Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

Hotfix for Zope 2.12 + 2.13

Project Description

‘Products.Zope_Hotfix_20111024’ README


This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include:

  • 2.12.x <= 2.12.20
  • 2.13.x <= 2.13.6

Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.

The Zope2 security response team recommends that all users of these releases upgrade to an unaffected release (2.12.21 or 2.13.11) as soon as they become available.

Until that upgrade is feasible, deploying this hotfix also mitigates the vulnerability.

Installing the Hotfix: Via ‘easy_install’

If the Python which runs your Zope instance has ‘setuptools’ installed (or is a ‘virtualenv’), you can install the hotfix directly from PyPI:

$ /prefix/bin/easy_install Products.Zope_Hotfix_20111024

and then restart the Zope instance, e.g.:

$ /path/to/instance/bin/zopectl restart

Installing the Hotfix: Via ‘zc.buildout’

If your Zope instance is managed via ‘zc.buildout’, you can install the hotfix directly from PyPI. Edit the ‘buildout.cfg’ file, adding “Products.Zope_Hotfix_20111024” to the “eggs” section of the instance. E.g.:

recipe = plone.recipe.zope2instance
eggs =

Next, re-run the buildout:

$ /path/to/buildout/bin/buildout

and then restart the Zope instance, e.g.:

$ /path/to/buildout/bin/instance restart

Installing the Hotfix: Manual Installation

You may also install this hotfix by unpacking the tarball and adding a ‘products’ key to the ‘etc/zope.conf’ of your instance. E.g.:

products /path/to/Products.Zope_Hotfix_20111024/Products

Verifying the Installation

After restarting the Zope instance, check the ‘Control_Panel/Products’ folder in the Zope Management Interface, e.g.:


You should see the ‘Zope_Hotfix_20111024’ product folder there.

‘Products.Zope_Hotfix_20111024’ Changelog

1.0 (2011-10-24)

  • Initial release.
Release History

Release History

This version
History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
Products.Zope_Hotfix_20111024-1.0.tar.gz (2.6 kB) Copy SHA256 Checksum SHA256 Source Oct 24, 2011

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting