I think the issue is that python3-django-hyperkitty 1.3.5-1 has this
change:
Pass the secret archiver key in a HTTP Authorization header
instead of a GET query parameter so it doesn’t appear in
logs. (CVE-2021-35058, Closes #387)
See also:
https://lists.mailman3.org/archives/list/[email protected]/thread/WSUEPQL6PX52Y7XVWYSSGJJXC7E3F6FG/
So to upgrade to python3-django-hyperkitty 1.3.5-1 you must also
upgrade python3-mailman-hyperkitty to 1.2.0; version 1.1.10 should
conflict with python3-django-hyperkitty versions < 1.3.5
--
Dr Peter Chubb https://trustworthy.systems/
Trustworthy Systems Group CSE, UNSW
