February 2020 - Zope-Dev

Announcement: Zope 5.0a1 released
by Michael Howitz 28 Feb '20

28 Feb '20

On behalf of Zope developer community I am pleased to announce the release of the first alpha release of the Zope 5 series: 5.0a1 Zope 5 drops support for * Python 2.7, it supports Python 3.5 up to 3.8 * ZServer, it is now WSGI only To migrate to Zope 5: first migrate to the lastest Zope 4 release. If your code runs on the WSGI stack without showing deprecations warnings it should also be able to run on Zope 5, too, without changes. All other changes (besides these non-backwards compatible ones) have been back ported to Zope 4.x. (We will keep doing so until the final Zope 5 release.) For details of the changes see https://zope.readthedocs.io/en/latest/changes.html#a1-2020-02-28 To install the new version see https://zope.readthedocs.io/en/latest/INSTALL.html -- Mit freundlichen Grüßen Michael Howitz

1 0

[Zope-Annce] Announcement: Zope2 2.13.30 released
by Michael Howitz 14 Feb '20

14 Feb '20

On behalf of Zope developer community I am pleased to announce the release of Zope2 2.13.30. This release contains two security related fixes and no new features. See details at https://github.com/zopefoundation/Zope/blob/2.13/doc/CHANGES.rst#21330-2020… To install the new version see the instructions for either zc.buildout: https://zope.readthedocs.io/en/2.13/INSTALL-buildout.html or virtualenv: https://zope.readthedocs.io/en/2.13/INSTALL-virtualenv.html -- Mit freundlichen Grüßen Michael Howitz

1 0

[Security issue] SQL injection in DTML or in connection objects
by Michael Howitz 12 Feb '20

12 Feb '20

On behalf of the Plone security team I am announcing this security issue in Zope also here: CVE Identifier: CVE-2020-7939 Type: SQL injection Severity: 4.9 – MEDIUM Affected Zope versions: * Zope 2 older than 2.13.30 (2.13.30 is not yet released) * Zope 4 older than 4.2 For details see https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-conn… To fix the issue use the Hotfix provided at https://plone.org/security/hotfix/20200121 (version 1.1 or newer) or upgrade to Zope 4.2+. There is no released Zope 2.13 version, yet, which includes the fix. (I hope it will can released soon.) -- Mit freundlichen Grüßen Michael Howitz

1 0