[zope] Zope 4.8.4 and 5.7.1 released with a security fix

Jens Vagelpohl jens at plyp.com
Sun Dec 18 11:51:04 GMT 2022 

Hallo Michael,

The next release will fix the standard_error_message handling as well, it'll come this week.

jens




> On 17. Dec 2022, at 17:13, Michael Brunnbauer <brunni at netestate.de> wrote:
> 
> 
> Hello Jens,
> 
> thank you - seems to work fine. I have old DTML-Methods named
> standard_error_message lying around and they cause errors to be output with
> content-type text/plain. Just renaming them and using the builtin default
> error handling works for me though.
> 
> Regards,
> 
> Michael Brunnbauer
> 
> On Sat, Dec 17, 2022 at 10:41:37AM +0100, Jens Vagelpohl via Zope wrote:
>> Hi Michael,
>> 
>> I just published Zope 5.7.2 and 4.8.5 with a fix for the issue.
>> 
>> jens
>> 
>> 
>> 
>>> On 16. Dec 2022, at 17:12, Jens Vagelpohl via Zope <zope at zope.dev> wrote:
>>> 
>>> Signed PGP part
>>> The issue is being discussed/fixed here: https://github.com/zopefoundation/Zope/pull/1079, if you see pages other than /manage that appear broken feel free to add a comment.
>>> 
>>> jens
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On 16. Dec 2022, at 16:26, Jens Vagelpohl via Zope <zope at zope.dev> wrote:
>>>> 
>>>> Signed PGP part
>>>> Hi Michael,
>>>> 
>>>> Yes, there's a bug that needs fixing. For right now you can use /manage_main to access the ZMI or downgrade.
>>>> 
>>>> jens
>>>> 
>>>> 
>>>> 
>>>> 
>>>>> On 16. Dec 2022, at 16:08, Michael Brunnbauer <brunni at netestate.de> wrote:
>>>>> 
>>>>> 
>>>>> hi all,
>>>>> 
>>>>> my /manage url is now text/plain. What am I supposed to do?
>>>>> 
>>>>> Regards,
>>>>> 
>>>>> Michael Brunnbauer
>>>>> 
>>>>> On Fri, Dec 16, 2022 at 11:10:12AM +0100, Jens Vagelpohl via Zope wrote:
>>>>>> On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.4 and 5.7.1.
>>>>>> 
>>>>>> This release fixes a security issue related to the "Content-Type" response header and how its default is set during publishing. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1
>>>>>> 
>>>>>> Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html.
>>>>>> 
>>>>>> Jens Vagelpohl
>>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Zope maillist  -  Zope at zope.dev
>>>>>> https://mail.zope.dev/mailman/listinfo/zope
>>>>>> **   No cross posts or HTML encoding!  **
>>>>>> (Related lists -
>>>>>> https://mail.zope.dev/mailman/listinfo/zope-announce
>>>>>> https://mail.zope.dev/mailman/listinfo/zope-dev )
>>>>> 
>>>>> 
>>>>> --
>>>>> ++  Michael Brunnbauer
>>>>> ++  netEstate GmbH
>>>>> ++  Geisenhausener Straße 11a
>>>>> ++  81379 München
>>>>> ++  Tel +49 89 32 19 77 80
>>>>> ++  Fax +49 89 32 19 77 89
>>>>> ++  E-Mail brunni at netestate.de
>>>>> ++  https://www.netestate.de/
>>>>> ++
>>>>> ++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
>>>>> ++  USt-IdNr. DE221033342
>>>>> ++  Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
>>>>> ++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel
>>>> 
>>>> 
>>> 
>>> 
>> 
> 
> 
> 
>> 
>> _______________________________________________
>> Zope maillist  -  Zope at zope.dev
>> https://mail.zope.dev/mailman/listinfo/zope
>> **   No cross posts or HTML encoding!  **
>> (Related lists -
>> https://mail.zope.dev/mailman/listinfo/zope-announce
>> https://mail.zope.dev/mailman/listinfo/zope-dev )
> 
> 
> --
> ++  Michael Brunnbauer
> ++  netEstate GmbH
> ++  Geisenhausener Straße 11a
> ++  81379 München
> ++  Tel +49 89 32 19 77 80
> ++  Fax +49 89 32 19 77 89
> ++  E-Mail brunni at netestate.de
> ++  https://www.netestate.de/
> ++
> ++  Sitz: München, HRB Nr.142452 (Handelsregister B München)
> ++  USt-IdNr. DE221033342
> ++  Geschäftsführer: Michael Brunnbauer, Franz Brunnbauer
> ++  Prokurist: Dipl. Kfm. (Univ.) Markus Hendel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.zope.dev/pipermail/zope/attachments/20221218/f721d65d/attachment.sig>

More information about the Zope mailing list