[Zope-Annce] Serious security problem with Zope 2

Jim Fulton jim at zope.com
Wed Jul 5 17:53:05 EDT 2006


We have recently discovered that there are (still) very serious security
problems with the integration of reStructured Text (docutils) into
Zope 2.

We have prepared a hot fix for this problem:

   http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/

See:
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/ 
README.txt
for installation instructions.

It is important to install this hotfix as soon as possible.

This fix will disable the reStructuredText 'raw' directive.

Much thanks goes to Tres Seaver for analyzing the problem and  
developing the hotfix!

Jim

--
Jim Fulton			mailto:jim at zope.com		Python Powered!
CTO 				(540) 361-1714			http://www.python.org
Zope Corporation	http://www.zope.com		http://www.zope.org





More information about the Zope-Announce mailing list