Hi all, Zope 2.1.4 has been released. It can be downloaded from Zope.org at: http://www.zope.org/Products/Zope/2.1.4/ This update prevents the REQUEST object from being traversable by web clients. While this feature was useful for debugging, Evan Simpson noted a potential security issue that could allow web authors to play client scripting tricks and make them appear (to the user) to be coming from a Zope site. While we know of no instances of this happening and the actual security of the Zope site's data is not affected by this, we do recommend that you upgrade to 2.1.4 to avoid any problems. Also (I know many of you are already thinking it :), we are working on a way to distribute "patch" releases for things like this to make updates easier. Until then, for those who _really_ just want to patch your installation you can replace the file lib/python/ZPublisher/BaseRequest.py in your installation with the one from the 2.1.4 distribution and restart your Zope instance. Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com