Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 6.2.74 #1722

Merged
merged 7 commits into from
Dec 16, 2024
Merged

Release 6.2.74 #1722

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
cd65f1c
Update NEWS.md
ikedas Sep 25, 2023
af0a12e
Update NEWS.md
ikedas Nov 29, 2023
0e1bb6f
Update NEWS.md
ikedas Feb 24, 2024
798be6a
Update NEWS.md
ikedas Sep 17, 2024
3a01e8d
Update NEWS.md
ikedas Nov 3, 2024
20f4a26
Update NEWS.md
ikedas Nov 3, 2024
8a2b7e3
Update NEWS.md
ikedas Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
123 changes: 123 additions & 0 deletions NEWS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,128 @@
# Change Log

## [6.2.74](https://github.com/sympa-community/sympa/tree/6.2.74) (2024-12-16)

[Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.72...6.2.74)

**Notice:**

This release includes a fix for [CVE-2024-55919] Improper input validation on generic SSO login [\#1917](https://github.com/sympa-community/sympa/issues/1917).

Administorators setting `generic_sso` paragraph with `force_email_verify` parameter enabled in `auth.conf` should upgrade Sympa to this version or take measure. For more details see the Security Advisory [Sympa SA 2024-001](https://www.sympa.community/security/2024-001.html).

**Incompatible changes:**

- Notes for packagers:
- Some distributions including Debian and the descendants separate `perldoc`
from the package for Perl. On this case activating `perldoc` is
encouraged for better user experiences
[\#1832](https://github.com/sympa-community/sympa/pull/1832).
- Fix for bug [\#1884](https://github.com/sympa-community/sympa/issues/1884)
needs additional optional module
[Unicode-UTF8](https://metacpan.org/dist/Unicode-UTF8).
This module will be made mandatory on the release of Sympa in the near future.

- DKIM signatures in outgoing messages are no longer removed even if they
are invalid
[\#1852](https://github.com/sympa-community/sympa/issues/1852).
On the other hand, `remove_dkim_headers` parameter was introduced for
their removal, which is rarely needed
[\#1898](https://github.com/sympa-community/sympa/pull/1898).

- If custom_subject contains a sequence number, it is always placed at the
beginning of the subject. If it does not contain, it is placed at the same
position as before
[\#1811](https://github.com/sympa-community/sympa/issues/1811).

**Implemented enhancements:**

- The messages forwarded for admins (listmasters, owners and moderators) also
should have DKIM signature [\#1869](https://github.com/sympa-community/sympa/pull/1869)
- Do not remove (possibly invalid) DKIM-Signature headers from outgoing messages [\#1852](https://github.com/sympa-community/sympa/issues/1852)
- LDAP: Add `deref` option to specify how to dereference aliases [\#1853](https://github.com/sympa-community/sympa/issues/1853)
- Parameter for syslog socket should allow options such as host name [\#1839](https://github.com/sympa-community/sympa/issues/1839)
- WWSympa: Expose update_epoch on get_closed_lists [\#1865](https://github.com/sympa-community/sympa/pull/1865)
- Fix cross-robot list inclusion [\#1797](https://github.com/sympa-community/sympa/issues/1797)
- WWSympa: Invitations via the Sympa website [\#648](https://github.com/sympa-community/sympa/issues/648)
- Allow "custom_subject" to be at the beginning of the subject [\#1811](https://github.com/sympa-community/sympa/issues/1811)
- Improve diagnostic messages in the DSNs generated by Sympa [\#1688](https://github.com/sympa-community/sympa/issues/1688)
- WWSympa: Detect web crawlers [\#1667](https://github.com/sympa-community/sympa/pull/1667)
- WWSympa: Save default sort key in review [\#1577](https://github.com/sympa-community/sympa/issues/1577)
- Add `.eml` extension to archives files [\#1581](https://github.com/sympa-community/sympa/issues/1581)
- Additional localised "Re:" prefixes in subject [\#1668](https://github.com/sympa-community/sympa/pull/1668)
- Support for LDAP paged queries [\#57](https://github.com/sympa-community/sympa/issues/57)
- Overall statistics panel [\#1661](https://github.com/sympa-community/sympa/issues/1661)

