On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.1 and 5.5.1.
These bugfix releases attempt to address an important security issue in the waitress WSGI server software that Zope uses as default WSGI server component. Unfortunately the fixed waitress version 2.1.1 has only been released for Python versions 3.7 and higher. Zope 4.8.1 and 5.5.1 now require the fixed waitress package IF it is running on Python 3.7 or higher. Previous Python versions do not have the security fix and we as Zope maintainers cannot provide a fixed waitress release for deployments on Python 2.7, 3.5 and 3.6. Even though Zope 4 still supports Python 2.7, 3.5 and 3.6 and Zope 5 still supports Python 3.6 we strongly advise you to either upgrade your Zope installation to at least Python 3.7, or switch to a different WSGI server. See https://zope.readthedocs.io/en/latest/operation.html#recommended-wsgi-servers for some choices. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1. Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html. Detailed information about the waitress security issue is available at https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36. Jens Vagelpohl
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Zope maillist - [email protected] https://mail.zope.dev/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.dev/mailman/listinfo/zope-announce https://mail.zope.dev/mailman/listinfo/zope-dev )
