GNU Mailman

lp:~ralfjung-e/mailman/csrf-injective

Created by Ralf Jung on 2018-06-03 and last modified on 2018-06-03

Get this branch:: bzr branch lp:~ralfjung-e/mailman/csrf-injective

Only Ralf Jung can upload to this branch. If you are Ralf Jung please log in for upload directions.

Branch merges

No branches dependent on this one.

Merged into lp:mailman/2.1 at revision 1759

Mark Sapiro: Approve on 2018-06-03

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ralf Jung

Project:: GNU Mailman

Status:: Merged

Recent revisions

1759. By Ralf Jung <email address hidden> on 2018-06-03

Separate data in CSRF token by colon to avoid collisions.

This makes the data-to-token function injective. Previously, for example, the
list called "list1" and the IP "10.0.0.0" would have the same hash as the list
called "list" and the IP "110.0.0.0", as the strings were just concatenated.

1758. By Mark Sapiro on 2018-05-26

Updated Japanese translation.

1757. By Mark Sapiro on 2018-05-26

Internationalize the noscript note added to reCAPTCHA.

1756. By Mark Sapiro on 2018-05-25

Update i18n for recent changes.

1755. By Mark Sapiro on 2018-05-25

Add an option to add_members to issue invitations.

1754. By Mark Sapiro on 2018-05-21

A few more error messages have had their values HTML escaped.

1753. By Mark Sapiro on 2018-05-05

Add <noscript> note to listinfo reCAPTCHA that JavaScript is required.

1752. By Mark Sapiro on 2018-05-03

bin/arch now uses i18n.C_ for progress messages.

1751. By Mark Sapiro on 2018-04-13

Give a better message from scripts/driver on SyntaxError in mm_cfg.py.

1750. By Mark Sapiro on 2018-04-11

Improve DELIVERY_RETRY_WAIT reimplementation.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:mailman

This branch contains Public information

Everyone can see this information.

Subscribers

Ralf Jung