v11.15.0 Released!

From: "Justin John justin@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED>

Date: August 31st 2021

Hello everyone,

v11.15.0 has been released!

Download and install:

https://dadamailproject.com/d/install_dada_mail.pod.html

This version has protection from link prefetching, which can cause havoc on a mailing list’s functions. I’m not even kidding. Here’s a blog post showing an example of how this can happen in something as widely used as Apple’s Mail app:

https://blog.dadamailproject.com/2021/08/31/link-prefetching-protection-in-dada-mail-v11-15-0-and-other-security-enhancements/

I’m suggesting this is one of those, “need to have” upgrades. If you’ve been putting off upgrading your Dada Mail, now’s a really really good time.

Changelog (and below):

https://dadamailproject.com/d/changes_11_x.pod.html#pod11.15.0

Focus

This is a release that includes some features as well as some fairly important security enhancements. Please read the whole changelog for this release to understand the important changes made.

Changes

jQuery upgraded from v2.2.4 to v3.6.0

Older versions of jQuery have known potential security issues that have been fixed in newer versions. No known security exploits in Dada Mail have been found from this older version of jQuery, but we suggest upgrading your version of Dada Mail to stay as safe as possible.

More information:

https://snyk.io/test/npm/jquery/2.2.4

Link Prefetching Protection

Links in email messages in Dada Mail that cause an action, like "subscribe", "approve message", "reject message", etc can be automatically triggered without the user's knowledge by email readers that prefetch the content from the link. Link prefetching happens for a few reasons, including filtering links for malicious content or generate previews.

Starting in v11.15.0, Dada Mail has safeguards against link prefetching that leads to an action, by translating these "GET" requests to, "POST" requests. These include:

Subscription Confirmations
Unsubscriptions
List Owner Accept/Rejecting Subscriptions
List Password Reset
Clickthrough Link Tracking
Profile Activation
Profile Password Reset
Moderating Discussion Messages

This is a farly large issue, and we do suggest everyone to upgrade to v11.15.0 (or later).

Bugfixes

Trying to view the public archive without knowing the list will lead to blank page/error #1047

https://github.com/justingit/dada-mail/issues/1047

Justin J: Lead Dadaist url: dadamailproject.com email: justin@PROTECTED twitter: @dadamail

Dada Mail Announcements:http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/

‹ Re: Message Link Prefetching Issue

Index

Re: v11.15.0 Released! ›

Email Address

You're OK with using your email address as your primary contact for this email discussion list; messages will be sent on your behalf

Unsubscribe at Anytime | Privacy Policy

This mailing list is a public mailing list - anyone may join or leave, at any time.
This mailing list is a group discussion list (unmoderated)
Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
Bug/Error reports
Bug fixes
Request For Comments on any changes to the program
Help customizing Dada Mail for your own needs
Patches
Language Translations
Support Documentation/Doc editing, FAQ's, etc.
Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.