25 Oct
2011
25 Oct
'11
11:44 a.m.
Laurence Rowe wrote:
This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include:
- - 2.12.x<= 2.12.20
- - 2.13.x<= 2.13.6
Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected?
They are affected. "2.13.6" seems to be a typo. But AFAICT Plone is not affected because it doesn't use the default user folder implementation shipped with Zope. Cheers, Yuppie