21 Apr
2000
21 Apr
'00
2:30 p.m.
Could one of you guys details this on the SecurityWiki?
I'll do it in a minute. Not sure why it's a security issue though. It's just a plain bug. If a version object doesn't exist, then a cookie (whether generated through the FTP server or through an HTTP post (for example, from a cached management interface page) should be ignored, or more likely, generate an error with the option "would you like to stop working in this non-existent version?" This issue is in the following bugs: http://classic.zope.org:8080/Collector/1194/view http://classic.zope.org:8080/Collector/1195/view cheers, Chris