I think an "official" statement about this topic should appear somewhere, shouldn't? Il 12/11/2012 13:00, zope-request@zope.org ha scritto:
You can just apply the Plone hotfix for Zope only installations. The Plone patches are not applied then.
Johannes
On 11/11/2012 06:32 PM, Marcus Schopen wrote:
Hi,
is a standard Zope affected by this security vulnerability or only if Plone is installed:
http://plone.org/products/plone/security/advisories/20121106-announcement
The patch is replacing some basic classes therefore it looks to me that Zope itself without any Plone is vulnerable too. If so is there a Hotfix for Zope or new Zope version which fixes these bugs?
Ciao Marcus
_______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
- -- programmatic web development di(fh) johannes raggam / thet python plone zope development mail: office@programmatic.pro web: http://programmatic.pro http://bluedynamics.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCf+YkACgkQW4mNMQxDgAfzewCg5VPyH+ADX/75eSBDxxy1BEWK RaQAoIXSX+Mj8J+yrWd4KD6HKglDQHtu =cxZJ -----END PGP SIGNATURE-----
------------------------------
_______________________________________________ Zope maillist - Zope@zope.org
End of Zope Digest, Vol 101, Issue 4 ************************************