On behalf of Zope developer community I am pleased to announce the release of the first alpha release of the Zope 5 series: 5.0a1
Zope 5 drops support for
* Python 2.7, it supports Python 3.5 up to 3.8
* ZServer, it is now WSGI only
To migrate to Zope 5: first migrate to the lastest Zope 4 release.
If your code runs on the WSGI stack without showing deprecations warnings it should also be able to run on Zope 5, too, without changes.
All other changes (besides these non-backwards compatible ones) have been back ported to Zope 4.x.
(We will keep doing so until the final Zope 5 release.)
For details of the changes see https://zope.readthedocs.io/en/latest/changes.html#a1-2020-02-28
To install the new version see https://zope.readthedocs.io/en/latest/INSTALL.html
--
Mit freundlichen Grüßen
Michael Howitz
On behalf of the Plone security team I am announcing this security issue in Zope also here:
CVE Identifier: CVE-2020-7939
Type: SQL injection
Severity: 4.9 – MEDIUM
Affected Zope versions:
* Zope 2 older than 2.13.30 (2.13.30 is not yet released)
* Zope 4 older than 4.2
For details see https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-conn…
To fix the issue use the Hotfix provided at https://plone.org/security/hotfix/20200121 (version 1.1 or newer)
or upgrade to Zope 4.2+.
There is no released Zope 2.13 version, yet, which includes the fix. (I hope it will can released soon.)
--
Mit freundlichen Grüßen
Michael Howitz