Laurence Rowe wrote:
>> This hotfix addresses a serious vulnerability in the Zope2
>> application server. Affected versions of Zope2 include:
>> - - 2.12.x<= 2.12.20
>> - - 2.13.x<= 2.13.6
>> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
> Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected?
They are affected. "2.13.6" seems to be a typo. But AFAICT Plone is not
affected because it doesn't use the default user folder implementation
shipped with Zope.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -