[Zope] Zope and security vulnerability: 20121106

johannes raggam raggam-nl at adm.at
Tue Nov 13 09:05:38 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

from the security announcement page:
https://plone.org/products/plone/security/advisories/20121106-announcement

"This patch is compatible with all supported Plone versions (i.e.
Plone 3 and Plone 4), it may work on earlier versions of Plone, but as
these are unsupported they have had less testing done."

so probably zope versions from 2.10.11 onwards are supported. see:
http://dist.plone.org/release/3-latest/versions.cfg

other versions UNSUPPORTED. if you really need to know which versions
exactly are affected, you HAVE to find out yourself. either by trying
it out in a test environment or by analyzing the whole commit history
of affected modules in zope.

people reported successful patching of Plone2.1 and i patched a Zope
2.8 instance too. but this is informal, not an official statement.



On 11/13/2012 12:49 AM, Marcus Schopen wrote:
> Am Montag, den 12.11.2012, 11:13 -0700 schrieb Sean Upton:
>> 
>> 
>> 
>> On Mon, Nov 12, 2012 at 5:31 AM, Marcus Schopen
>> <lists at localguru.de> wrote: Am Montag, den 12.11.2012, 12:07
>> +0000 schrieb Richard Harley:
>>> So, to clarify, does this affect plain Zope 2.10, no Plone?
>> 
>> 
>> That's still the question to me ;)
>> 
>> Why not try product installation and running your instance in
>> the foreground.  If anything breaks, comment out any specific
>> inapplicable hotfix in __init__.py.  A brief look at the source
>> will tell you that it is unlikely you should need to do this, as
>> conditional imports check what to apply.
> 
> Yes, we all can go the long way of try and error and code
> inspection ... without knowing anything for sure in the end.
> 
> Ciao!
> 
> 
> 
> _______________________________________________ Zope maillist  -
> Zope at zope.org https://mail.zope.org/mailman/listinfo/zope **   No
> cross posts or HTML encoding!  ** (Related lists - 
> https://mail.zope.org/mailman/listinfo/zope-announce 
> https://mail.zope.org/mailman/listinfo/zope-dev )
> 


- -- 
programmatic  web development
di(fh) johannes raggam / thet
python plone zope development
mail: office at programmatic.pro
web:  http://programmatic.pro
      http://bluedynamics.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCiDWIACgkQW4mNMQxDgAc/sQCfShPVev83pbsd4KVk/RrVGsxJ
GAQAoN5wbj//fgCUXPR8lsI0cBBj06SR
=Tk6+
-----END PGP SIGNATURE-----


More information about the Zope mailing list