[Zope] [Ann] Zope Hotfix 2005-10-09
Andreas Jung
lists at andreas-jung.com
Sun Oct 9 12:38:49 EDT 2005
Hello,
a security issue with the Docutils package coming with Zope 2.6 or higher
has been discovered. Sites that expose reStructuredText functionality to
untrusted users (typically portal sites allowing registered users to edit
content) are possibly affected.
Download location and installation are available from
http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
The hotfix is supposed to work with any Zope 2.7 and 2.8 version.
It might work for Zope 2.6 and Python 2.1 but we can not give a guarantee
since Zope 2.6 is no longer maintained. Plone sites do not seem to be
affected (there seems to be some additional code on top of Zope's
reST implementation avoiding the failure) however this not a guarantee.
The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the hotfix.
Andreas Jung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20051009/bde3250e/attachment.bin
More information about the Zope
mailing list