Il 30/05/2013 11:00, Fabrizio Rota ha scritto:
io ho la 1.7.0: parrebbe esente da vulnerabilità: mi fido?
dalla 1.7.0:
def onSuccess(self, fields, REQUEST=None, loopstop=False):
"""
saves data.
"""
dalla 1.7.11:
security.declarePrivate('onSuccess')
def onSuccess(self, fields, REQUEST=None, loopstop=False):
# """
# saves data.
# """
Direi di no :)
2013/5/30 Luca Fabbri <[email protected] <mailto:[email protected]>>
Un po' criticabile il fatto che non c'è stata una segnalazione
preventiva. Capisco non sia un HotFix però qualche disagio potrebbe
averlo creato. Dopo tutto è forse il prodotto aggiuntivo più famoso!
On Thu, May 30, 2013 at 8:59 AM, Vito Falco <[email protected]
<mailto:[email protected]>> wrote:
> Thank's!
>
> Vito
>
>
> 2013/5/30 Yuri <[email protected] <mailto:[email protected]>>
>>
>>
>>
>> -------- Messaggio originale --------
>> Oggetto: [Plone-Users] Fwd: Vulnerability in
PloneFormGen — Updated
>> announcement
>> Data: Wed, 29 May 2013 10:31:16 -0700
>> Mittente: Steve McMahon <[email protected]
<mailto:[email protected]>>
>> A: plone_users <[email protected]
<mailto:[email protected]>>, Plone Developers
>> <[email protected]
<mailto:[email protected]>>
>>
>>
>>
>> PloneFormGen <http://plone.org/products/ploneformgen>, a widely
used
>> response-form-creation add-on for the Plone Content Management
System, has
>> been discovered to have a serious vulnerability that allows an
anonymous
>> attacker to execute arbitrary code with the privileges of the
system user
>> running the server.
>>
>> Installations of Plone that do not use the PloneFormGen add-on
are not
>> affected by this vulnerability.
>>
>> The vulnerability is present in PloneFormGen versions 1.7.4
(2012-11-04)
>> through 1.7.8. Users of any of these versions should
immediately upgrade to
>> Products.PloneFormGen version 1.7.11
>> <https://pypi.python.org/pypi/Products.PloneFormGen/1.7.11>.
1.7.11 has been
>> released today to the Plone and Python package repositories.
>>
>> Another serious vulnerability affects most earlier versions of
>> PloneFormGen. This vulnerability affects forms that have custom
script
>> adapters, and allows an anonymous attacker to gain control over
the handling
>> of data submitted through the form. This vulnerability is
addressed in
>> version 1.7.9. Users of PloneFormGen in the 1.6 series, which
runs on Plone
>> 3.x, 4.0 and 4.1 should upgrade to version 1.6.7
>> <https://pypi.python.org/pypi/Products.PloneFormGen/1.6.7>,
also released
>> today.
>>
>> Help for installing the upgrade is available on the #plone IRC
channel
>> <http://plone.org/support/chat> and forums
>> <https://plone.org/support/forums>. Upgrading an already
installed package
>> requires you to specify the new version number in your buildout
>> configuration file
>> <https://weblion.psu.edu/trac/weblion/wiki/VersionPinning>Â and run
>> buildout.
>>
>> Thanks to The Code Distillery's security analysts for the
responsible
>> disclosure of the vulnerabilities, and for their suggestions
for addressing
>> the issues.
>>
>>
>>
>>
>> _______________________________________________
>> Plone-IT mailing list
>> [email protected] <mailto:[email protected]>
>> https://lists.plone.org/mailman/listinfo/plone-plone-it
>>
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
>
>
>
>
> --
> Vito Falco
> Webdeveloper & designer freelance, Plone enthusiast
> Bari, IT
> tel +39 3346330137 <tel:%2B39%203346330137> | skype vito80ba |
twitter vito80ba
> Linkedin http://it.linkedin.com/in/vitof
>
> _______________________________________________
> Plone-IT mailing list
> [email protected] <mailto:[email protected]>
> https://lists.plone.org/mailman/listinfo/plone-plone-it
>
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
--
Saluti/Regards
Luca Fabbri - RedTurtle Technology
E-mail: [email protected] <mailto:[email protected]>
Web Site: http://www.redturtle.it/
Phone: +39 0532 1915958 <tel:%2B39%200532%201915958>
Fax: +39 0532 287070 <tel:%2B39%200532%20287070>
_______________________________________________
Plone-IT mailing list
[email protected] <mailto:[email protected]>
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
--
Fabrizio
--------------------
Non inviato da IPhone
"Life is what happens to you while you're busy making other plans" -
J. Lennon
“If you think education is expensive, try ignorance” - D. Bok
Life is like a game of cards. The hand you are dealt is determinism;
the way you play it is free will - Jawaharlal Nehru
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
