[Zope] [Zope-dev] Security announcement update
Laurence Rowe
l at lrowe.co.uk
Tue Jun 28 09:46:26 EDT 2011
On 28 June 2011 14:40, Norbert Marrale <norbertmarrale at yahoo.com> wrote:
> This should be clarified too: "You should, however, make sure that you
> are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService
> 1.5.5, 1.6.5 or 1.7.5 "
>
> Why must PluggableAuthService (+ its dependencies) even be installed?
The Plone Hotfix for CVE-2011-0720 included patches to
PluggableAuthService. If you use PluggableAuthService outside of Plone
then you need to update to a release that includes that fix. If you
don't run PluggableAuthService it is not required to install it.
Laurence
More information about the Zope
mailing list