search

plone / Products.CMFPlone

The core of the Plone content management system
https://plone.org
GNU General Public License v2.0
245 stars 188 forks source link

Patch: do not publish CMFCore folder filter methods. [5.2] #3826

Closed mauritsvanrees closed 1 year ago

mauritsvanrees commented 1 year ago

See https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87

These methods are not used in Plone itself.

mister-roboto commented 1 year ago

@mauritsvanrees thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

mauritsvanrees commented 1 year ago

@jenkins-plone-org please run jobs

mauritsvanrees commented 1 year ago

Note: On Plone 6.0 and 6.1 the coredev buildout is already using CMFCore 3.2 which has a fix.