You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Zope » Zope 2.1.5 released
Log in
Name

Password

 
Link icon Forgot your password?
Print

Zope 2.1.5 released

Zope 2.1.5 has been released.

This release fixes two fairly important security issues that have recently come to our attention:

  • It was possible for a Zope user with a fair amount of Zope zen and permission to create DTML documents and Folders to circumvent the security machinery within DTML in certain situations, possibly giving the user the ability to use resources that he wouldn't otherwise be able to access via DTML.

  • It also came to our attention that the DTML code in ZSQLMethod objects was not subject to the same security constraints as the DTML code in DTMLMethods and DTML Documents.

The 2.1.5 release fixes both of these issues and we highly recommend that you upgrade, especially if you use Zope for sites that allow untrusted users to create Folders and DTML Documents or DTML Methods.

The release also includes a number of recent bug fixes, including the problem in TimeStamp objects that caused the bobobase_modification_time() of Zope objects to appear to be a day behind. Note that this release contains two binary changes, so those running Zope from the source release will need to rebuild the Zope extensions after applying the update. The fixes are also available in CVS and binaries will need to be rebuilt after the update for those of you using CVS.

Note that with the 2.1.5 release we will also be releasing "diff" updates as .tgz files that will let you easily upgrade an existing 2.1.x site. These updates are available for those currently using the 2.1.x source release or the 2.1.x binary releases for either solaris or linux (diff releases are not available for win32 for now).

To apply a differential update to your site:

  • download the appropriate .tgz file from zope.org
  • shutdown your Zope process
  • copy the .tgz to your Zope directory and extract it
  • run w_pcgi or wo_pcgi if you are not using a binary release
  • restart your process

Please let us know if you have any problems with the 2.1.5 release!

Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)