Re: [Zope] [Zope-dev] Security announcement update
(Tue, Jun 28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Regards, Sascha ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
On Tue, Jun 28, 2011 at 15:30, Sascha Welter zopel...@betabug.ch wrote: It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Indeed, Zope 2.9 is not affected, with or without the previous hotfix. -- Martijn Pieters ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
This should be clarified too: You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 Why must PluggableAuthService (+ its dependencies) even be installed? -N On 6/28/2011 3:30 PM, Sascha Welter wrote: (Tue, Jun 28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Regards, Sascha ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
On Tue, Jun 28, 2011 at 15:40, Norbert Marrale norbertmarr...@yahoo.com wrote: Why must PluggableAuthService (+ its dependencies) even be installed? It is a dependency of Plone itself. -- Martijn Pieters ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope-dev] Security announcement update
On 28 June 2011 14:40, Norbert Marrale norbertmarr...@yahoo.com wrote: This should be clarified too: You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 Why must PluggableAuthService (+ its dependencies) even be installed? The Plone Hotfix for CVE-2011-0720 included patches to PluggableAuthService. If you use PluggableAuthService outside of Plone then you need to update to a release that includes that fix. If you don't run PluggableAuthService it is not required to install it. Laurence ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )