diff --git a/python-postorius.changes b/python-postorius.changes index 6b55adb..41b6671 100644 --- a/python-postorius.changes +++ b/python-postorius.changes @@ -2,7 +2,71 @@ Thu Nov 18 08:02:22 UTC 2021 - Andreas Schneider - Update to version 1.3.6 - * https://gitlab.com/mailman/postorius/-/blob/1.3.6/src/postorius/doc/news.rst + - Security: + - Check that a user owns the email address they are trying + to unsubscribe. This fixes a bug in which any logged-in + user could unsubscribe any email address from any mailing + list, leaking whether that address was subscribed + originally. (CVE-2021-40347) + - UI: + - Add 'Delivery Mode' and 'Moderation Action' columns to + - List members page. Add support to list and handle pending + un-subscription requests. + - Add support to specify a reason when handling + (un)subscription requests + - Success messages to mass subscribes now properly + distinguish subscription from invitation and indicate + possible pending confirmation or approval. + - User profile dropdown no longer is too far right. + - Expose archive_rendering_mode in Archiver settings to + choose between plaintext and rich text rendering of emails + in Hyperkitty. + - Allow choosing delivery_mode and delivery_status when + subscribing to a List. + - Redirect to domain_index after domain_edit succeeds. + - Expose new bounce_notify_owner_on_bounce_increment list + setting on Bounce Processing settings, and expose the + corresponding template. + - Expose the forward_unrecognized_bounces_to setting on + Bounce Processing settings. + - Clarified the description of Maximum number of recipients. + - List summary view will now display a table for all + subscriptions with delivery_mode and delivery_status. + - Add a new user management interface for superusrs. + - Allow searching for users in list user views. + - Show both display name and email in user management + interface if available, + - Allow list:admin:notice:pending template to be set in + Postorius. + - Other: + - Use mass-subscription API in core for Mass Removal of + Members. + - Fix a bug where users with multiple subscriptions to a List + couldn't view their Preferences for all addresses. + - Check for pending unsubscription requests and notify user + when the request is pending approval. + - Improve the performance of Members' page by skipping an API + call. + - Improve the performance of List index page for Superuser. + - Skip looking up choosable_domains for non-superuser to + reduce API calls. + - Improve the performance of List owner access checks. + - Add a new APICountingMiddleware to performance testing + purposes. + - Use user_id as subscriber instead of addresses to improve + the efficiency of list index page. + - AUTOCREATE_MAILMAN_USER setting is now removed and + a Mailman user is always created when a User object in + created in Django. Also remove duplicate implementation of + get_mailman_user from MailmanUserManager so that we can use + a single implementation that uses caching for efficient + lookups. Bump bundled jQuery to 3.6.0.slim version. + - Use the full jQuery not the slim version. + - Do not show Ownerships and Moderator roles in the + 'Subscriptions' page under mange new user interface. + - Ascessibility: + - Move the focus to the textarea in mass subscribe page if + there are errors in the form. ------------------------------------------------------------------- Wed Jun 2 06:33:53 UTC 2021 - Andreas Schneider