Discovering and fixing CVE-2021-33038 in Mailman3
During Wikimedia’s Mailman3 migration, we discovered and fixed a security issue that would have disclosed the contents of private list archives during the import process. This post explains the issue, how we discovered it and how it was fixed.