[Zope] TAL Hotfix 2004-07-14 for Zope 2.7.0, 2.7.1
Fred Drake
fred at zope.com
Wed Jul 14 12:26:40 EDT 2004
This hotfix product fixes a security bug in Page Templates. This fix
ensures that values substituted in named slots in translated elements
are properly encoded. If encoding is not desired and the source of
the replacement text is trusted, the "structure" modifier can be used
with the tal:content or tal:replace attribute to explicitly disable
encoding.
Affected Versions
This fix applies to Zope 2.7.0 and 2.7.1. Zope versions 2.7.2 and
newer already contain this fix, and do not require this hotfix.
This fix also obsoletes 'Hotfix_20040713', so that should be
uninstalled when this hotfix is installed. See the README.txt
file provided with 'Hotfix_20040713' for instructions on
removing that hotfix.
Getting the Hotfix
You can download the hotfix at:
http://zope.org/Products/Zope/Hotfix_2004-07-14/Zope%202.7.0%20-%202.7.1/
The product contains a README.txt file with installation
instructions.
-Fred
--
Fred L. Drake, Jr. <fred at zope.com>
Zope Corporation
More information about the Zope
mailing list