Hi all, Zope 2.1.5 has been released - you can download it from the usual place on Zope.org: http://www.zope.org/Products/Zope/2.1.5/ This release fixes two fairly important security issues that have recently come to our attention: o It was possible for a Zope user with a fair amount of Zope zen and permission to create DTML documents and Folders to circumvent the security machinery within DTML in certain situations, possibly giving the user the ability to use resources that he wouldn't otherwise be able to access via DTML. o It also came to our attention that the DTML code in ZSQLMethod objects was not subject to the same security constraints as the DTML code in DTMLMethods and DTML Documents. The 2.1.5 release fixes both of these issues and we highly recommend that you upgrade, especially if you use Zope for sites that allow untrusted users to create Folders and DTML Documents or DTML Methods. The release also includes a number of recent bug fixes, including the problem in TimeStamp objects that caused the bobobase_modification_time() of Zope objects to appear to be a day behind. Note that this release contains two binary changes, so those running Zope from the source release will need to rebuild the Zope extensions after applying the update. The fixes are also available in CVS and binaries will need to be rebuilt after the update for those of you using CVS. Note that with the 2.1.5 release we will also be releasing "diff" updates as .tgz files that will let you easily upgrade an existing 2.1.x site. These updates are available for those currently using the 2.1.x source release or the 2.1.x binary releases for either solaris or linux (diff releases are not available for win32 for now). To apply a differential update to your site: o download the appropriate .tgz file from zope.org o shutdown your Zope process o copy the .tgz to your Zope directory and extract it o run w_pcgi or wo_pcgi *if you are not using a binary release* o restart your process Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
In article <613145F79272D211914B0020AFF6401914DE7D@gandalf.digicool.com> , Brian Lloyd <Brian@digicool.com> writes
o It also came to our attention that the DTML code in ZSQLMethod objects was not subject to the same security constraints as the DTML code in DTMLMethods and DTML Documents.
Hmm. This update has broken all my zsqlmethods I've tested so far. I've reverting to 2.1.4. Eg when testing from the management interface: File D:\zope2\lib\python\Shared\DC\ZRDB\DA.py, line 459, in __call__ (Object: sqlShowComment) TypeError: too many arguments; expected 4, got 5 SQLSESSION has also died with this version release. ------- Regards, Graham Chiu gchiu<at>compkarori.co.nz http://www.compkarori.com/dynamo - The Homebuilt Dynamo http://www.compkarori.com/dbase - The dBase bulletin
In article <Gl2o8NAvI$04EwL1@compkarori.com>, Graham Chiu <anon_emouse@hotmail.com> writes
In article <613145F79272D211914B0020AFF6401914DE7D@gandalf.digicool.com> , Brian Lloyd <Brian@digicool.com> writes
o It also came to our attention that the DTML code in ZSQLMethod objects was not subject to the same security constraints as the DTML code in DTMLMethods and DTML Documents.
Hmm. This update has broken all my zsqlmethods I've tested so far. I've reverting to 2.1.4.
I couldn't find 2.1.4 on zope.org, but had a copy of 2.1.3, and that has fixed all my zsqlmethods now. Win32. ------- Regards, Graham Chiu gchiu<at>compkarori.co.nz http://www.compkarori.com/dynamo - The Homebuilt Dynamo http://www.compkarori.com/dbase - The dBase bulletin
Hi, Any recommendations for a good Python book? I found 'Learning Python - Help for Programmers', 'Python Essential Reference', 'Programming Python' to name a few. Any suggestions? Thanks! Jonathan -- UR Communications - Solutions for a wired world Who, what & where @ http://www.ur.nl/
I'd have to put in my vote for David Ascher's/Mark Lutz's "Learning Python" to get started out with. Jonathan wrote:
Hi,
Any recommendations for a good Python book? I found 'Learning Python - Help for Programmers', 'Python Essential Reference', 'Programming Python' to name a few.
Any suggestions?
Thanks!
Jonathan
-- UR Communications - Solutions for a wired world Who, what & where @ http://www.ur.nl/
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Chris McDonough Digital Creations, Inc. Zope - http://www.zope.org
Learning Python is a great book if your new. I had a chance to look at Python Essential Reference before it went to print and it is also an excellent book and well thought out reference. -Michel Jonathan wrote:
Hi,
Any recommendations for a good Python book? I found 'Learning Python - Help for Programmers', 'Python Essential Reference', 'Programming Python' to name a few.
Any suggestions?
Thanks!
Jonathan
-- UR Communications - Solutions for a wired world Who, what & where @ http://www.ur.nl/
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (5)
-
Brian Lloyd -
Chris McDonough -
Graham Chiu -
Jonathan -
Michel Pelletier