[Zope] SECURITY ALERT | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

[Zope] SECURITY ALERT

Written By
Web Webster
Web Webster
Jan 5, 2000

Date: Tue, 04 Jan 2000 17:12:46 -0500
Subject: [Zope] SECURITY ALERT
From: Christopher Petrilli petrilli@digicool.com
To: zope-announce@zope.org

Ok, now that we’ve got your attention…
Thanks to Kevin Littlejohn’s sleuthing, a sizable problem in the
security machinery in DTML has been brought to our attention and
resolved. Without delving too deeply into the obtuseness of the
problem, let me first say that this is 1) very critical, 2) has an
urgent fix.

This problem is of most concern to anyone who opens their Zope
site up to the general public (a’la zope.org) as it could allow
“anonymous” people to do things which are most definitely not
allowed. Unfortunately it was introduced many releases ago, but to
our knowledge this is the first time anyone has discovered this
problem.

Fixes are contained in the CVS repository as well as:

Zope 2.1.2 http://www.zope.org/Products/Zope/2.1.2/

Patch to 1.10.3 http://www.zope.org/Products/Zope/2.1.2/1104_patch.html

It is important to note that the patch to 1.10.3 has some
performance impact on users of this release. Unfortunately, we are
no longer able to provide equal levels of support for users of 1.x
and 2.x implementations of Zope. If there are reasons that your
site is unable to transition to 2.x, please let us know so that we
can work to resolve them in future releases so that we can finally
retire the old 1.x line of code.

If you have any questions regarding the impact to your site of
the changes, please send them to support@digicool.com

Chris

| Christopher Petrilli – Python Powered – Digital Creations,
Inc.
| petrilli@digicool.com
http://www.digicool.com
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information