Personal tools
You are here: Home Members kedai's Home zope 2.6.3, zope 2.7.0b4 and the need for upgrade
« February 2012 »
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29
Log in


Forgot your password?
Links
Old my-zope.org
Zope.org
ZopeZen
Zope Wiki
Zope Labs
Plone
Plope.com
Python
Plug
Who - kedai (a) kedai . com . my
Where - Malaysia
What - we do zope/plone, linux solution for network, vpn, mail, etc
Zope News
Planet Zope
RSS Newsfeed
Planet Plone
RSS Newsfeed
Zope.org Daily Changes
RSS Newsfeed
  
Document Actions

zope 2.6.3, zope 2.7.0b4 and the need for upgrade

by kedai last modified Jan. 09, 04 10:54 PM

It was announced that all zope sites prior to versions 2.6.3 and 2.7.0b4 need to update.

ZC did an audit and came up with plenty of issues. There is no way that any zope sites not upgrade.

Among the reasons to upgrade:

  • i doubt that there exist a site that does not make use of Script (Python)
  • xml-rpc marshalling exposing private methods (__some_method__)
  • sites that have untrusted codes must upgrade, methinks
  • some xss vulnerability in default ZSearch Interface codes for browsers that do not encode html entity (e.g. ie 5.5)

one thing that's not clear is whether python 2.3.3 is now needed to run zope? well, we'll find out soon, i guess.

also, i noticed that zope2.7.0b4 was mentioned in the announce, but it's not yet there at zope.org

use cvs?
Powered by Plone, the Open Source Content Management System

This site conforms to the following standards: