[Zope] Zope and security vulnerability: 20121106
Jürgen Herrmann
Juergen.Herrmann at XLhost.de
Tue Nov 13 09:16:37 UTC 2012
Am 13.11.2012 10:05, schrieb johannes raggam:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> from the security announcement page:
>
> https://plone.org/products/plone/security/advisories/20121106-announcement
>
> "This patch is compatible with all supported Plone versions (i.e.
> Plone 3 and Plone 4), it may work on earlier versions of Plone, but
> as
> these are unsupported they have had less testing done."
>
> so probably zope versions from 2.10.11 onwards are supported. see:
> http://dist.plone.org/release/3-latest/versions.cfg
>
> other versions UNSUPPORTED. if you really need to know which versions
> exactly are affected, you HAVE to find out yourself. either by trying
> it out in a test environment or by analyzing the whole commit history
> of affected modules in zope.
>
> people reported successful patching of Plone2.1 and i patched a Zope
> 2.8 instance too. but this is informal, not an official statement.
Hi!
I successfully applied these hotfixes to Zope 2.13 versions
without any problems. What puzzles me though is why was there
no announcement for theses fixes here on zope ml? Or are these
fixes not critical for pure Zope2 users? Or are these all fixed
in the latest version of Zope2?
kind regards,
Jürgen
>
>
>
> On 11/13/2012 12:49 AM, Marcus Schopen wrote:
>> Am Montag, den 12.11.2012, 11:13 -0700 schrieb Sean Upton:
>>>
>>>
>>>
>>> On Mon, Nov 12, 2012 at 5:31 AM, Marcus Schopen
>>> <lists at localguru.de> wrote: Am Montag, den 12.11.2012, 12:07
>>> +0000 schrieb Richard Harley:
>>>> So, to clarify, does this affect plain Zope 2.10, no Plone?
>>>
>>>
>>> That's still the question to me ;)
>>>
>>> Why not try product installation and running your instance in
>>> the foreground. If anything breaks, comment out any specific
>>> inapplicable hotfix in __init__.py. A brief look at the source
>>> will tell you that it is unlikely you should need to do this, as
>>> conditional imports check what to apply.
>>
>> Yes, we all can go the long way of try and error and code
>> inspection ... without knowing anything for sure in the end.
>>
>> Ciao!
>>
>>
>>
>> _______________________________________________ Zope maillist -
>> Zope at zope.org https://mail.zope.org/mailman/listinfo/zope ** No
>> cross posts or HTML encoding! ** (Related lists -
>> https://mail.zope.org/mailman/listinfo/zope-announce
>> https://mail.zope.org/mailman/listinfo/zope-dev )
>>
>
>
> - --
> programmatic web development
> di(fh) johannes raggam / thet
> python plone zope development
> mail: office at programmatic.pro
> web: http://programmatic.pro
> http://bluedynamics.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlCiDWIACgkQW4mNMQxDgAc/sQCfShPVev83pbsd4KVk/RrVGsxJ
> GAQAoN5wbj//fgCUXPR8lsI0cBBj06SR
> =Tk6+
> -----END PGP SIGNATURE-----
> _______________________________________________
> Zope maillist - Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
--
>> XLhost.de ® - Webhosting von supersmall bis eXtra Large <<
XLhost.de GmbH
Jürgen Herrmann, Geschäftsführer
Boelckestrasse 21, 93051 Regensburg, Germany
Geschäftsführer: Jürgen Herrmann
Registriert unter: HRB9918
Umsatzsteuer-Identifikationsnummer: DE245931218
Fon: +49 (0)800 XLHOSTDE [0800 95467833]
Fax: +49 (0)800 95467830
Web: http://www.XLhost.de
More information about the Zope
mailing list