Re: [Zope] [Ann] Zope Hotfix 2005-10-09
Andreas Jung schrieb: Hello, a security issue with the Docutils package coming with Zope 2.6 or higher has been discovered. Sites that expose reStructuredText functionality to untrusted users (typically portal sites allowing registered users to edit content) are possibly affected. Download location and installation are available from http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert The hotfix is supposed to work with any Zope 2.7 and 2.8 version. It might work for Zope 2.6 and Python 2.1 but we can not give a guarantee since Zope 2.6 is no longer maintained. Plone sites do not seem to be affected (there seems to be some additional code on top of Zope's reST implementation avoiding the failure) however this not a guarantee. The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the hotfix. Where are the details on the nature of the security problem? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] [Ann] Zope Hotfix 2005-10-09
Hello, a security issue with the Docutils package coming with Zope 2.6 or higher has been discovered. Sites that expose reStructuredText functionality to untrusted users (typically portal sites allowing registered users to edit content) are possibly affected. Download location and installation are available from http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert The hotfix is supposed to work with any Zope 2.7 and 2.8 version. It might work for Zope 2.6 and Python 2.1 but we can not give a guarantee since Zope 2.6 is no longer maintained. Plone sites do not seem to be affected (there seems to be some additional code on top of Zope's reST implementation avoiding the failure) however this not a guarantee. The upcoming Zope 2.8.2 and 2.7.8 releases will also ship with the hotfix. Andreas Jung pgpcQ2DaluOjM.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )