Non-standard headers can leak sender information to anonymous lists.

Bug #1246039 reported by Mark Sapiro
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Mark Sapiro

Bug Description

Various MUAs, MTAs and MDAs can add non-standard X- headers to messages, e.g. X-Envelope-Sender, that might reveal sender information in posts to anonymous lists. Since it is not possible to know what all these headers might be, it is not possible to explicitly remove them. Thus, we will instead use a configurable list of headers to keep and remove the rest.

Related branches

Mark Sapiro (msapiro)
Changed in mailman:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers