On behalf of the Zope developer community I am pleased to announce the releases of Zope 4.8.11 and 5.8.6.
These bugfix releases solve a few minor issues and contain a security fix. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1 Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html. These releases contain a security fix for a cross-site scripting issue involving the Zope Management Interface (ZMI) breadcrumbs page element. Text stored in title fields was rendered without quoting HTML tags, which could lead to script execution if code was stored in the title field. The related security advisory is published at https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh Jens Vagelpohl _______________________________________________ Zope mailing list -- [email protected] To unsubscribe send an email to [email protected] List info: https://mail.zope.dev/mailman3/lists/zope.zope.dev Archive: https://mail.zope.dev/archives/list/zope.zope.dev Old archive: https://mail.zope.dev/pipermail/zope
