Re: [Zope] Zope and security vulnerability: 20121106

2012-11-14 Thread Christopher N. Deckard
We are running Zope 2.13.10. (So this may not be too helpful.) We are testing the hotfix. This is the output in our event log. 2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied setHeader patch 2012-11-14T10:16:49 INFO Products.PloneHotfix20121106 Applied allow_module patch

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-13 Thread johannes raggam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 from the security announcement page: https://plone.org/products/plone/security/advisories/20121106-announcement This patch is compatible with all supported Plone versions (i.e. Plone 3 and Plone 4), it may work on earlier versions of Plone, but as

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-13 Thread Jürgen Herrmann
Am 13.11.2012 10:05, schrieb johannes raggam: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 from the security announcement page: https://plone.org/products/plone/security/advisories/20121106-announcement This patch is compatible with all supported Plone versions (i.e. Plone 3 and Plone 4), it

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-13 Thread Jens Vagelpohl
On Nov 13, 2012, at 10:16 , Jürgen Herrmann juergen.herrm...@xlhost.de wrote: I successfully applied these hotfixes to Zope 2.13 versions without any problems. What puzzles me though is why was there no announcement for theses fixes here on zope ml? Or are these fixes not critical for pure

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-13 Thread johannes raggam
apologize. In the future, what's the best place to report possible CMF security issues? zope-cmf Launchpad? On 11/13/2012 10:30 AM, Jens Vagelpohl wrote: On Nov 13, 2012, at 10:16 , Jürgen Herrmann juergen.herrm...@xlhost.de wrote: I successfully applied these hotfixes to Zope 2.13 versions

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-12 Thread johannes raggam
versions? On Nov 11, 2012 2:16 PM, johannes raggam raggam...@adm.at mailto:raggam...@adm.at wrote: You can just apply the Plone hotfix for Zope only installations. The Plone patches are not applied then. Johannes On 11/11/2012 06:32 PM, Marcus Schopen wrote: Hi, is a standard Zope

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-12 Thread Richard Harley
are not applied then. Johannes On 11/11/2012 06:32 PM, Marcus Schopen wrote: Hi, is a standard Zope affected by this security vulnerability or only if Plone is installed: http://plone.org/products/plone/security/advisories/20121106-announcement The patch is replacing some basic classes therefore

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-12 Thread Marcus Schopen
Am Montag, den 12.11.2012, 12:07 + schrieb Richard Harley: So, to clarify, does this affect plain Zope 2.10, no Plone? That's still the question to me ;) Ciao! ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope **

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-12 Thread Sean Upton
On Mon, Nov 12, 2012 at 5:31 AM, Marcus Schopen li...@localguru.de wrote: Am Montag, den 12.11.2012, 12:07 + schrieb Richard Harley: So, to clarify, does this affect plain Zope 2.10, no Plone? That's still the question to me ;) Why not try product installation and running your instance

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-12 Thread Marcus Schopen
Am Montag, den 12.11.2012, 11:13 -0700 schrieb Sean Upton: On Mon, Nov 12, 2012 at 5:31 AM, Marcus Schopen li...@localguru.de wrote: Am Montag, den 12.11.2012, 12:07 + schrieb Richard Harley: So, to clarify, does this affect plain Zope 2.10, no Plone?

Re: [Zope] Zope and security vulnerability: 20121106

2012-11-11 Thread johannes raggam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can just apply the Plone hotfix for Zope only installations. The Plone patches are not applied then. Johannes On 11/11/2012 06:32 PM, Marcus Schopen wrote: Hi, is a standard Zope affected by this security vulnerability or only if Plone

Re: [Zope] [Zope-dev] Security announcement update

2011-06-28 Thread Sascha Welter
(Tue, Jun 28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2

Re: [Zope] [Zope-dev] Security announcement update

2011-06-28 Thread Martijn Pieters
On Tue, Jun 28, 2011 at 15:30, Sascha Welter zopel...@betabug.ch wrote: It says Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected - can I conclude from that, that Zope 2.9 would not be affected either? Indeed, Zope 2.9 is not affected, with or without the

Re: [Zope] [Zope-dev] Security announcement update

2011-06-28 Thread Norbert Marrale
28, 2011 at 12:57:02PM +0100) Laurence Rowe wrote/schrieb/egrapse: This is an update on today's security hotfix release. Thank you for the update, most helpful! The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing

Re: [Zope] [Zope-dev] Security announcement update

2011-06-28 Thread Martijn Pieters
On Tue, Jun 28, 2011 at 15:40, Norbert Marrale norbertmarr...@yahoo.com wrote: Why must PluggableAuthService (+ its dependencies) even be installed? It is a dependency of Plone itself. -- Martijn Pieters ___ Zope maillist - Zope@zope.org

Re: [Zope] [Zope-dev] Security announcement update

2011-06-28 Thread Laurence Rowe
On 28 June 2011 14:40, Norbert Marrale norbertmarr...@yahoo.com wrote: This should be clarified too: You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8  and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 Why must PluggableAuthService (+ its dependencies) even

[Zope] Zope Intros Security

2000-09-13 Thread Chris Withers
PR JANSE VAN RENSBURG wrote: I dont know if i have subscribed to the correct mailing list, You are :-) i need to import a small web page into zope and create users etc. You might want to look at loadsite.py. I've never used it but you can download it from here:

[Zope] Zope and Security

2000-07-05 Thread Tom Scheidt
Im interested in setting up a Zope site for an accountant. I'd like to have his clients be able to review and submit information online, but Im concerned about security issues, such as entering social security #s etc. I have Zope running with Apache v1.3.x Does anyone know of any links covering

Re: [Zope] Zope and Security

2000-07-05 Thread R. David Murray
On Wed, 5 Jul 2000, Tom Scheidt wrote: information online, but Im concerned about security issues, such as entering social security #s etc. I have Zope running with Apache v1.3.x Zope has pretty strong internal security and delegation ability. If you couple that with SSL support either

RE: [Zope] Zope 2.2b2 security conundrum

2000-06-26 Thread Jay, Dylan
-Original Message- From: Bill Anderson [mailto:[EMAIL PROTECTED]] Sent: Monday, June 26, 2000 1:42 PM To: Jay, Dylan Cc: '[EMAIL PROTECTED]' Subject: Re: [Zope] Zope 2.2b2 security conundrum "Jay, Dylan" wrote: I am playing with ZDP-Tools which are ZClassed based

[Zope] Zope 2.2b2 security conundrum

2000-06-25 Thread Jay, Dylan
I am playing with ZDP-Tools which are ZClassed based. When I try to add a new object I get security failure. H2Zope Error/H2 PZope has encountered an error while publishing this resource. /P PSTRONGUnauthorized/STRONG/P You are not authorized to access emmanage_editProperties/em.

Re: [Zope] Zope 2.2b2 security conundrum

2000-06-25 Thread Bill Anderson
"Jay, Dylan" wrote: I am playing with ZDP-Tools which are ZClassed based. When I try to add a new object I get security failure. H2Zope Error/H2 PZope has encountered an error while publishing this resource. /P PSTRONGUnauthorized/STRONG/P You are not authorized to access