On 20.07.09 04:06, TsungWei Hu wrote: > I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a > security notice as follows. Is it sufficient to fix this just > installing http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? > Thanks, /marr/ > > > Although the Zope development environment is one of the largest and > most widely supported open source web content management solutions, it > has been plagued with exploitable vulnerabilities. Due to the nature > of the software and shear number of vulnerabilities, Foundstone Labs > recommends you consider utilizing a different content management > solution and at a minimum upgrade your software. Zope updates can be > freely downloaded from www.zope.org <http://www.zope.org>
TsungWei, with respect but you are telling barely nonsense. The mentioned issue only affected sites where managers gave ZMI access to untrusted users. So this issue is of limited importance. In addition it has been fixed within less than one day (compare this to other systems). In addition: Zope is an application server, not a CMS. Also: compare the number of critical bugs within Zope to other systems. ZOPE IS VERY SECURE. So please stop with such postings spreading FUD and containing improper information. Andreas Jung Zope 2 Release Manager
begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. & Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )