Workflow

Zope

Latest version: v5.10

Safety actively analyzes 630254 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 15

5.8.1

Not secure
------------------

- Sanitize tainting fixing
`1095 <https://github.com/zopefoundation/Zope/issues/1095>`_

- Replace ``cgi.FieldStorage`` by ``multipart`` avoiding
the ``cgi`` module deprecated by Python 3.11.

Mark binary converters with a true ``binary`` attribute.

Fix encoding handling and ``:bytes`` converter.

See `1094 <https://github.com/zopefoundation/Zope/pull/1094>`_.

- Clean out and refactor dependency configuration files.

- Update to newest compatible versions of dependencies.

- Support the (non standard) ``charset`` parameter for
content type ``application/x-www-form-urlencoded``.
This is required (e.g. for ``Plone``) because
``jquery`` constructs content types of the form
application/x-www-form-urlencoded; charset=utf-8``.
For details see
`plone/buildout.coredev844
<https://github.com/plone/buildout.coredev/pull/844>`_.

5.8

Not secure
----------------

- Only set response header Content-Type as text/html on exception views when
the response has content.
(`1089 <https://github.com/zopefoundation/Zope/issues/1089>`_)

- Drop support for Python 3.6, it has been in end-of-life status for a while.

- Update to newest compatible versions of dependencies.

- Fix history page for classes modifying instances in ``__setstate__``,
such as ``Products.PythonScripts.PythonScript`` instances.
See `launchpad issue 735999
<https://bugs.launchpad.net/zope2/+bug/735999>`_.

5.7.3

Not secure
------------------

- Explicitly serve ``App.Dialogs.MessageDialog`` and exception views as HTML
due to the changed default content type from `1075
<https://github.com/zopefoundation/Zope/pull/1075>`_.

5.7.2

Not secure
------------------

- Fix some broken ZMI pages due to the changed default content type
from PR https://github.com/zopefoundation/Zope/pull/1075
(`1078 <https://github.com/zopefoundation/Zope/issues/1078>`_)

- Update to newest compatible versions of dependencies.

5.7.1

Not secure
------------------

- Set the published default ``Content-Type`` header to ``text/plain``
if none has been set explicitly to prevent a cross-site scripting attack.
Also remove the old behavior of constructing an HTML page for published
methods returning a two-item tuple.

- Update to newest compatible versions of dependencies.

5.7

Not secure
----------------

- Add support for building arm64 wheels on macOS.

Page 3 of 15

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.