Mailman Core
- Bump Core to 3.3.4
Mailman Web
- Bump Postorius to 1.3.5
- Bump Mailmanclient to 3.3.3
- Bump Django-mailman3 to 1.3.7
Security
CVE-2021-40347: Allows any logged-in user to unsubscribe any other member on any other list on same Mailman installation using a specially crafted POST request due to a missing ownership check.