Hi all -

  A security issue has recently come to our attention (thanks to
  Erik Enge for identifying this) that affects Zope versions up to
  and including Zope 2.2.4.

  The issue involves the computation of local roles.  In some situations
  the computation was not climbing the correct hierarchy of folders,
  sometimes granting local roles inappropriately.  This could allow
  users with privileges in one folder to gain the same privileges in
  another folder.

  We *highly* recommend that any Zope site running versions of
  Zope up to and including 2.2.4  have this hotfix product installed
  to mitigate the issue.

  - http://www.zope.org/Products/Zope/Hotfix_2000-12-15/README.txt


  The hotfix will work for all versions of Zope 2.2.0 and higher. A
  future version of Zope will contain the fix for this
  issue, and you will be able to uninstall the hot fix after upgrading.

  Note that we will be making a Zope 2.2.5 release early next week
  that includes the fix for this issue as well as the issue addressed
  by the recent 12/08 hotfix.

Brian Lloyd        [EMAIL PROTECTED]
Software Engineer  540.371.6909
Digital Creations  http://www.digicool.com

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to