11.15.1 Released
Hello everyone,
v11.15.1 has been released!
Download and install:
https://dadamailproject.com/d/install_dada_mail.pod.html
This release includes a few bug fixes dealing with potential security issues. The biggest one is the reCAPTCHA v2 problem - it’s very easy to circumvent its protection completely, so if you’re relying on reCAPTCHA v2, upgrade.
Changelog (and below):
https://dadamailproject.com/d/changes_11_x.pod.html#pod11.15.1
Focus
This is a bugfix release, with changes to close up some potential security holes. It's an update we'd suggest for everyone. Most especially for people who are relying on Google reCAPTCHA v2 to protect their subscription forms. We've found that there is a way to circumvent the reCAPTCHA rendering it ineffective. There was also a bug found in the reCAPTHA v3 implementation, so we don't suggest simply switching to v3. More informaton can be found in these two issues:
https://github.com/justingit/dada-mail/issues/1053
https://github.com/justingit/dada-mail/issues/1060
Bugfixes
Creating a new list can be done via a GET request
https://github.com/justingit/dada-mail/issues/1061
reCAPTCHA v3 check has strangely derefrenced variable in code, likely to cause issues.
https://github.com/justingit/dada-mail/issues/1060
Logging into the List Control Panel accepts a GET request
https://github.com/justingit/dada-mail/issues/1059
Dada Mail accepts GET requests to, "Forward to a Friend" form
https://github.com/justingit/dada-mail/issues/1058
Dada Mail accepts "subscribe" requests via GET
https://github.com/justingit/dada-mail/issues/1057
Attempting to send to a blank email address during a mass mailing will stall out the mass mailing (SMTP)
https://github.com/justingit/dada-mail/issues/1056
Google Recaptcha v2 check will return valid if problem with API call happens
https://github.com/justingit/dada-mail/issues/1053
--
Justin J: Lead Dadaist url: dadamailproject.com email: justin@PROTECTED twitter: @dadamail
Dada Mail Announcements:http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/
- This mailing list is a public mailing list - anyone may join or leave, at any time.
- This mailing list is a group discussion list (unmoderated)
-
Start a new thread, email: dadadev@dadamailproject.com
This is the developer discussion mailing list for Dada Mail.
If you are just looking for support Dada Mail, consult the message boards at:
https://forum.dadamailproject.com
Documentation for Dada Mail:
Specifically, see the Error FAQ:
https://dadamailproject.com/d/FAQ-errors.pod.html
To post to this list, send a message to:
mailto:dadadev@dadamailproject.com
All subscribers of this list may post to the list itself.
Topics that are welcome:
- Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
- Bug/Error reports
- Bug fixes
- Request For Comments on any changes to the program
- Help customizing Dada Mail for your own needs
- Patches
- Language Translations
- Support Documentation/Doc editing, FAQ's, etc.
- Discussion of any changes that you would like to be committed to the next version of Dada Mail -
Dada Mail is on Github:
https://github.com/justingit/dada-mail/
If you would like to fork, branch, send over PRs, open up issues, etc.
Privacy Policy:
This Privacy Policy is for this mailing list, and this mailing list only.
Email addresses collection through this mailing list are used explicitly to work within this email discussion list.
We only collect email addresses through our Closed-Loop Opt-In system.
We don't use your email address for any other purpose.
We won't be sharing your email address with any other entity.
Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.
All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.
All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.