[Zope-dev] [Zope] Security announcement update

Laurence Rowe l at lrowe.co.uk
Tue Jun 28 09:46:26 EDT 2011


On 28 June 2011 14:40, Norbert Marrale <norbertmarrale at yahoo.com> wrote:
> This should be clarified too: "You should, however, make sure that you
> are running either Zope 2.10.13 or Zope 2.11.8  and PluggableAuthService
> 1.5.5, 1.6.5 or 1.7.5 "
>
> Why must PluggableAuthService (+ its dependencies) even be installed?

The Plone Hotfix for CVE-2011-0720  included patches to
PluggableAuthService. If you use PluggableAuthService outside of Plone
then you need to update to a release that includes that fix. If you
don't run PluggableAuthService it is not required to install it.

Laurence


More information about the Zope-Dev mailing list