On behalf of Zope developer community I am pleased to announce the releases of Zope 4.6 and 5.2.
This bugfix release solves a few minor issues and also contains an important security fix, see below. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1 Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html. NOTE: These releases contain a security fix that prevents remote code execution through TAL expressions. You will only be at risk if you allow untrusted people to add or edit Zope Page Template objects. For more details, see the security advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36. A CVE has been requested through GitHub. NOTE FOR PLONE USERS: Before installing Zope 4.6 or 5.2 make sure to install PloneHotfix20210518 first, see https://plone.org/security/hotfix/20210518. The security changes in Zope break some Plone add-ons that relied on the old insecure traversal behavior. PloneHotfix20210518 ensures support for those Plone add-ons. Jens Vagelpohl
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
