On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.4 and 5.7.1.
This release fixes a security issue related to the "Content-Type" response header and how its default is set during publishing. For the full list of changes see the change logs at Change log — Zope documentation 4.8.4 documentation and Change log — Zope documentation 5.7.1 documentation
Installation instructions can be found at Installing Zope — Zope documentation 4.8.4 documentation and Installing Zope — Zope documentation 5.7.1 documentation.
Please hold off on upgrading at the moment, the new version introduced a bug in the ZMI that will be fixed shortly.
We are also preparing Plone releases for 5.2 and 6.0 to include basically only the new Zope version.
Note that in Plone we usually create a special hotfix package that you can install as extra package in your site, in any of the supported Plone versions, including for example a very old 5.2.0. In this case this was not practically possible. So to be fully protected, you need to use these new Zope versions.
But as Jens wrote: hold off upgrading for the moment, until a new fix is released.
Zope 4.8.5 and 5.7.2 with a fix for the ZMI rendering issues has been released, see https://community.plone.org/t/zope-4-8-5-and-5-7-2-released
The latest version of the Zope security fix is included in the just released Plone 188.8.131.52 and 184.108.40.206. Separate announcements to follow.