[ Thanks to John D.
Rowell for this link. ]
From the Zope.org site:
“We have recently become aware of an important security issue that
affects all released Zope versions including the recent 2.2 beta 1
release. The issue involves an inadequately protected method in
one of the base classes in the DocumentTemplate package that could
allow the contents of DTMLDocuments or DTMLMethods to be changed
remotely or through DTML code without forcing proper user
authorization. A Zope 2.1.7 release has been made that
resolves this issue for Zope 2.1.x users. This release is available
from Zope.org.”
“While we know of no instances of this issue being used to exploit
a site, we *highly* recommend that any Zope site that is accessible
by untrusted clients take the appropriate mitigation steps
immediately.”
So hurry and upgrade. If you want to know of other changes since
the version of Zope you’re currently using, check out the changes
history at AppWatch.com.