Zope 4.8.4 and 5.7.1 released

On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.4 and 5.7.1.

This release fixes a security issue related to the "Content-Type" response header and how its default is set during publishing. For the full list of changes see the change logs at Change log — Zope documentation 4.8.4 documentation and Change log — Zope documentation 5.7.1 documentation

Installation instructions can be found at Installing Zope — Zope documentation 4.8.4 documentation and Installing Zope — Zope documentation 5.7.1 documentation.

1 Like

Please hold off on upgrading at the moment, the new version introduced a bug in the ZMI that will be fixed shortly.

We are also preparing Plone releases for 5.2 and 6.0 to include basically only the new Zope version.

Note that in Plone we usually create a special hotfix package that you can install as extra package in your site, in any of the supported Plone versions, including for example a very old 5.2.0. In this case this was not practically possible. So to be fully protected, you need to use these new Zope versions.

But as Jens wrote: hold off upgrading for the moment, until a new fix is released.

1 Like

Zope 4.8.5 and 5.7.2 with a fix for the ZMI rendering issues has been released, see https://community.plone.org/t/zope-4-8-5-and-5-7-2-released

The latest version of the Zope security fix is included in the just released Plone 6.0.0.1 and 5.2.10.1. Separate announcements to follow.