What's Changed
Notice
This release includes a fix for [CVE-2024-55919] Improper input validation on generic SSO login #1917.
Administorators setting generic_sso paragraph with force_email_verify parameter enabled in auth.conf should upgrade Sympa to this version or take measure. For more details see the Security Advisory Sympa SA 2024-001.
Incompatible changes
-
Notes for packagers:
- Some distributions including Debian and the descendants separate
perldocfrom the package for Perl. On this case activatingperldocis encouraged for better user experiences #1832. - Fix for bug #1884 needs additional optional module Unicode-UTF8. This module will be made mandatory on the release of Sympa in the near future.
- Some distributions including Debian and the descendants separate
-
DKIM signatures in outgoing messages are no longer removed even if they are invalid #1852. On the other hand,
remove_dkim_headersparameter was introduced for their removal, which is rarely needed #1898. -
If custom_subject contains a sequence number, it is always placed at the beginning of the subject. If it does not contain, it is placed at the same position as before #1811.
Implemented enhancements
- Overall statistics panel for each domain (#1661) by @ikedas in #1664
- Inclusion from LDAP data sources supports RFC 2696 Paged Results control (#57) by @farialima in #1733
- WWSympa: Conform some fields in HTTP responses to current standards by @ikedas in #1679
- Lower the list of months in the calendar and allow it scrolling by @ikedas in #1672
- Additional localised "Re:" prefixes in subject by @ikedas in #1668
- Add .eml extension to archives files by @ldidry in #1582
- WWSympa: Save default sort key in review (#1577) by @ikedas in #1579
- Display name in
From:header field should be quoted / unquoted appropriately by @ikedas in #1572 - WWSympa: Detect web crawlers by @ikedas in #1667
- Improve diagnostic messages in the DSNs generated by Sympa by @ikedas in #1690
- (AB) add an invite feature to WWSympa by @adam12b1 in #1849
- Allow "custom_subject" to be at the beginning of the subject (#1811) by @ikedas in #1817
- Fix cross-robot list inclusion (#1797) by @dpoon in #1798
- Expose update_epoch on get_closed_lists. by @racke in #1865
- Parameter for syslog socket should allow options such as host name by @ikedas in #1841
- LDAP: Add
derefoption to specify how to dereference aliases by @ikedas in #1892 - Several fixes/improvements on ARC seal & DKIM signature by @ikedas in #1869
- DKIM-Signature header fields should not be removed even if invalid (#1852) by @ikedas in #1898
Fixed bugs
- When owners/moderators are added, "N subscribers added" is shown by @ikedas in #1584
- Confusing labels for ttl and distribution_ttl (#896) by @ikedas in #1585
- Correct texts about obsoleted
dkimauthentication method for scenarios by @ikedas in #1599 - Deprecate "System log" setting in Listmaster Admin menu (#1649) by @ikedas in #1650
- Some typos in docs and comments by @ikedas in #1653
- WWSympa: Invalid input on sso_login form floods listmaster notification (#1654) by @ikedas in #1655
- Broken links in sympa_config.pod by @ikedas in #1675
- Can't locate object method "new" via package "Sympa::Aliases" (#1710) by @ikedas in #1712
- SOAP: Fix typos in sympa.wsdl by @ikedas in #1698
- 🐛 — Fix error when rejecting message from direct URL by @ldidry in #1687
- Missing validation on Digest frequency in Edit Config (#1742) by @ikedas in #1745
- Upgrade command should fail if no previuos version number can be found. by @woodfighter in #1741
- Default value of
dkim_signature_apply_onin domain context was ignored (#1739) by @ikedas in #1740 - INFO mail command pulls different owners and/or moderators than those with web UI (#1732) by @ikedas in #1734
