The GNU Mailman developers take security very seriously. All Mailman security concerns should be emailed to mailman-security at python dot org. This is a closed list that reaches the core Mailman developers.
To ensure the highest security of your Mailman site, it is always best to run the latest release. If you are not running the latest release, please upgrade before reporting security issues.