[Zope] Zope and security vulnerability: 20121106

johannes raggam raggam-nl at adm.at
Tue Nov 13 10:30:10 UTC 2012

Hash: SHA1

it was overseen.

quoting David Glick on [Zope-CMF] from 9-11-2012:

We should have informed you earlier. There are a lot of tasks
associated with preparing a hotfix (and this one in particular covered
many vulnerabilities), and it got missed. I apologize.

In the future, what's the best place to report possible CMF security
issues? zope-cmf Launchpad?

On 11/13/2012 10:30 AM, Jens Vagelpohl wrote:
> On Nov 13, 2012, at 10:16 , Jürgen Herrmann
> <Juergen.Herrmann at XLhost.de> wrote:
>> I successfully applied these hotfixes to Zope 2.13 versions 
>> without any problems. What puzzles me though is why was there no
>> announcement for theses fixes here on zope ml? Or are these fixes
>> not critical for pure Zope2 users? Or are these all fixed in the
>> latest version of Zope2?
> There was no announcement here because those patches were prepared
> by Plone developers without our knowledge and announced without our
> knowledge. The Zope developers know as much about these patches
> (meaning little to nothing) as any other Zope user.
> jens
> _______________________________________________ Zope maillist  -
> Zope at zope.org https://mail.zope.org/mailman/listinfo/zope **   No
> cross posts or HTML encoding!  ** (Related lists - 
> https://mail.zope.org/mailman/listinfo/zope-announce 
> https://mail.zope.org/mailman/listinfo/zope-dev )

- -- 
programmatic  web development
di(fh) johannes raggam / thet
python plone zope development
mail: office at programmatic.pro
web:  http://programmatic.pro
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the Zope mailing list