On Fri, 23 Jan 2004 12:17:38 +0100 Dario Lopez-Kästen <dario@ita.chalmers.se> wrote:
Chris Withers wrote:
Hi,
Can anyone shed light on all of these? I know about some of them, but this is quite a disturbingly long list...
What is the current status of these issues? I am running a rather larges site with sensitive personal data.
They are fixed in the latest releases of Zope 2.6 and 2.7
The decision to use Python/Zope instead of Java/uPortal is very much debated by people whith power, and I am trying to protect the investment made in Zope.
The security vulnerabilities were not publically announced until new versions of Zope were available that fixed them.
I know, you get what you pay for etc, but I am struggling to keep Zope
instead of having to migrate to Java, and it is hard enouigh as it is. All this is politics, perception and logistics and has nothing to do with technical advantage.
Actually with Zope, I think you get a lot more than you pay for ;^)
Unfortunately I cannot help very much in resolving these issues since I am not knowledgeable enough to be able to help, but I would like to follow the status of these issues, under NDA if need be.
The issues are already resolved. The only question is whether you can do a timely upgrade to a fixed version.
It is also a matter of taking steps to protect personal data.
Download a new version of Zope and test it out with a copy of your application. Let us know if anything breaks. -Casey