @@
 # Change Log
 
-## [6.2.74](https://github.com/sympa-community/sympa/tree/6.2.74) (2023-XX-XX)
+## [6.2.74](https://github.com/sympa-community/sympa/tree/6.2.74) (2024-XX-XX)
 
 [Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.72...6.2.74)
 
 **Incompatible changes:**
 
+- Notes for packagers:
+
+  - On recent releases, some external Perl modules including Unicode-UTF8
+    [\#1884](https://github.com/sympa-community/sympa/issues/1884) have been
+    made mandatory.  Check updates on `cpanfile`.
+  - Some distributions including Debian and the descendants separate `perldoc`
+    from the package for Perl.  On this case activating `perldoc` is
+    encouraged for better user experiences.
+    [\#1832](https://github.com/sympa-community/sympa/pull/1832)
 
 **Implemented enhancements:**
 

From 3a01e8d19b81feb748e9c118b95b7ac6e07f91a3 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Sun, 3 Nov 2024 12:35:37 +0900
Subject: [PATCH 5/7] Update NEWS.md

Making Unicode::UTF8 mandatory was postponed to the next release.
---
 NEWS.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/NEWS.md b/NEWS.md
index 0b7e22666..939269eb1 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -8,9 +8,6 @@
 
 - Notes for packagers:
 
-  - On recent releases, some external Perl modules including Unicode-UTF8
-    [\#1884](https://github.com/sympa-community/sympa/issues/1884) have been
-    made mandatory.  Check updates on `cpanfile`.
   - Some distributions including Debian and the descendants separate `perldoc`
     from the package for Perl.  On this case activating `perldoc` is
     encouraged for better user experiences.

From 20f4a2608c8fb666b4546e4ca6a11dbf7430fc94 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Sun, 3 Nov 2024 16:58:42 +0900
Subject: [PATCH 6/7] Update NEWS.md

---
 NEWS.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 52 insertions(+), 4 deletions(-)

diff --git a/NEWS.md b/NEWS.md
index 939269eb1..dc6288074 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -7,14 +7,40 @@
 **Incompatible changes:**
 
 - Notes for packagers:
-
   - Some distributions including Debian and the descendants separate `perldoc`
     from the package for Perl.  On this case activating `perldoc` is
-    encouraged for better user experiences.
-    [\#1832](https://github.com/sympa-community/sympa/pull/1832)
+    encouraged for better user experiences
+    [\#1832](https://github.com/sympa-community/sympa/pull/1832).
+  - Fix for bug [\#1884](https://github.com/sympa-community/sympa/issues/1884)
+    needs additional optional module
+    [Unicode-UTF8](https://metacpan.org/dist/Unicode-UTF8).
+    This module will be made mandatory on the release of Sympa in the near future.
+
+- DKIM signatures in outgoing messages are no longer removed even if they
+  are invalid
+  [\#1852](https://github.com/sympa-community/sympa/issues/1852).
+  On the other hand, `remove_dkim_headers` parameter was introduced for
+  their removal, which is rarely needed
+  [\#1898](https://github.com/sympa-community/sympa/pull/1898).
+
+- If custom_subject contains a sequence number, it is always placed at the
+  beginning of the subject. If it does not contain, it is placed at the same
+  position as before
+  [\#1811](https://github.com/sympa-community/sympa/issues/1811).
 
 **Implemented enhancements:**
 
+- The messages forwarded for admins (listmasters, owners and moderators) also
+  should have DKIM signature [\#1869](https://github.com/sympa-community/sympa/pull/1869)
+- Do not remove (possibly invalid) DKIM-Signature headers from outgoing messages [\#1852](https://github.com/sympa-community/sympa/issues/1852)
+- LDAP: Add `deref` option to specify how to dereference aliases [\#1853](https://github.com/sympa-community/sympa/issues/1853)
+- Parameter for syslog socket should allow options such as host name [\#1839](https://github.com/sympa-community/sympa/issues/1839)
+- WWSympa: Expose update_epoch on get_closed_lists [\#1865](https://github.com/sympa-community/sympa/pull/1865)
+- Fix cross-robot list inclusion [\#1797](https://github.com/sympa-community/sympa/issues/1797)
+- WWSympa: Invitations via the Sympa website [\#648](https://github.com/sympa-community/sympa/issues/648)
+- Allow "custom_subject" to be at the beginning of the subject [\#1811](https://github.com/sympa-community/sympa/issues/1811)
+- Improve diagnostic messages in the DSNs generated by Sympa [\#1688](https://github.com/sympa-community/sympa/issues/1688)
+- WWSympa: Detect web crawlers [\#1667](https://github.com/sympa-community/sympa/pull/1667)
 - WWSympa: Save default sort key in review [\#1577](https://github.com/sympa-community/sympa/issues/1577)
 - Add `.eml` extension to archives files [\#1581](https://github.com/sympa-community/sympa/issues/1581)
 - Additional localised "Re:" prefixes in subject [\#1668](https://github.com/sympa-community/sympa/pull/1668)
@@ -23,7 +49,27 @@
 
