[Zope-dev] New Zope2 releases available

Tres Seaver tseaver at palladion.com
Tue Jan 12 22:23:22 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In order to address a potential cross-site scripting problem in Zope's
fallback error message, we are releasing new versions of the 2.8, 2.9,
2.10, 2.11, and 2.12 release lines.

The issue, reported by the Plone team, could be triggered by a
combination of a broken 'standard_error_message' template, plus an error
whose 'str' contained markup.

Although the 2.8, 2.9, and 2.10 branches are formally "out-of-
maintenance", they are still in very wide use.  the Zope security
response team decided to release versions for those branches, in
addition to the 2.11 and 2.12 branches which are still being
supported under normal policy.

Releases are available here:

- - "Zope 2.8.12",
  http://www.zope.org/Products/Zope/2.8.12

- - "Zope 2.9.12",
  http://www.zope.org/Products/Zope/2.9.12

- - "Zope 2.10.11",
  http://www.zope.org/Products/Zope/2.10.22

- - "Zope 2.11.6",
  http://www.zope.org/Products/Zope/2.11.6

- - "Zope 2.12.3",
  http://pypi.zope.org/pypi/Zope2/2.12.3

Please note that the 2.12 releases are made only on the Python Package
Index server, aka "PyPI" or "the Cheeseshop."



Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAktNPJYACgkQ+gerLs4ltQ6P1QCeJk6B+kIz9tXmN2oGYxFh1HuT
WTIAoKevoMU9XOLmTJgpiRuLk7dHZnZv
=PrpY
-----END PGP SIGNATURE-----



More information about the Zope-Dev mailing list