- DSN with status 4.3.0 may mess the parent of nested list (#1699) by @ikedas in #1726
- WWSympa: Update jquery-ui from 1.12.1 to 1.13.2 (#1719) by @ikedas in #1720
- WWSympa: Accessing Navigation Menu, focus go back to Top Bar (#1747) by @ikedas in #1755
- RSS: lastBuildDate element in RSS feed was inproperly formatted by @ikedas in #1680
- A workaround for the browser back to let the "Please Wait..." spinner remain by @ikedas in #1666
- Manually deleted list blocks closure of the list which has been included by the former (#1660) by @ikedas in #1662
- "warning: ignoring prerequisites on suffix rule definition" with GNU make 4.3 by @ikedas in #1651
- MacPorts: Fixes for service/sympa.in by @ikedas in #1642
- Broken output with SOAP API due to mixture of byte- and utf8-strings (#1541) by @ikedas in #1592
- WWSympa: Direct link to reject action crashes by @ikedas in #1704
- WWSympa: Enable autofilling of password only if necessary by @ikedas in #1563
- Noise in Apache error_log (#1325) by @ikedas in #1570
- sympa instantiate: Progress bar could not be inactivated by @ikedas in #1568
- WWSympa: Screen Reader needs clear labels for text fields (#1748) by @ikedas in #1779
- ♿ — WWSympa: No visual focus indicator when accessing elements by keyboard (#1744) by @ldidry in #1756
- Use browser's built-in "date" widget instead of jQuery UI Datepicker that is inaccessible using keyboard (#1751) by @ikedas in #1782
- ♿ — WWSympa: The items in the multiselect box are not readable fully (#1752) by @ldidry in #1757
- Accessibility: Fix some problems (#1753) (#1761) (#1763) (#1767) by @ikedas in #1783
- Meaningful error message should be shown for unauthenticated user if privileges are required (#1692) by @ikedas in #1827
- DKIM: i= tag may not match in some auto-generated messages (#1716) by @ikedas in #1717
- Add links to create or recreate password (#1713) by @ikedas in #1718
- The length of boundary lines in multipart messages could exceed 70 octets (#1795) by @ikedas in #1809
- Setting invite sender as From: field should be avoided (#1846) by @ikedas in #1882
- WWSympa: Uploaded file names in UTF-8 were garbled (#1802) by @ikedas in #1803
- 🐛 — [moderation] Show message content when clicking on its object by @ldidry in #1709
- PostgreSQL/SQLite: Sympa tries creating temporary views in databases unnecessarily (#1812) by @ikedas in #1813
- Update a dependency MIME-EncWords (#1787) by @ikedas in #1800
- Stop "do_distribute" actions from Web interface from generating backscatter emails to sympa-request alias (#1737) by @dpc22 in #1818
- If lock fails, details should be included in the error message by @ikedas in #1824
- Noise in Apache error_log (again) (#1325) by @ikedas in #1830
- CLI: With
sympa config key=value, key couldn't contain dot by @ikedas in #1831 - Debian Bug#1062398 Lacks dependency on
perldocutility by @ikedas in #1832 - Prevent custom_header with non-ASCII characters (#1840) by @ikedas in #1844
- Incorrect "No bouncing members" on a large list with small number of bouncers (#1842) by @ikedas in #1845
- WWSympa: Invalid UTF-8 sequences in input may trigger crashing (#1884) by @ikedas in #1885
- WWSynmpa: do_distribute: Confirmation was not always performed by @ikedas in #1889
Other changes
- Tracking: Remove outdated heuristics for bounce processing by @ikedas in #1701
- (AB) add an invite feature to WWSympa (#648) by @ikedas in #1881
- typos by @ikedas in #1856
- postpone making Unicode::UTF8 mandatory by @ikedas in #1905
New Contributors
- @farialima made their first contribution in #1733
- @woodfighter made their first contribution in #1741
- @adam12b1 made their first contribution in #1849
- @dpoon made their first contribution in #1798
Full Changelog: 6.2.72...6.2.74
Contributors
racke, dpoon, and 6 other contributors