The new zope site is back at http://www.zope.org/. Soon, the old Zope site will be back to http://www.zope.org:8080/. The security hole has been patched, and soon we will be making a 2.0.1 release. Further information about 2.0.1 will be forthcoming. I would suggest the EVERYBODY who uses Zope 2.0 upgrade to 2.0.1 whether or not they feel threatended by this security exploit. Other than the 2 line security patch, 2.0.1 is identical to 2.0. I would like to take this opertunity to remind everyone that PRIVATELY informing us of 'showstopper' security bugs is just good netiquette. This gives us an opportunity not only to analyze the problem and provide a quick fix (after all, it could just be *your* problem, and you'd be 'crying wolf'), it also prevents the widespread distribution of exploits before we have a chance to control the situation. If, in the future, community members discover/encounter security-related issues, please send an email to the newly created address: security@zope.org mailto:security@zope.org -Michel
On Fri, 17 Sep 1999, Michel Pelletier wrote:
I would like to take this opertunity to remind everyone that PRIVATELY informing us of 'showstopper' security bugs is just good netiquette. This gives us an opportunity not only to analyze the problem and provide a quick fix (after all, it could just be *your* problem, and you'd be 'crying wolf'), it also prevents the widespread distribution of exploits before we have a chance to control the situation.
And I'll take this opportunity to apologize for blabbing about this to the main list. At the time it occurred, I had no idea that it was a general Zope problem; I assumed it was a permission problem in the site setup. In fact, I didn't even expect the thing I tried to do what it did. Certainly I never intended to disrupt the Zope website. If I had thought at the time that it was a hole in Zope itself, I think I would have done things differently, but hindsight is 20/20. My bad, sorry. :( -- andy dustman | programmer/analyst | comstar.net, inc. telephone: 770.485.6025 / 706.549.7689 | icq: 32922760 | pgp: 0xc72f3f1d
On Fri, 17 Sep 1999, Michel Pelletier wrote:
release. Further information about 2.0.1 will be forthcoming. I would suggest the EVERYBODY who uses Zope 2.0 upgrade to 2.0.1 whether or not
Umm, how do I migrate the content of my Zope 2.0.0 site to that of the Zope 2.0.1 site? [ I have no desire to rewrite everything. Though it would be easier now, than, say next monday, when I have 5K pages up. ] Doing a search at http://www.zope.org didn't come up with anything. :-( xan jonathon
participants (3)
-
Andy Dustman -
jonathon -
Michel Pelletier