Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.

Download
ActivePython

Products.Zope_Hotfix_20111024 1.0
Hotfix for Zope 2.12 + 2.13

INSTALL>
pypm install products.zope-hotfix-20111024

How to install Products.Zope_Hotfix_20111024

  1. Download and install ActivePython
  2. Open Command Prompt
  3. Type pypm install products.zope-hotfix-20111024
 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
1.0 Available View build log
Windows (64-bit)
1.0 Available View build log
Mac OS X (10.5+)
1.0 Available View build log
Linux (32-bit)
1.0 Available View build log
Linux (64-bit)
1.0 Available View build log
 
Links
Author
License
ZPL 2.1
Dependencies
Lastest release
version 1.0 on Oct 25th, 2011

'Products.Zope_Hotfix_20111024' README

Overview

This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include:

  • 2.12.x <= 2.12.20
  • 2.13.x <= 2.13.6

Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.

The Zope2 security response team recommends that all users of these releases upgrade to an unaffected release (2.12.21 or 2.13.11) as soon as they become available.

Until that upgrade is feasible, deploying this hotfix also mitigates the vulnerability.

Installing the Hotfix: Via 'easy_install'

If the Python which runs your Zope instance has 'setuptools' installed (or is a 'virtualenv'), you can install the hotfix directly from PyPI:

$ /prefix/bin/easy_install Products.Zope_Hotfix_20111024

and then restart the Zope instance, e.g.:

$ /path/to/instance/bin/zopectl restart
Installing the Hotfix: Via 'zc.buildout'

If your Zope instance is managed via 'zc.buildout', you can install the hotfix directly from PyPI. Edit the 'buildout.cfg' file, adding "Products.Zope_Hotfix_20111024" to the "eggs" section of the instance. E.g.:

[instance]
recipe = plone.recipe.zope2instance
#...
eggs =
  ${buildout:eggs}
  Products.Zope_Hotfix_20111024

Next, re-run the buildout:

$ /path/to/buildout/bin/buildout

and then restart the Zope instance, e.g.:

$ /path/to/buildout/bin/instance restart
Installing the Hotfix: Manual Installation

You may also install this hotfix by unpacking the tarball and adding a 'products' key to the 'etc/zope.conf' of your instance. E.g.:

products /path/to/Products.Zope_Hotfix_20111024/Products
Verifying the Installation

After restarting the Zope instance, check the 'Control_Panel/Products' folder in the Zope Management Interface, e.g.:

http://localhost:8080/Control_Panel/Products/manage_main

You should see the 'Zope_Hotfix_20111024' product folder there.

'Products.Zope_Hotfix_20111024' Changelog

1.0 (2011-10-24)
  • Initial release.

Subscribe to package updates

Last updated Oct 25th, 2011

Download Stats

Last month:1

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.