Hello, 2 weeks ago I reported the following Bug: http://www.zope.org/Collectors/Zope/2346 in which I describe a server crash when using the FastCGI server under Zope 2.9.x, x >= 5. I'm a little bit surprised that the bug severity was downgraded to "medium" since, short of DB-corruption, I cannot imagine anything more critical than a server crash. Someone who finds a way to provoke a log-entry can trivially DOS the server, which is what (unintentionally) happened on one of our production machines. I would kindly ask you to apply the (obvious) fix which I posted or revert the offending commit: http://svn.zope.org/Zope/branches/2.9/lib/python/ZServer/FCGIServer.py?rev=7... which doesn't seem too useful to me anyway. Thank you.
--On 1. September 2007 11:01:40 +0200 blists@bdf-net.com wrote:
Hello,
2 weeks ago I reported the following Bug: http://www.zope.org/Collectors/Zope/2346 in which I describe a server crash when using the FastCGI server under Zope 2.9.x, x >= 5.
I'm a little bit surprised that the bug severity was downgraded to "medium" since, short of DB-corruption,
Because using FCGI support is deprecated since a while). The patch might be applied for the next releases and obviously nobody had time so far to apply the patch. An issue being critical for you does not mean that is it critical for everyone. Most people _don't_ use FCGI so the severity "medium" should be ok. -aj
--On 1. September 2007 11:01:40 +0200 blists@bdf-net.com wrote:
Hello,
2 weeks ago I reported the following Bug: http://www.zope.org/Collectors/Zope/2346 in which I describe a server crash when using the FastCGI server under Zope 2.9.x, x >= 5.
I'm a little bit surprised that the bug severity was downgraded to "medium" since, short of DB-corruption, I cannot imagine anything more critical than a server crash. Someone who finds a way to provoke a log-entry can trivially DOS the server, which is what (unintentionally) happened on one of our production machines.
I would kindly ask you to apply the (obvious) fix which I posted or revert the offending commit: http://svn.zope.org/Zope/branches/2.9/lib/python/ZServer/FCGIServer.py?re v=70001&r1=40222&r2=70001 which doesn't seem too useful to me anyway.
Patch applied to Zope 2.9, Zope 2.10 branches and Zope trunk. -aj
--On 1. September 2007 11:01:40 +0200 blists@bdf-net.com wrote:
I would kindly ask you to apply the (obvious) fix which I posted or revert the offending commit: http://svn.zope.org/Zope/branches/2.9/lib/python/ZServer/FCGIServer.py?re v=70001&r1=40222&r2=70001 which doesn't seem too useful to me anyway.
Patch applied to Zope 2.9, Zope 2.10 branches and Zope trunk.
Thanks, it's appreciated.
participants (2)
-
Andreas Jung -
blists@bdf-net.com