From jens at netz.ooo Wed Feb 10 11:14:39 2021 From: jens at netz.ooo (Jens Vagelpohl) Date: Wed, 10 Feb 2021 12:14:39 +0100 Subject: [Zope-Annce] Zope 4.5.4 and 5.1.1 released Message-ID: <0C4F2A3D-0662-4986-AEFC-BCFA9B03AF59@netz.ooo> On behalf of Zope developer community I am pleased to announce the releases of Zope 4.5.4 and 5.1.1. This bugfix release solves a few minor issues and updates the shipped versions of bootstrap, jQuery and Font Awesome to their latest releases. For the full list of changes see the change logs at https://zope.readthedocs.io/en/4.x/changes.html#id1 and https://zope.readthedocs.io/en/latest/changes.html#id1 Installation instructions can be found at https://zope.readthedocs.io/en/4.x/INSTALL.html and https://zope.readthedocs.io/en/latest/INSTALL.html. Jens Vagelpohl -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: From jens at netz.ooo Fri Feb 26 16:39:01 2021 From: jens at netz.ooo (Jens Vagelpohl) Date: Fri, 26 Feb 2021 17:39:01 +0100 Subject: [Zope-Annce] Two low-impact security issues in Products.PluggableAuthService Message-ID: <44F12517-99F7-4C8B-8079-65CCDC6DFF2F@netz.ooo> Hi all, Two low-impact security issues have been identified in Products.PluggableAuthService: - an information disclosure issue involving the ZODB Role Manager plugin. See https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p75f-g7gx-2r7p for details. - an open redirect issue in the Cookie Auth Helper. See https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr for details. Both issues are mitigated by updating to Products.PluggableAuthService version 2.6.1 or higher. The Plone release managers will apply this update with Plone bugfix releases they are planning to publish within the next few days. jens -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: Message signed with OpenPGP URL: