-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 it was overseen. quoting David Glick on [Zope-CMF] from 9-11-2012: """ We should have informed you earlier. There are a lot of tasks associated with preparing a hotfix (and this one in particular covered many vulnerabilities), and it got missed. I apologize. In the future, what's the best place to report possible CMF security issues? zope-cmf Launchpad? """ On 11/13/2012 10:30 AM, Jens Vagelpohl wrote:
On Nov 13, 2012, at 10:16 , Jürgen Herrmann <Juergen.Herrmann@XLhost.de> wrote:
I successfully applied these hotfixes to Zope 2.13 versions without any problems. What puzzles me though is why was there no announcement for theses fixes here on zope ml? Or are these fixes not critical for pure Zope2 users? Or are these all fixed in the latest version of Zope2?
There was no announcement here because those patches were prepared by Plone developers without our knowledge and announced without our knowledge. The Zope developers know as much about these patches (meaning little to nothing) as any other Zope user.
jens
_______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
- -- programmatic web development di(fh) johannes raggam / thet python plone zope development mail: office@programmatic.pro web: http://programmatic.pro http://bluedynamics.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCiITIACgkQW4mNMQxDgAcF9wCfcPZIoMnXwVR62lEjZhoqOi6W 1ugAnRSO9u05s/s3jTz/hiwbUflgVT2L =q6NB -----END PGP SIGNATURE-----