Zope 4.8.4 and 5.7.1 released

dataflake · December 16, 2022, 10:12am

On behalf of Zope developer community I am pleased to announce the releases of Zope 4.8.4 and 5.7.1.

This release fixes a security issue related to the "Content-Type" response header and how its default is set during publishing. For the full list of changes see the change logs at Change log — Zope documentation 4.8.4 documentation and Change log — Zope documentation 5.7.1 documentation

Installation instructions can be found at Installing Zope — Zope documentation 4.8.4 documentation and Installing Zope — Zope documentation 5.7.1 documentation.

dataflake · December 16, 2022, 4:13pm

Please hold off on upgrading at the moment, the new version introduced a bug in the ZMI that will be fixed shortly.

mauritsvanrees · December 16, 2022, 4:34pm

We are also preparing Plone releases for 5.2 and 6.0 to include basically only the new Zope version.

Note that in Plone we usually create a special hotfix package that you can install as extra package in your site, in any of the supported Plone versions, including for example a very old 5.2.0. In this case this was not practically possible. So to be fully protected, you need to use these new Zope versions.

But as Jens wrote: hold off upgrading for the moment, until a new fix is released.

dataflake · December 17, 2022, 9:39am

Zope 4.8.5 and 5.7.2 with a fix for the ZMI rendering issues has been released, see https://community.plone.org/t/zope-4-8-5-and-5-7-2-released

mauritsvanrees · December 19, 2022, 11:49pm

The latest version of the Zope security fix is included in the just released Plone 6.0.0.1 and 5.2.10.1. Separate announcements to follow.