Hello All,

  Dieter Maurer uncovered a potential security issue yesterday that
  necessitated a hotfix release.

  This hotfix addresses an important security issue that affects Zope
  versions up to and including Zope 2.3.2.

  The issue is related to ZClasses in that any user can visit a ZClass
  declaration and change the ZClass permission mappings for methods
  and other objects defined within the ZClass, possibly allowing
  for unauthorized access within the Zope instance.

  We *highly* recommend that any Zope site running versions of
  Zope up to and including 2.3.2 have this hotfix product installed
  to mitigate this issue.

    - http://www.zope.org/Products/Zope/Hotfix_2001-05-01/README.txt

    -
http://www.zope.org/Products/Zope/Hotfix_2001-05-01/Hotfix_2001-05-01.tgz


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to