I plan to release a Mailman 2.1.14 candidate release towards the end of next week (Sept 9 or 10). This release will have enhanced XSS defenses addressing two recently discovered vulnerabilities. Since release of the code will potentially expose the vulnerabilities, I plan to publish a patch against the 2.1.13 base with the fix before actually releasing the 2.1.14 candidate. I will post the patch to the same 4 lists that this post is being sent to in the early afternoon, GMT, on September 9. The vulnerabilities are obscure and can only be exploited by a list owner, but if you are concerned about them you can plan to install the patch. The patch is small (34 line diff), only affects two modules and doesn't require a Mailman restart to be effective, although I would recommend a restart as soon as convenient after applying the patch. - -- Mark Sapiro <mark at msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan