[Zope] [Ann] Zope Hotfix 2005-10-09
Tino Wildenhain
tino at wildenhain.de
Mon Oct 10 03:31:31 EDT 2005
Andreas Jung schrieb:
> Hello,
>
> a security issue with the Docutils package coming with Zope 2.6 or
> higher has been discovered. Sites that expose reStructuredText
> functionality to
> untrusted users (typically portal sites allowing registered users to
> edit content) are possibly affected.
>
> Download location and installation are available from
>
> http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
>
> The hotfix is supposed to work with any Zope 2.7 and 2.8 version.
> It might work for Zope 2.6 and Python 2.1 but we can not give a
> guarantee since Zope 2.6 is no longer maintained. Plone sites do not
> seem to be affected (there seems to be some additional code on top of
> Zope's
> reST implementation avoiding the failure) however this not a guarantee.
> The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the hotfix.
>
Where are the details on the nature of the security problem?
More information about the Zope
mailing list