The new zope site is back at http://www.zope.org/. Soon, the old Zope site will be back to http://www.zope.org:8080/. The security hole has been patched, and soon we will be making a 2.0.1 release. Further information about 2.0.1 will be forthcoming. I would suggest the EVERYBODY who uses Zope 2.0 upgrade to 2.0.1 whether or not they feel threatended by this security exploit. Other than the 2 line security patch, 2.0.1 is identical to 2.0. I would like to take this opertunity to remind everyone that PRIVATELY informing us of 'showstopper' security bugs is just good netiquette. This gives us an opportunity not only to analyze the problem and provide a quick fix (after all, it could just be *your* problem, and you'd be 'crying wolf'), it also prevents the widespread distribution of exploits before we have a chance to control the situation. If, in the future, community members discover/encounter security-related issues, please send an email to the newly created address: security@zope.org mailto:security@zope.org -Michel
On Fri, 17 Sep 1999, Michel Pelletier wrote:
I would like to take this opertunity to remind everyone that PRIVATELY informing us of 'showstopper' security bugs is just good netiquette. This gives us an opportunity not only to analyze the problem and provide a quick fix (after all, it could just be *your* problem, and you'd be 'crying wolf'), it also prevents the widespread distribution of exploits before we have a chance to control the situation.
And I'll take this opportunity to apologize for blabbing about this to the main list. At the time it occurred, I had no idea that it was a general Zope problem; I assumed it was a permission problem in the site setup. In fact, I didn't even expect the thing I tried to do what it did. Certainly I never intended to disrupt the Zope website. If I had thought at the time that it was a hole in Zope itself, I think I would have done things differently, but hindsight is 20/20. My bad, sorry. :( -- andy dustman | programmer/analyst | comstar.net, inc. telephone: 770.485.6025 / 706.549.7689 | icq: 32922760 | pgp: 0xc72f3f1d
participants (2)
-
Andy Dustman -
Michel Pelletier