Zope-Announce

zope-announce@zope.dev

January 2012

2 participants
2 discussions

Annoucment: CVE-2010-1104, hotfix, Zope 2.12.22 and 2.13.12 releases
by Tres Seaver 18 Jan '12

18 Jan '12

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Overview ======== In response to the cross-site scripting vulnerability in Zope2 reported as 'CVE 2010-1104'[1], the Zope security response team announces the availablility of a hotfix product (for Zope < 2.12), and new releases for the Zope 2.12 and 2.13 lines: Hotfix: http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104 Zope 2.12.22: http://pypi.python.org/pypi/Zope2/2.12.22 Zope 2.13.12: http://pypi.python.org/pypi/Zope2/2.13.12 WARNING: Zope < 2.12 is no longer officially supported, and may have other unpatched vulnerabilities. You are encouraged to upgrade to a supported Zope 2. Installing the Hotfix ===================== The hotfix has been tested with Zope instances using Zope 2.8.x - 2.11.x. Users of Zope 2.12.x and 2.13.x should instead update to the latest corresponding minor revision, which already includes this fix. Download the tarball from the PyPI page: http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104 Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of your instance. E.g.:: products /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products and restart. Alternatively, you may copy or symlink the 'Products' directory into the 'Products' subdirectory of your Zope instance. E.g.:: $ cp -r /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products \ /path/to/instance/Products/ Verifying the Installation - -------------------------- After restarting the Zope instance, check the 'Control_Panel/Products' folder in the Zope Management Interface, e.g.: http://localhost:8080/Control_Panel/Products/manage_main You should see the 'Zope_Hotfix_CVE_2010_1104' product folder there. [1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1104 Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver(a)palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8XSAYACgkQ+gerLs4ltQ4hNgCeIuBeZz2deF95lglP+kiGg66I YCAAnjiaDBpuB5XD0wAK7WHicxPp1abS =MsHo -----END PGP SIGNATURE-----

1 0

MailingLogger 3.7.0 Released!
by Chris Withers 18 Jan '12

18 Jan '12

I'm pleased to announce a new release of Mailinglogger. Mailinglogger provides two handlers for the standard python logging framework that enable log entries to be emailed either as the entries are logged or as a summary at the end of the running process. The handlers have the following features: - customisable and dynamic subject lines for emails sent - emails sent with a configurable headers for easy filtering - flood protection to ensure the number of emails sent is not excessive - support for SMTP servers that require authentication - fully documented and tested This release fixes a long standing bug that occurred when logging unicode messages. It also provides support for sending colourised HTML emails: http://packages.python.org/mailinglogger/html.html Full docs can be found here: http://packages.python.org/mailinglogger/ For more information, please see: http://www.simplistix.co.uk/software/python/mailinglogger or http://pypi.python.org/pypi/mailinglogger cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk

1 0