I just upgraded mailman. They have a security announcement for mailman every other month or so. We have two custom changes that we have to apply after the upgrade:
a) see /custom/pak/mailman/HTMLFormatter.py's RestrictedListMessage and copy-paste (or make a patch) into the new one in /usr/lib/mailman/Mailman/HTMLFormatter.py
b) Comment out line 119 and 120 in /usr/lib/mailman/cron/nightly_gzip (the lines that print "bogus archive")
I just did this and hopefully we shouldn't have to mess with it again for a few months but now the information has been shared for prosperity.
Also note that the actual list archives and config files for the lists are in symlinked from /var/lib/mailman into /custom/sys/mailman. I did this a few years back just in case a mailman upgrade decided to screw up our archives or config files.
Thanks, Erik.