hi guys,

i think i just found a pretty nasty security issue in zope 2.10.4, see http://mail.zope.org/pipermail/zope-dev/2007-July/029590.html for a more detailed explaination. the bug gives you completely unrestricted access in all view templates, which is probably not what we want, even though they cannot be changed ttw. well, actually i haven't tried customerizing them, but this actually should work...

anyway, if this turns out to hold true, i think we should either go back to 2.10.3 for our rc1 or wait until this issue is fixed -- in any case we shouldn't use 2.10.4 as is, imho. what do you think?



zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED]
friedelstra├če 31 - 12047 berlin - telefon +49 30 25563779
pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/
sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007

Attachment: PGP.sig
Description: This is a digitally signed message part

Framework-Team mailing list

Reply via email to