I have a big security issue with Mailman.
I have over 5,000 members in Mailman mailing list, one of members sent a message to the list email address, later all members subscribed in the mailing list received that member's message with no approval. That shouldn't happen.
Even though I set this configuration:
Action to take when a moderated member posts to the list -> Rejected