-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In order to address a potential cross-site scripting problem in Zope's fallback error message, we are releasing new versions of the 2.8, 2.9, 2.10, 2.11, and 2.12 release lines.
The issue, reported by the Plone team, could be triggered by a combination of a broken 'standard_error_message' template, plus an error whose 'str' contained markup. Although the 2.8, 2.9, and 2.10 branches are formally "out-of- maintenance", they are still in very wide use. the Zope security response team decided to release versions for those branches, in addition to the 2.11 and 2.12 branches which are still being supported under normal policy. Releases are available here: - - "Zope 2.8.12", http://www.zope.org/Products/Zope/2.8.12 - - "Zope 2.9.12", http://www.zope.org/Products/Zope/2.9.12 - - "Zope 2.10.11", http://www.zope.org/Products/Zope/2.10.22 - - "Zope 2.11.6", http://www.zope.org/Products/Zope/2.11.6 - - "Zope 2.12.3", http://pypi.zope.org/pypi/Zope2/2.12.3 Please note that the 2.12 releases are made only on the Python Package Index server, aka "PyPI" or "the Cheeseshop." Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktNPJYACgkQ+gerLs4ltQ6P1QCeJk6B+kIz9tXmN2oGYxFh1HuT WTIAoKevoMU9XOLmTJgpiRuLk7dHZnZv =PrpY -----END PGP SIGNATURE----- _______________________________________________ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )