Am Montag, 24. Oktober 2011, 17:03:52 schrieben Sie:

Thanks for your info. Any idea if this affects pre 2.10 zope? We've been running in production 2.9 no problems for a while.

No, from my tests all versions in 2.12.20 and 2.13.10 was affected - earlier not - im just wondering why the sec advisory means <=2.13.6. Will investigate that further...

This hotfix addresses a serious vulnerability in the Zope2 application server. Affected versions of Zope2 include:

- 2.12.x <= 2.12.20

- 2.13.x <= 2.13.6

best regards, Niels. -- --- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com/