 **Fixed bugs:**
 
-
+- DKIM signing and ARC sealing order is reversed [\#1851](https://github.com/sympa-community/sympa/issues/1851)
+- WWSynmpa: do_distribute: Confirmation was not always performed [\#1889](https://github.com/sympa-community/sympa/pull/1889)
+- WWSympa: Invalid UTF-8 sequences in input may trigger crashing [\#1884](https://github.com/sympa-community/sympa/issues/1884)
+- Incorrect "No bouncing members" on a large list with small number of bouncers [\#1842](https://github.com/sympa-community/sympa/issues/1842)
+- Prevent custom_header with non-ASCII characters [\#1840](https://github.com/sympa-community/sympa/issues/1840)
+- \[[Debian Bug#1062398](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062398)\]
+  Lacks dependency on `perldoc` utility
+  [\#1832](https://github.com/sympa-community/sympa/pull/1832)
+- CLI: With sympa config key=value, key couldn't contain dot [\#1831](https://github.com/sympa-community/sympa/pull/1831)
+- If lock fails, details should be included in the error message [\#1824](https://github.com/sympa-community/sympa/pull/1824)
+- Stop "do_distribute" actions from Web interface from generating backscatter emails to sympa-request alias [\#1737](https://github.com/sympa-community/sympa/issues/1737)
+- `From:` header sanitation fails with brackets and Umlauts: Bug in MIME-EncWords [\#1787](https://github.com/sympa-community/sympa/issues/1787)
+- PostgreSQL/SQLite: Sympa tries creating temporary views in databases unnecessarily [\#1812](https://github.com/sympa-community/sympa/issues/1812)
+- 🐛 — [moderation] Show message content when clicking on its object [\#1709](https://github.com/sympa-community/sympa/pull/1709)
+- WWSympa: Uploaded file names in UTF-8 were garbled [\#1802](https://github.com/sympa-community/sympa/issues/1802)
+- Setting invite sender as From: field should be avoided [\#1846](https://github.com/sympa-community/sympa/issues/1846)
+- The length of boundary lines in multipart messages could exceed 70 octets [\#1795](https://github.com/sympa-community/sympa/issues/1795)
+- Add links to create or recreate password [\#1713](https://github.com/sympa-community/sympa/issues/1713)
+- DKIM: `i=` tag may not match in some auto-generated messages [\#1716](https://github.com/sympa-community/sympa/issues/1716)
+- Broken output with SOAP API due to mixture of byte- and utf8-strings [\#1541](https://github.com/sympa-community/sympa/issues/1541)
+- Meaningful error message should be shown for unauthenticated user if privileges are required [\#1692](https://github.com/sympa-community/sympa/issues/1692)
 - Display name in `From:` header field should be quoted / unquoted appropriately [\#1572](https://github.com/sympa-community/sympa/pull/1572)
 - sympa instantiate: Progress bar could not be inactivated [\#1567](https://github.com/sympa-community/sympa/issues/1567)
 - WWSympa: Noise in Apache error_log [\#1325](https://github.com/sympa-community/sympa/issues/1325)
@@ -66,6 +112,8 @@
 
 **Merged pull requests:**
 
+- Postpone making Unicode::UTF8 mandatory [\#1905](https://github.com/sympa-community/sympa/pull/1905)
+- Typos [\#1856](https://github.com/sympa-community/sympa/pull/1856)
 - Tracking: Remove outdated heuristics for bounce processing [\#1701](https://github.com/sympa-community/sympa/pull/1701)
 
 ## [6.2.72](https://github.com/sympa-community/sympa/tree/6.2.72) (2023-06-01)

From 8a2b7e327d3bfa9bbf079a20972d50e994c99095 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <mail@ikedas.net>
Date: Mon, 16 Dec 2024 19:49:34 +0900
Subject: [PATCH 7/7] Update NEWS.md

---
 NEWS.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS.md b/NEWS.md
index dc6288074..a1df2decb 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,9 +1,15 @@
 # Change Log
 
-## [6.2.74](https://github.com/sympa-community/sympa/tree/6.2.74) (2024-XX-XX)
+## [6.2.74](https://github.com/sympa-community/sympa/tree/6.2.74) (2024-12-16)
 
 [Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.72...6.2.74)
 
+**Notice:**
+
+This release includes a fix for [CVE-2024-55919] Improper input validation on generic SSO login [\#1917](https://github.com/sympa-community/sympa/issues/1917).
+
+Administorators setting `generic_sso` paragraph with `force_email_verify` parameter enabled in `auth.conf` should upgrade Sympa to this version or take measure. For more details see the Security Advisory [Sympa SA 2024-001](https://www.sympa.community/security/2024-001.html).
+
 **Incompatible changes:**
 
 - Notes for packagers:
@@ -49,6 +55,7 @@
 
 **Fixed bugs:**
 
+- [CVE-2024-55919] Improper input validation on generic SSO login [\#1917](https://github.com/sympa-community/sympa/issues/1917)
 - DKIM signing and ARC sealing order is reversed [\#1851](https://github.com/sympa-community/sympa/issues/1851)
 - WWSynmpa: do_distribute: Confirmation was not always performed [\#1889](https://github.com/sympa-community/sympa/pull/1889)
 - WWSympa: Invalid UTF-8 sequences in input may trigger crashing [\#1884](https://github.com/sympa-community/sympa/issues/1884)