Hello, Both of these url are not available: - http://download.zope.org/Zope2/index/2.12.21/versions.cfg - http://download.zope.org/Zope2/index/2.13.11/versions.cfg Regards, Encolpe DEGOUTE Le 24/10/2011 23:54, Tres Seaver a écrit :
On behalf of the Zope security response team, I would like to announce the availability of a hotfix for a vulnerability inadvertently published earlier today.
'Products.Zope_Hotfix_20111024' README ======================================
Overview --------
This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include:
- 2.12.x <= 2.12.20
- 2.13.x <= 2.13.6
Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
The Zope2 security response team recommends that all users of these releases upgrade to an unaffected release (2.12.21 or 2.13.11) as soon as they become available.
Until that upgrade is feasible, deploying this hotfix also mitigates the vulnerability.
Installing the Hotfix: Via 'easy_install' -------------------------------------------
If the Python which runs your Zope instance has 'setuptools' installed (or is a 'virtualenv'), you can install the hotfix directly from PyPI::
$ /prefix/bin/easy_install Products.Zope_Hotfix_20111024
and then restart the Zope instance, e.g.:
$ /path/to/instance/bin/zopectl restart
Installing the Hotfix: Via 'zc.buildout' -----------------------------------------
If your Zope instance is managed via 'zc.buildout', you can install the hotfix directly from PyPI. Edit the 'buildout.cfg' file, adding "Products.Zope_Hotfix_20111024" to the "eggs" section of the instance. E.g.::
[instance] recipe = plone.recipe.zope2instance #... eggs = ${buildout:eggs} Products.Zope_Hotfix_20111024
Next, re-run the buildout::
$ /path/to/buildout/bin/buildout
and then restart the Zope instance, e.g.:
$ /path/to/buildout/bin/instance restart
Installing the Hotfix: Manual Installation -------------------------------------------
You may also install this hotfix manually. Download the tarball from the PyPI page:
http://pypi.python.org/pypi/Products.Zope_Hotfix_20111024
Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of your instance. E.g.::
products /path/to/Products.Zope_Hotfix_20111024/Products
and restart.
Verifying the Installation --------------------------
After restarting the Zope instance, check the 'Control_Panel/Products' folder in the Zope Management Interface, e.g.:
http://localhost:8080/Control_Panel/Products/manage_main
You should see the 'Zope_Hotfix_20111024' product folder there.
Tres. _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )