Yes Graham, what you write below is how it is supposed to be from the reading. However, it turns out a fresh 4.0.3 unified install on Mac OS X with no extra products does not even start up with the Hotfix egg-installed after bin/buildout -Nv .
Graham Perrin wrote: > > Looking at at <http://plone.org/products/plone-hotfix> the Description > column seems to either > > a) state the version that includes the hotfix > > or > > b) link to a page with relevant information. > > > mgw wrote: >> >> In particular, is hotfix CVE-2011-0720 still needed for Plone 4.0.3 ? >> > > <http://plone.org/products/plone/releases> Plone 4.0.3 was released > (2011-01-28) before the hotfix (2011-02-08) so I'd assume that the hotfix > is applicable. > > <http://plone.org/products/plone/security/advisories/cve-2011-0720> > (2011-02-01, edited 2011-02-08) is more explicit: "All versions of Plone > since 2.5 are affected, viz. 2.5, 3.0, 3.1, 3.2, 3.3, 4.0; including all > minor and development revisions of these versions." > > Maybe <http://plone.org/products/plone-hotfix/releases/CVE-2011-0720/> > (2011-02-08) should include link to the earlier announcement … > > Postscript > > http://dev.plone.org/plone/ticket/11489 link from > /products/plone-hotfix/releases/CVE-2011-0720/ to the > advisory/announcement > -- View this message in context: http://plone.293351.n2.nabble.com/How-do-you-know-a-hotfix-patch-has-become-part-of-the-release-tp6009380p6010945.html Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com. _______________________________________________ Setup mailing list [email protected] https://lists.plone.org/mailman/listinfo/setup
