Dada Mail Developers Archives

 

Re: v11.16.0 Released - CSRF Security Vulnerabilities Found, upgrading highly suggested

September 21st 2021 PST

Here’s the CVE report: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41083-- Justin J: Lead Dadaist*url:         dadamailproject.comemail:    justin@PROTECTEDtwitter:  @dadamailDada Mail Announcements: http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/  On Sep 20, 2021, at 1:56 PM, Justin John justin@PROTECTED [Dada Mail Developers] <dadadev@PROTECTED> wrote: From: justin@PROTECTEDHello everyone, v11.16.0 h ...Continue Reading

v11.16.0 Released - CSRF Security Vulnerabilities Found, upgrading highly suggested

September 20th 2021 PST

Hello everyone, v11.16.0 has been released! Download and install: https://dadamailproject.com/d/install_dada_mail.pod.html A CSRF Vulnerability has been found in Dada Mail and this release is primarily put out to fix it. All versions of Dada Mail below v11.16.0 are vulnerable and it’s another upgrade that I would suggest for absolutely everyone. Changelog (and below): https://dadamailproject.com/d/changes_11_x.pod.html#pod11.16.0 Focus This version of Dada Mail has been released primarily to fix a security vulnerabil ...Continue Reading

11.15.1 Released

September 13th 2021 PST

Hello everyone, v11.15.1 has been released! Download and install: https://dadamailproject.com/d/install_dada_mail.pod.html This release includes a few bug fixes dealing with potential security issues. The biggest one is the reCAPTCHA v2 problem - it’s very easy to circumvent its protection completely, so if you’re relying on reCAPTCHA v2, upgrade. Changelog (and below): https://dadamailproject.com/d/changes_11_x.pod.html#pod11.15.1 Focus This is a bugfix release, with changes to close up some potential security hole ...Continue Reading

Several more security issues opened

September 6th 2021 PST

Howdy everyone, how’s v11.15.0 working for everyone? While finishing up work on getting the GET requests found in email messages - things like confirming your subscriptions, it dawned on me that Dada Mail has no checks for other GET requests, that should be POSTs. Here’s a scenario: you want to log into your mailing list, so you fill out the password in the login form. Works a peach. The login form uses a POST request, as it’s sending pretty sensitive information through the pipes (your password), but there’s ...Continue Reading

Re[2]: v11.15.0 Released!

August 31st 2021 PST

It is working now    Richard Mourino ------ Original Message ------ From: "Mourino richard.mourino@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED> To: "Dada Mail Developers Subscriber" <richard.mourino@PROTECTED> Sent: 8/31/2021 6:03:15 PM Subject: Re: [dadadev] v11.15.0 Released!   From: richard.mourino@PROTECTED Check the link for the uncompress file   got a 404    Richard Mourino ...Continue Reading

Re: v11.15.0 Released!

August 31st 2021 PST

Thanks - Fixed, https://raw.githubusercontent.com/justingit/dada-mail/v11_15_0-stable_2021_08_30/uncompress_dada.cgi -- Justin J: Lead Dadaist*url:         dadamailproject.comemail:    justin@PROTECTEDtwitter:  @dadamailDada Mail Announcements: http://dadamailproject.com/cgi-bin/dada/mail.cgi/list/dada_announce/  On Aug 31, 2021, at 4:02 PM, Mourino richard.mourino@PROTECTED [Dada Mail Developers] <dadadev@PROTECTED> wrote: From: richard.m ...Continue Reading

Re: v11.15.0 Released!

August 31st 2021 PST

Check the link for the uncompress file   got a 404    Richard Mourino ...Continue Reading

v11.15.0 Released!

August 31st 2021 PST

Hello everyone, v11.15.0 has been released! Download and install: https://dadamailproject.com/d/install_dada_mail.pod.html This version has protection from link prefetching, which can cause havoc on a mailing list’s functions. I’m not even kidding. Here’s a blog post showing an example of how this can happen in something as widely used as Apple’s Mail app: https://blog.dadamailproject.com/2021/08/31/link-prefetching-protection-in-dada-mail-v11-15-0-and-other-security-enhancements/ I’m suggesting this is one of those, ...Continue Reading

Re: Message Link Prefetching Issue

August 24th 2021 PST

Hi Justin!Always nice to hear from you and seeing you take care great of your baby. Hope you are doing well out there in the West. Nothing else. Just hi. 😃Cheers,Bruce Scherzinger On August 24, 2021 5:18:17 PM "Justin John justin@PROTECTED [Dada Mail Developers]" <dadadev@PROTECTED> wrote:   From: justin@PROTECTED Howdy everyone, I’m working on the problem of email services/readers (Gmail) visiting links within the message to do whatever they do when they do that (scan the content fo ...Continue Reading

Message Link Prefetching Issue

August 24th 2021 PST

Howdy everyone, I’m working on the problem of email services/readers (Gmail) visiting links within the message to do whatever they do when they do that (scan the content for bad things, mostly - but also useful things like previewing the page in a popup). Link prefetching itself isn’t really a terrible thing, but it leads to perhaps bad side effects when it comes to links in email messages that do things, like subscribe or remove someone from a mailing list. Dada Mail has some protection for this, most specifically for ...Continue Reading
  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is a group discussion list (unmoderated)
  • Start a new thread, email: dadadev@dadamailproject.com

This is the developer discussion mailing list for Dada Mail.

If you are just looking for support Dada Mail, consult the message boards at:

https://forum.dadamailproject.com

Documentation for Dada Mail:

https://dadamailproject.com/d

Specifically, see the Error FAQ:

https://dadamailproject.com/d/FAQ-errors.pod.html

To post to this list, send a message to:

mailto:dadadev@dadamailproject.com

All subscribers of this list may post to the list itself.

Topics that are welcome:

  • Constructive critiques on the program (I like, "x", but, "y" needs some work - here's an idea on how to make this better...)
  • Bug/Error reports
  • Bug fixes
  • Request For Comments on any changes to the program
  • Help customizing Dada Mail for your own needs
  • Patches
  • Language Translations
  • Support Documentation/Doc editing, FAQ's, etc.
  • Discussion of any changes that you would like to be committed to the next version of Dada Mail -

Dada Mail is on Github:

https://github.com/justingit/dada-mail/

If you would like to fork, branch, send over PRs, open up issues, etc.

Privacy Policy:

This Privacy Policy is for this mailing list, and this mailing list only.

Email addresses collection through this mailing list are used explicitly to work within this email discussion list.

We only collect email addresses through our Closed-Loop Opt-In system.

We don't use your email address for any other purpose.

We won't be sharing your email address with any other entity.

Unsubscription can be done at any time. Please contact us at: justin@dadamailproject.com for any help regarding your subscription, including removal from the mailing list.

All mailing list messages sent from us will include a subscription removal link, which will allow you to remove yourself from this mailing list automatically, and permanently.

All consent to use your email address for any other purpose stated at the time of the mailing list subscription will also be revoked upon mailing list removal.