From jens at plyp.com Tue Apr 5 09:36:54 2022 From: jens at plyp.com (Jens Vagelpohl) Date: Tue, 5 Apr 2022 11:36:54 +0200 Subject: [zope] Zope 4.8.1 and 5.5.1 released Message-ID: On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.1 and 5.5.1. These bugfix releases attempt to address an important security issue in the waitress WSGI server software that Zope uses as default WSGI server component. Unfortunately the fixed waitress version 2.1.1 has only been released for Python versions 3.7 and higher. Zope 4.8.1 and 5.5.1 now require the fixed waitress package IF it is running on Python 3.7 or higher. Previous Python versions do not have the security fix and we as Zope maintainers cannot provide a fixed waitress release for deployments on Python 2.7, 3.5 and 3.6. Even though Zope 4 still supports Python 2.7, 3.5 and 3.6 and Zope 5 still supports Python 3.6 we strongly advise you to either upgrade your Zope installation to at least Python 3.7, or switch to a different WSGI server. See https://zope.readthedocs.io/en/latest/operation.html#recommended-wsgi-servers for some choices. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1. Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html. Detailed information about the waitress security issue is available at https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36. Jens Vagelpohl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From zope-announce at zope.dev Tue Apr 5 09:36:54 2022 From: zope-announce at zope.dev (Jens Vagelpohl via Zope-Announce) Date: Tue, 5 Apr 2022 11:36:54 +0200 Subject: [zope] [zope-annce] Zope 4.8.1 and 5.5.1 released Message-ID: On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.1 and 5.5.1. These bugfix releases attempt to address an important security issue in the waitress WSGI server software that Zope uses as default WSGI server component. Unfortunately the fixed waitress version 2.1.1 has only been released for Python versions 3.7 and higher. Zope 4.8.1 and 5.5.1 now require the fixed waitress package IF it is running on Python 3.7 or higher. Previous Python versions do not have the security fix and we as Zope maintainers cannot provide a fixed waitress release for deployments on Python 2.7, 3.5 and 3.6. Even though Zope 4 still supports Python 2.7, 3.5 and 3.6 and Zope 5 still supports Python 3.6 we strongly advise you to either upgrade your Zope installation to at least Python 3.7, or switch to a different WSGI server. See https://zope.readthedocs.io/en/latest/operation.html#recommended-wsgi-servers for some choices. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1. Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html. Detailed information about the waitress security issue is available at https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36.. Jens Vagelpohl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: -------------- next part -------------- _______________________________________________ Zope-Announce maillist - Zope-Announce at zope.dev https://mail.zope.dev/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.dev/mailman/listinfo/zope Developers: https://mail.zope.dev/mailman/listinfo/zope-dev ) !DSPAM:1,624c0e18273631344965704!