[Zope-dev] [Zope] Hotfix for security vulnerability

Laurence Rowe l at lrowe.co.uk
Tue Oct 25 11:28:39 UTC 2011


On 24 October 2011 22:54, Tres Seaver <tseaver at palladion.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On behalf of the Zope security response team, I would like to announce
> the availability of a hotfix for a vulnerability inadvertently
> published earlier today.
>
> 'Products.Zope_Hotfix_20111024' README
> ======================================
>
> Overview
> - --------
>
> This hotfix addresses a serious vulnerability in the Zope2
> application server.  Affected versions of Zope2 include:
>
> - - 2.12.x <= 2.12.20
>
> - - 2.13.x <= 2.13.6
>
> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.

Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected?

Laurence


More information about the Zope-Dev mailing list