On Saturday 11 January 2003 4:06 pm, Jamie Heilman wrote:
Guido van Rossum wrote:
Without python 2.2 zope will continue to harbor remotely exploitable zlib-based memory exhaustion attacks. FWIW
There are workarounds that work in 2.1.x, and I dont think any uses in Zope are performance-critical. I will be happy to push through any patches for any other Zopes uses.
Can you explain? Where does Zope even use zlib?
dtml-tree for one,
That is the least of your worries for dtml-tree. Please try the patch at: http://www.zope.org/Members/htrd/tree.diff This has a chance for 2.6.2 if I get enough positive feedback from people who actually use dtml-tree. (and a sufficently paranoid review would be nice too.) -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson