Zope 4.8.11 and 5.8.6 released with a security fix

On behalf of the Zope developer community I am pleased to announce the releases of Zope 4.8.11 and 5.8.6.

These bugfix releases solve a few minor issues and contain a security fix. For the full list of changes see the change logs at Change log — Zope 4.8.11 documentation and Change log — Zope 5.8.6 documentation

Installation instructions can be found at Installing Zope — Zope 4.8.11 documentation and Installing Zope — Zope 5.8.6 documentation.

These releases contain a security fix for a cross-site scripting issue involving the Zope Management Interface (ZMI) breadcrumbs page element. Text stored in title fields was rendered without quoting HTML tags, which could lead to script execution if code was stored in the title field.

The related security advisory is published at Stored cross site scripting via the title property in the Zope management interface · Advisory · zopefoundation/Zope · GitHub