12 Feb
2020
12 Feb
'20
12:52 p.m.
On behalf of the Plone security team I am announcing this security issue in Zope also here: CVE Identifier: CVE-2020-7939 Type: SQL injection Severity: 4.9 – MEDIUM Affected Zope versions: * Zope 2 older than 2.13.30 (2.13.30 is not yet released) * Zope 4 older than 4.2 For details see https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-conne... To fix the issue use the Hotfix provided at https://plone.org/security/hotfix/20200121 (version 1.1 or newer) or upgrade to Zope 4.2+. There is no released Zope 2.13 version, yet, which includes the fix. (I hope it will can released soon.) -- Mit freundlichen Grüßen Michael Howitz