-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Overview
========
In response to the cross-site scripting vulnerability in Zope2 reported as
'CVE 2010-1104'[1], the Zope security response team announces the
availablility of a hotfix product (for Zope < 2.12), and new releases for
the Zope 2.12 and 2.13 lines:
Hotfix: http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104
Zope 2.12.22: http://pypi.python.org/pypi/Zope2/2.12.22
Zope 2.13.12: http://pypi.python.org/pypi/Zope2/2.13.12
WARNING: Zope < 2.12 is no longer officially supported, and may have
other unpatched vulnerabilities. You are encouraged to
upgrade to a supported Zope 2.
Installing the Hotfix
=====================
The hotfix has been tested with Zope instances using Zope 2.8.x - 2.11.x.
Users of Zope 2.12.x and 2.13.x should instead update to the latest
corresponding minor revision, which already includes this fix.
Download the tarball from the PyPI page:
http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104
Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of
your instance. E.g.::
products /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products
and restart. Alternatively, you may copy or symlink the 'Products'
directory into the 'Products' subdirectory of your Zope instance. E.g.::
$ cp -r /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products \
/path/to/instance/Products/
Verifying the Installation
- --------------------------
After restarting the Zope instance, check the
'Control_Panel/Products' folder in the Zope Management Interface,
e.g.:
http://localhost:8080/Control_Panel/Products/manage_main
You should see the 'Zope_Hotfix_CVE_2010_1104' product folder there.
[1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1104
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver(a)palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8XSAYACgkQ+gerLs4ltQ4hNgCeIuBeZz2deF95lglP+kiGg66I
YCAAnjiaDBpuB5XD0wAK7WHicxPp1abS
=MsHo
-----END PGP SIGNATURE-----
I'm pleased to announce a new release of Mailinglogger.
Mailinglogger provides two handlers for the standard python
logging framework that enable log entries to be emailed either as the
entries are logged or as a summary at the end of the running process.
The handlers have the following features:
- customisable and dynamic subject lines for emails sent
- emails sent with a configurable headers for easy filtering
- flood protection to ensure the number of emails sent is not excessive
- support for SMTP servers that require authentication
- fully documented and tested
This release fixes a long standing bug that occurred when logging
unicode messages.
It also provides support for sending colourised HTML emails:
http://packages.python.org/mailinglogger/html.html
Full docs can be found here:
http://packages.python.org/mailinglogger/
For more information, please see:
http://www.simplistix.co.uk/software/python/mailinglogger
or
http://pypi.python.org/pypi/mailinglogger
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk