Public bug reported: Binary package hint: zope-cmfplone
Plone in Ubuntu is outdated - latest release from 2.5 series is 2.5.3 (released in May), it's a mandatory update, according to http://plone.org/products/plone/releases/2.5.3 : Important security fixes for potential XSS vulnerabilities, faster and more robust migration code, and more. A mandatory update. Release Notes: Includes fixes related to the Zope XSS vulnerability, more efficient and robust upgrade/migration code, re-enables user skin selection, i18n improvements and other bugfixes. * The recommended Zope version for this release is now 2.9.7+. It can optionally be used with Zope 2.8.9 by installing the latest Five 1.2.x release * Important: Running any earlier versions of Zope with this version of Plone will not work, since we require the security changes in Zope 2.9.7 (or 2.8.9 if you're still running your site on 2.8.x). The installers contain the correct versions, but if you're doing a manual install/setup, make sure you have the right version of Zope. Btw, if you will not fix this bug in 2 weeks, then maybe better is to package plone 3.0, which release candidate 2 was released July 27, 2007, final release is expected 2007/08/21 - for more info look at http://plone.org/products/plone/releases/3.0 ** Affects: zope-cmfplone (Ubuntu) Importance: Undecided Status: New ** Affects: zope-cmfplone (Debian) Importance: Unknown Status: Unknown ** Bug watch added: Debian Bug tracker #423432 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=423432 ** Also affects: zope-cmfplone (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=423432 Importance: Unknown Status: Unknown -- Please package latest plone version (2.5.3 or 3.0) https://bugs.launchpad.net/bugs/131238 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs