You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix_2000-12-18 » Zope hotfix: Image updating method » View NewsItem
Log in
Name

Password

 
Link icon Forgot your password?
Print

Zope hotfix: Image updating method

This hotfix addresses a potential security issue that affects Zope versions up to and including Zope 2.2.4.

The issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing priveleges to update the raw data of a File or Image object via DTML though they did not have editing priveleges on the objects themselves.

We highly recommend that any Zope site running versions of Zope up to and including 2.2.4 have this hotfix product installed to mitigate the issue if the site is accessible by untrusted users who have DTML editing privileges.

README

http://www.zope.org/Products/Zope/Hotfix_2000-12-18/Hotfix_2000-12-18.tgz

The hotfix will work for all versions of Zope 2.1.x and higher. A Zope 2.2.5 release later this week will contain the fix for this issue, and you will be able to uninstall the hot fix after upgrading.

Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)