[Zope] Zope and security vulnerability: 20121106

johannes raggam raggam-nl at adm.at
Tue Nov 13 10:30:10 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

it was overseen.

quoting David Glick on [Zope-CMF] from 9-11-2012:

"""
We should have informed you earlier. There are a lot of tasks
associated with preparing a hotfix (and this one in particular covered
many vulnerabilities), and it got missed. I apologize.

In the future, what's the best place to report possible CMF security
issues? zope-cmf Launchpad?
"""

On 11/13/2012 10:30 AM, Jens Vagelpohl wrote:
> 
> On Nov 13, 2012, at 10:16 , Jürgen Herrmann
> <Juergen.Herrmann at XLhost.de> wrote:
>> I successfully applied these hotfixes to Zope 2.13 versions 
>> without any problems. What puzzles me though is why was there no
>> announcement for theses fixes here on zope ml? Or are these fixes
>> not critical for pure Zope2 users? Or are these all fixed in the
>> latest version of Zope2?
> 
> There was no announcement here because those patches were prepared
> by Plone developers without our knowledge and announced without our
> knowledge. The Zope developers know as much about these patches
> (meaning little to nothing) as any other Zope user.
> 
> jens
> 
> 
> 
> 
> _______________________________________________ Zope maillist  -
> Zope at zope.org https://mail.zope.org/mailman/listinfo/zope **   No
> cross posts or HTML encoding!  ** (Related lists - 
> https://mail.zope.org/mailman/listinfo/zope-announce 
> https://mail.zope.org/mailman/listinfo/zope-dev )
> 


- -- 
programmatic  web development
di(fh) johannes raggam / thet
python plone zope development
mail: office at programmatic.pro
web:  http://programmatic.pro
      http://bluedynamics.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCiITIACgkQW4mNMQxDgAcF9wCfcPZIoMnXwVR62lEjZhoqOi6W
1ugAnRSO9u05s/s3jTz/hiwbUflgVT2L
=q6NB
-----END PGP SIGNATURE-----


More information about the Zope mailing list