On 24 October 2011 22:54, Tres Seaver <tsea...@palladion.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On behalf of the Zope security response team, I would like to announce > the availability of a hotfix for a vulnerability inadvertently > published earlier today. > > 'Products.Zope_Hotfix_20111024' README > ====================================== > > Overview > - -------- > > This hotfix addresses a serious vulnerability in the Zope2 > application server. Affected versions of Zope2 include: > > - - 2.12.x <= 2.12.20 > > - - 2.13.x <= 2.13.6 > > Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected? Laurence _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )