[ZDP] Zope Site back on track

Michel Pelletier michel@digicool.com
Fri, 17 Sep 1999 15:02:28 -0400


The new zope site is back at http://www.zope.org/.  Soon, the old Zope
site will be back to http://www.zope.org:8080/.

The security hole has been patched, and soon we will be making a 2.0.1
release.  Further information about 2.0.1 will be forthcoming.  I would
suggest the EVERYBODY who uses Zope 2.0 upgrade to 2.0.1 whether or not
they feel threatended by this security exploit.  Other than the 2 line
security patch, 2.0.1 is identical to 2.0.

I would like to take this opertunity to remind everyone that PRIVATELY
informing us of 'showstopper' security bugs is just good netiquette.
This gives us an opportunity not only to analyze the problem and provide
a quick fix (after all, it could just be *your* problem, and you'd be
'crying wolf'), it also prevents the widespread distribution of exploits
before we have a chance to control the situation.  

If, in the future, community members discover/encounter security-related
issues, please send an email to the newly created address:
security@zope.org  mailto:security@zope.org

-Michel