September 21st 2021 PST
Here’s the CVE report: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41083-- Justin J: Lead Dadaist*url: dadamailproject.comemail: justin@PROTECTEDtwitter: @dadamailDada Mail Announcements: http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/ On Sep 20, 2021, at 1:56 PM, Justin John justin@PROTECTED [Dada Mail Developers] <dadadev@PROTECTED> wrote: From: justin@PROTECTEDHello everyone, v11.16.0 h ...Continue Reading
September 20th 2021 PST
Hello everyone, v11.16.0 has been released! Download and install: https://dadamailproject.com/d/install_dada_mail.pod.html A CSRF Vulnerability has been found in Dada Mail and this release is primarily put out to fix it. All versions of Dada Mail below v11.16.0 are vulnerable and it’s another upgrade that I would suggest for absolutely everyone. Changelog (and below): https://dadamailproject.com/d/changes_11_x.pod.html#pod11.16.0 Focus This version of Dada Mail has been released primarily to fix a security vulnerabil ...Continue Reading
September 13th 2021 PST
Hello everyone, v11.15.1 has been released! Download and install: https://dadamailproject.com/d/install_dada_mail.pod.html This release includes a few bug fixes dealing with potential security issues. The biggest one is the reCAPTCHA v2 problem - it’s very easy to circumvent its protection completely, so if you’re relying on reCAPTCHA v2, upgrade. Changelog (and below): https://dadamailproject.com/d/changes_11_x.pod.html#pod11.15.1 Focus This is a bugfix release, with changes to close up some potential security hole ...Continue Reading
September 6th 2021 PST
Howdy everyone, how’s v11.15.0 working for everyone? While finishing up work on getting the GET requests found in email messages - things like confirming your subscriptions, it dawned on me that Dada Mail has no checks for other GET requests, that should be POSTs. Here’s a scenario: you want to log into your mailing list, so you fill out the password in the login form. Works a peach. The login form uses a POST request, as it’s sending pretty sensitive information through the pipes (your password), but there’s ...Continue Reading
August 31st 2021 PST
It is working now Richard Mourino ------ Original Message ------ From: "Mourino richard.mourino@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED> To: "Dada Mail Developers Subscriber" <richard.mourino@PROTECTED> Sent: 8/31/2021 6:03:15 PM Subject: Re: [dadadev] v11.15.0 Released! From: richard.mourino@PROTECTED Check the link for the uncompress file got a 404 Richard Mourino ...Continue Reading
August 31st 2021 PST
Thanks - Fixed, https://raw.githubusercontent.com/justingit/dada-mail/v11_15_0-stable_2021_08_30/uncompress_dada.cgi -- Justin J: Lead Dadaist*url: dadamailproject.comemail: justin@PROTECTEDtwitter: @dadamailDada Mail Announcements: http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/ On Aug 31, 2021, at 4:02 PM, Mourino richard.mourino@PROTECTED [Dada Mail Developers] <dadadev@PROTECTED> wrote: From: richard.m ...Continue Reading
August 31st 2021 PST
Check the link for the uncompress file got a 404 Richard Mourino ...Continue Reading
August 31st 2021 PST
Hello everyone, v11.15.0 has been released! Download and install: https://dadamailproject.com/d/install_dada_mail.pod.html This version has protection from link prefetching, which can cause havoc on a mailing list’s functions. I’m not even kidding. Here’s a blog post showing an example of how this can happen in something as widely used as Apple’s Mail app: https://blog.dadamailproject.com/2021/08/31/link-prefetching-protection-in-dada-mail-v11-15-0-and-other-security-enhancements/ I’m suggesting this is one of those, ...Continue Reading
August 24th 2021 PST
Hi Justin!Always nice to hear from you and seeing you take care great of your baby. Hope you are doing well out there in the West. Nothing else. Just hi. 😃Cheers,Bruce Scherzinger On August 24, 2021 5:18:17 PM "Justin John justin@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED> wrote: From: justin@PROTECTED Howdy everyone, I’m working on the problem of email services/readers (Gmail) visiting links within the message to do whatever they do when they do that (scan the content fo ...Continue Reading
August 24th 2021 PST
Howdy everyone, I’m working on the problem of email services/readers (Gmail) visiting links within the message to do whatever they do when they do that (scan the content for bad things, mostly - but also useful things like previewing the page in a popup). Link prefetching itself isn’t really a terrible thing, but it leads to perhaps bad side effects when it comes to links in email messages that do things, like subscribe or remove someone from a mailing list. Dada Mail has some protection for this, most specifically for ...Continue Reading
Start a new thread, email: dadadev@dadamailproject.com
This is the developer discussion mailing list for Dada Mail.
If you are just looking for support Dada Mail, consult the message boards at:
https://forum.dadamailproject.com
Documentation for Dada Mail:
Specifically, see the Error FAQ:
https://dadamailproject.com/d/FAQ-errors.pod.html
To post to this list, send a message to:
mailto:dadadev@dadamailproject.com
All subscribers of this list may post to the list itself.
Topics that are welcome:
Dada Mail is on Github:
https://github.com/justingit/dada-mail/
If you would like to fork, branch, send over PRs, open up issues, etc.
This Privacy Policy is for this mailing list, and this mailing list only.
Email addresses collection through this mailing list are used explicitly to work within this email discussion list.
We only collect email addresses through our Closed-Loop Opt-In system.
We don't use your email address for any other purpose.
We won't be sharing your email address with any other entity.
Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.
All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.
All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.