[Zope-dev] Resolved security-related collector issues for the public?

Jamie Heilman jamie at audible.transient.net
Thu Jan 22 14:59:30 EST 2004


Clemens Robbenhaar wrote:
> malicious Python Scripts on my site (I guess ;-), and I do not use DTML
> or some Tree-stuff -- thus I did not upgrade yet, and You may feel free

Actually... unless you've altered the ZMI and HelpSys, you do use
dtml-tree ...and HelpSys is publically traversable by default.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle
 into a lion's mouth and flicking his lovespuds with a wet towel, pure
 insanity..."                                           -Rimmer



More information about the Zope-Dev mailing list