> If installed on 2.1.6, the product shows up as broken, since it
> tries to run
> "from OFS.ObjectManager import aq_base", which fails, since aq_base wasn't
> available in ObjectManager before 2.2.1 (!).
> Therefore I guess the Hotfix won't work for any versions prior to 2.2.1.
> According to the README, those versions are still vulnerable.
> Could somebody give me a hint if and how it's possible to backport the
> Hotfix to Zope 2.1.6 ?

You could add this to the hotfix module:

def aq_base(object):
  return getattr(object, 'aq_base', object)

...and use that instead of importing it.

Brian Lloyd        [EMAIL PROTECTED]
Software Engineer  540.371.6909
Digital Creations  http://www.digicool.com

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to