On Fri, 23 Jan 2004 12:17:38 +0100
Dario Lopez-Kästen <[EMAIL PROTECTED]> wrote:
> Chris Withers wrote:
>
> > Hi,
> >
> > Can anyone shed light on all of these? I know about some of them,
> > but this is quite a disturbingly long list...
>
> What is the current status of these issues? I am running a rather
> larges site with sensitive personal data.
They are fixed in the latest releases of Zope 2.6 and 2.7
> The decision to use Python/Zope instead of Java/uPortal is very much
> debated by people whith power, and I am trying to protect the
> investment made in Zope.
The security vulnerabilities were not publically announced until new
versions of Zope were available that fixed them.
> I know, you get what you pay for etc, but I am struggling to keep Zope
>
> instead of having to migrate to Java, and it is hard enouigh as it
> is. All this is politics, perception and logistics and has nothing to
> do with technical advantage.
Actually with Zope, I think you get a lot more than you pay for ;^)
> Unfortunately I cannot help very much in resolving these issues since
> I am not knowledgeable enough to be able to help, but I would like to
> follow the status of these issues, under NDA if need be.
The issues are already resolved. The only question is whether you can do
a timely upgrade to a fixed version.
> It is also a matter of taking steps to protect personal data.
Download a new version of Zope and test it out with a copy of your
application. Let us know if anything breaks.
-Casey
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