**Fixed bugs:**

- [CVE-2024-55919] Improper input validation on generic SSO login [\#1917](https://github.com/sympa-community/sympa/issues/1917)
- DKIM signing and ARC sealing order is reversed [\#1851](https://github.com/sympa-community/sympa/issues/1851)
- WWSynmpa: do_distribute: Confirmation was not always performed [\#1889](https://github.com/sympa-community/sympa/pull/1889)
- WWSympa: Invalid UTF-8 sequences in input may trigger crashing [\#1884](https://github.com/sympa-community/sympa/issues/1884)
- Incorrect "No bouncing members" on a large list with small number of bouncers [\#1842](https://github.com/sympa-community/sympa/issues/1842)
- Prevent custom_header with non-ASCII characters [\#1840](https://github.com/sympa-community/sympa/issues/1840)
- \[[Debian Bug#1062398](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062398)\]
Lacks dependency on `perldoc` utility
[\#1832](https://github.com/sympa-community/sympa/pull/1832)
- CLI: With sympa config key=value, key couldn't contain dot [\#1831](https://github.com/sympa-community/sympa/pull/1831)
- If lock fails, details should be included in the error message [\#1824](https://github.com/sympa-community/sympa/pull/1824)
- Stop "do_distribute" actions from Web interface from generating backscatter emails to sympa-request alias [\#1737](https://github.com/sympa-community/sympa/issues/1737)
- `From:` header sanitation fails with brackets and Umlauts: Bug in MIME-EncWords [\#1787](https://github.com/sympa-community/sympa/issues/1787)
- PostgreSQL/SQLite: Sympa tries creating temporary views in databases unnecessarily [\#1812](https://github.com/sympa-community/sympa/issues/1812)
- 🐛 — [moderation] Show message content when clicking on its object [\#1709](https://github.com/sympa-community/sympa/pull/1709)
- WWSympa: Uploaded file names in UTF-8 were garbled [\#1802](https://github.com/sympa-community/sympa/issues/1802)
- Setting invite sender as From: field should be avoided [\#1846](https://github.com/sympa-community/sympa/issues/1846)
- The length of boundary lines in multipart messages could exceed 70 octets [\#1795](https://github.com/sympa-community/sympa/issues/1795)
- Add links to create or recreate password [\#1713](https://github.com/sympa-community/sympa/issues/1713)
- DKIM: `i=` tag may not match in some auto-generated messages [\#1716](https://github.com/sympa-community/sympa/issues/1716)
- Broken output with SOAP API due to mixture of byte- and utf8-strings [\#1541](https://github.com/sympa-community/sympa/issues/1541)
- Meaningful error message should be shown for unauthenticated user if privileges are required [\#1692](https://github.com/sympa-community/sympa/issues/1692)
- Display name in `From:` header field should be quoted / unquoted appropriately [\#1572](https://github.com/sympa-community/sympa/pull/1572)
- sympa instantiate: Progress bar could not be inactivated [\#1567](https://github.com/sympa-community/sympa/issues/1567)
- WWSympa: Noise in Apache error_log [\#1325](https://github.com/sympa-community/sympa/issues/1325)
- WWSympa: Enable autofilling of password only if necessary [\#1033](https://github.com/sympa-community/sympa/issues/1033)
- WWSympa: Direct link to reject action crashes [\#1703](https://github.com/sympa-community/sympa/issues/1703)
- SOAP: Broken output with SOAP API due to mixture of byte- and utf8-strings [\#1541](https://github.com/sympa-community/sympa/issues/1541)
- MacPorts: Fixes for `service/sympa.in` [\#1642](https://github.com/sympa-community/sympa/pull/1642)
- "warning: ignoring prerequisites on suffix rule definition" with GNU make 4.3 [\#1651](https://github.com/sympa-community/sympa/pull/1651)
- Manually deleted list blocks closure of the list which has been included by the former [\#1660](https://github.com/sympa-community/sympa/issues/1660)
