[Zope] SECURITY ALERTJan 05, 2000, 05:31 (0 Talkback[s])
(Other stories by Christopher Petrilli)
Date: Tue, 04 Jan 2000 17:12:46 -0500
Ok, now that we've got your attention...
This problem is of most concern to anyone who opens their Zope site up to the general public (a'la zope.org) as it could allow "anonymous" people to do things which are most definitely not allowed. Unfortunately it was introduced many releases ago, but to our knowledge this is the first time anyone has discovered this problem.
Fixes are contained in the CVS repository as well as:
Zope 2.1.2 http://www.zope.org/Products/Zope/2.1.2/
It is important to note that the patch to 1.10.3 has some performance impact on users of this release. Unfortunately, we are no longer able to provide equal levels of support for users of 1.x and 2.x implementations of Zope. If there are reasons that your site is unable to transition to 2.x, please let us know so that we can work to resolve them in future releases so that we can finally retire the old 1.x line of code.
If you have any questions regarding the impact to your site of the changes, please send them to email@example.com