Andy wrote:

It's way worse than I thought: You can do the same thing with at least standard_html_footer! Hope all you Digital Creations guys haven't gone home yet...

Nope, we're here and working on it. Since this has now happened twice, I'm going to try to be more clear. Everybody, PLEASE don't mail security bugs to the mailing list. This is such an impolite thing to do that I'm surprised that I am bringing it up twice in the same month. Instead of an email with a subject line of "BIG security hole", whose contents discuss the details of the problem...doesn't it make a lot more sense to let us know about it first and have a shot at fixing it? Let us know in private and give us a shot at promptly fixing it and notifying people. If the response isn't swift, then decide whether the community at large would be best served by a direct announcement. Because the problem has now been announced, we have to bring the entire site down again like we did the last time. We'll make a separate announcement about this changeover to the old site. --Paul Paul Everitt Digital Creations paul@digicool.com 540.371.6909 ----------------------------------------- The Open Source Zope application server http://www.zope.org/