[zope] [zope-annce] Zope 4.8.1 and 5.5.1 released

Jens Vagelpohl via Zope-Announce zope-announce at zope.dev
Tue Apr 5 09:36:54 GMT 2022


On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.1 and 5.5.1.

These bugfix releases attempt to address an important security issue in the waitress WSGI server software that Zope uses as default WSGI server component. Unfortunately the fixed waitress version 2.1.1 has only been released for Python versions 3.7 and higher.

Zope 4.8.1 and 5.5.1 now require the fixed waitress package IF it is running on Python 3.7 or higher. Previous Python versions do not have the security fix and we as Zope maintainers cannot provide a fixed waitress release for deployments on Python 2.7, 3.5 and 3.6.

Even though Zope 4 still supports Python 2.7, 3.5 and 3.6 and Zope 5 still supports Python 3.6 we strongly advise you to either upgrade your Zope installation to at least Python 3.7, or switch to a different WSGI server. See https://zope.readthedocs.io/en/latest/operation.html#recommended-wsgi-servers for some choices.

For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1.

Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html.

Detailed information about the waitress security issue is available at https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36..


Jens Vagelpohl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.zope.dev/pipermail/zope/attachments/20220405/1840a216/attachment-0001.sig>
-------------- next part --------------
_______________________________________________
Zope-Announce maillist  -  Zope-Announce at zope.dev
https://mail.zope.dev/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists -
 Users: https://mail.zope.dev/mailman/listinfo/zope
 Developers: https://mail.zope.dev/mailman/listinfo/zope-dev )


!DSPAM:1,624c0e18273631344965704!


More information about the Zope mailing list