You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Zope » Zope Security Update 2.1.2 release
Log in
Name

Password

 
Link icon Forgot your password?
Print

Zope Security Update 2.1.2 release

Thanks to Kevin Littlejohn's sleuthing, a sizable problem in the security machinery in DTML has been brought to our attention and resolved. Without delving too deeply into the obtuseness of the problem, let me first say that this is 1) very critical, 2) has an urgent fix.

This problem is most concerning to anyone who opens their Zope site up to the general public (a'la zope.org) as it could allow "anonymous" people to do things which are most definitely not allowed. Unfortunately it was introduced many releases ago, but to our knowledge this is the first time anyone has discovered this problem.

Fixes are contained in the CVS repository as well as in the Zope 2.1.2 release.

Note that this issue also affects Zope sites that are still running old 1.10.3 Zope releases as well - we highly recommend that if you are running an old 1.10.x release and cannot upgrade to Zope 2.1.2 at this time that you install the patch for Zope 1.10.3 to avoid any problems.

It is important to note that the patch to 1.10.3 has some performance impact on users of this release. Unfortunately, we are no longer able to provide equal levels of support for users of 1.x and 2.x implementations of Zope. If there are reasons that your site is unable to transition to 2.x, please let us know so that we can work to resolve them in future releases so that we can finally retire the old 1.x code.

Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)