![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: "Chris McDonough" <chrism@digicool.com>
To: <zope-announce@zope.org>, <zope@zope.org>, <zope-dev@zope.org>
Subject: [Zope] SECURITY alert and hotfix release
Date: Tue, 1 May 2001 15:29:25 -0400
Hello All,
Dieter Maurer uncovered a potential security issue yesterday that
necessitated a hotfix release.
This hotfix addresses an important security issue that affects Zope
versions up to and including Zope 2.3.2.
The issue is related to ZClasses in that any user can visit a ZClass
declaration and change the ZClass permission mappings for methods
and other objects defined within the ZClass, possibly allowing
for unauthorized access within the Zope instance.
We *highly* recommend that any Zope site running versions of
Zope up to and including 2.3.2 have this hotfix product installed
to mitigate this issue.
- http://www.zope.org/Products/Zope/Hotfix_2001-05-01/README.txt
-
http://www.zope.org/Products/Zope/Hotfix_2001-05-01/Hotfix_2001-05-01.tgz
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )