![Apache Today [Your Apache News Source]](/pics/at_logo.png) 
 
| The Java Apache Project |
| ApacheCon |
| The Jakarta Project |
| Apache Module Registry |
| Apache XML Project |
| The Apache FAQ |
| Apache Project |
| The Apache Software Foundation |
| Apache-Perl Integration Project |
| Apache-Related Projects |
| PHP Server Side Scripting |
|
|
| |
internet.com
Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ECommerce/Marketing
ISP Resources
ASP Resources
Wireless Internet
Downloads
Internet Resources
Internet Lists
International
EarthWeb
Career Resources
Search internet.com
Advertising Info
Corporate Info
|
|
AppWatch: Zope 2.1.7 - SECURITY UPDATE
Jun 16, 2000, 06 :34 UTC (0 Talkback[s]) (610 reads) (Other stories by John D. Rowell)
|
[ Thanks to for this link. ]
From the Zope.org site:
"We have recently become aware of an important security issue that affects all released Zope versions including the recent 2.2 beta 1 release. The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization. A Zope 2.1.7 release has been made that resolves this issue for Zope 2.1.x users. This release is available from Zope.org."
"While we know of no instances of this issue being used to exploit a site, we *highly* recommend that any Zope site that is accessible by untrusted clients take the appropriate mitigation steps immediately."
So hurry and upgrade. If you want to know of other changes since the version of Zope you're currently using, check out the changes history at AppWatch.com.
|
|
