[Zope-dev] [Zope] Hotfix for security vulnerability
yuppie
y.2011 at wcm-solutions.de
Tue Oct 25 11:44:46 UTC 2011
Laurence Rowe wrote:
>> This hotfix addresses a serious vulnerability in the Zope2
>> application server. Affected versions of Zope2 include:
>>
>> - - 2.12.x<= 2.12.20
>>
>> - - 2.13.x<= 2.13.6
>>
>> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
>
> Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected?
They are affected. "2.13.6" seems to be a typo. But AFAICT Plone is not
affected because it doesn't use the default user folder implementation
shipped with Zope.
Cheers, Yuppie
More information about the Zope-Dev
mailing list