[Setup] How do you know a hotfix patch has become part of the release ?
mgw
martin at weigele.de
Thu Feb 10 08:59:09 UTC 2011
Yes Graham, what you write below is how it is supposed to be from the
reading. However,
it turns out a fresh 4.0.3 unified install on Mac OS X with no extra
products does not even start up with the Hotfix egg-installed after
bin/buildout -Nv .
Graham Perrin wrote:
>
> Looking at at <http://plone.org/products/plone-hotfix> the Description
> column seems to either
>
> a) state the version that includes the hotfix
>
> or
>
> b) link to a page with relevant information.
>
>
> mgw wrote:
>>
>> In particular, is hotfix CVE-2011-0720 still needed for Plone 4.0.3 ?
>>
>
> <http://plone.org/products/plone/releases> Plone 4.0.3 was released
> (2011-01-28) before the hotfix (2011-02-08) so I'd assume that the hotfix
> is applicable.
>
> <http://plone.org/products/plone/security/advisories/cve-2011-0720>
> (2011-02-01, edited 2011-02-08) is more explicit: "All versions of Plone
> since 2.5 are affected, viz. 2.5, 3.0, 3.1, 3.2, 3.3, 4.0; including all
> minor and development revisions of these versions."
>
> Maybe <http://plone.org/products/plone-hotfix/releases/CVE-2011-0720/>
> (2011-02-08) should include link to the earlier announcement …
>
> Postscript
>
> http://dev.plone.org/plone/ticket/11489 link from
> /products/plone-hotfix/releases/CVE-2011-0720/ to the
> advisory/announcement
>
--
View this message in context: http://plone.293351.n2.nabble.com/How-do-you-know-a-hotfix-patch-has-become-part-of-the-release-tp6009380p6010945.html
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.
More information about the Setup
mailing list