- WWSympa: A workaround for the browser back to let the "Please Wait..." spinner remain [\#1666](https://github.com/sympa-community/sympa/pull/1666)
- WWSympa: Lower the list of months in the calendar and allow it scrolling [\#1672](https://github.com/sympa-community/sympa/pull/1672)
- RSS: lastBuildDate element in RSS feed was inproperly formatted [\#1680](https://github.com/sympa-community/sympa/pull/1680)
- WWSympa: Fixes for Sympa Accessibility Issues - Review by UIUC
[\#1744](https://github.com/sympa-community/sympa/issues/1744)
[\#1747](https://github.com/sympa-community/sympa/issues/1747)
[\#1748](https://github.com/sympa-community/sympa/issues/1748)
[\#1751](https://github.com/sympa-community/sympa/issues/1751)
[\#1752](https://github.com/sympa-community/sympa/issues/1752)
[\#1753](https://github.com/sympa-community/sympa/issues/1753)
[\#1761](https://github.com/sympa-community/sympa/issues/1761)
[\#1763](https://github.com/sympa-community/sympa/issues/1763)
[\#1767](https://github.com/sympa-community/sympa/issues/1767)
[\#1776](https://github.com/sympa-community/sympa/issues/1776)
- [CVE-2021-41183] [CVE-2021-41182] [CVE-2021-41184] [CVE-2022-31160] WWSympa: Update jquery-ui from 1.12.1 to 1.13.2 [\#1719](https://github.com/sympa-community/sympa/issues/1719)
- DSN with status `4.3.0` may mess the parent(s) of nested list [\#1699](https://github.com/sympa-community/sympa/issues/1699)
- `INFO` mail command pulls different owners and/or moderators than those with web UI [\#1732](https://github.com/sympa-community/sympa/issues/1732)
- DKIM: Default value of `dkim_signature_apply_on` in domain context was ignored [\#1739](https://github.com/sympa-community/sympa/issues/1739)
- Upgrade command should fail if no previuos version number can be found [\#1741](https://github.com/sympa-community/sympa/pull/1741)
- WWSympa: Missing validation on Digest frequency in Edit Config [\#1742](https://github.com/sympa-community/sympa/issues/1742)
- WWSympa: 🐛 — Fix error when rejecting message from direct URL [\#1687](https://github.com/sympa-community/sympa/pull/1687)
- SOAP: Fix typos in `sympa.wsdl` [\#1676](https://github.com/sympa-community/sympa/issues/1676) [\#1696](https://github.com/sympa-community/sympa/issues/1696)
- Crashes by "Can't locate object method "new" via package "Sympa::Aliases"" [\#1710](https://github.com/sympa-community/sympa/issues/1710)
- WWSympa: Invalid input on sso\_login form floods listmaster notification [\#1654](https://github.com/sympa-community/sympa/issues/1654)
- Deprecate "System log" setting in Listmaster Admin menu [\#1649](https://github.com/sympa-community/sympa/issues/1649)
- Confusing labels for ttl and distribution\_ttl [\#896](https://github.com/sympa-community/sympa/issues/896)
- Broken links in sympa\_config.pod [\#1675](https://github.com/sympa-community/sympa/pull/1675)
- Some typos in docs and comments [\#1653](https://github.com/sympa-community/sympa/pull/1653)
- Correct texts about obsoleted `dkim` authentication method for scenarios [\#1599](https://github.com/sympa-community/sympa/pull/1599)
- When owners/moderators are added, "N subscribers added" is shown [\#1584](https://github.com/sympa-community/sympa/pull/1584)

**Merged pull requests:**

- Postpone making Unicode::UTF8 mandatory [\#1905](https://github.com/sympa-community/sympa/pull/1905)
- Typos [\#1856](https://github.com/sympa-community/sympa/pull/1856)
- Tracking: Remove outdated heuristics for bounce processing [\#1701](https://github.com/sympa-community/sympa/pull/1701)

## [6.2.72](https://github.com/sympa-community/sympa/tree/6.2.72) (2023-06-01)

[Full Changelog](https://github.com/sympa-community/sympa/compare/6.2.71b.1...6.2.72)
Expand Down
Loading