[Zope-Annce] (Security) Hotfix_20050405 Released
Tres Seaver
tseaver at zope.com
Tue Apr 5 13:32:54 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Overview
Zope Corporation has released a Zope hotfix product addressing a
potential vulnerability discovered during a recent security audit
of Zope 2.7 and 2.8.
Affected Versions
The hotfix affects versions 2.7.5 and earlier of Zope on the 2.7
release line, as well as versions 2.8a1 and 2.8a2 on the upcoming 2.8
release line. The vulnerability will be resolved in versions 2.7.6
and 2.8b1. We recommend that any site which permits untrusted users
to write PythonScripts apply this hotfix, and upgrade to a fixed
version of Zope as it becomes available.
Further Information
Please see the "product README",
http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-200405/README.txt
for details on the vulnerability, and for instructions on installing
the hotfix.
Downloading the Hotfix
- "Unix tarball",
http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-200405/Hotfix_20050405.tar.gz
- "Windows ZIP archive",
http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-200405/Hotfix_20050405.zip
Tres Seaver.
- --
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCUsvGGqWXf00rNCgRAt3qAJ42sH4BIPP9+S1g+ZnpwS9YopcggQCfYnvw
hXfT3SOxuL1y1adv5zmv3v8=
=smRT
-----END PGP SIGNATURE-----
More information about the Zope-Announce
mailing list