[Zope-dev] Re: Resolved security-related collector issues for the public?

Dieter Maurer dieter at handshake.de
Fri Jan 23 13:12:06 EST 2004


Maik Jablonski wrote at 2004-1-21 23:42 +0100:
> ...
>If we don't have a easy-to-install-security-fix for such people (or a so 
>called "stable" release, which works out of the box) we should a little 
>bit cautious about releasing exploits. That's my point...

Almost all the issues covered by Zope 2.6.3 are irrelevant
to the "normal" Zope installation (e.g. whether or not someone
gets a binding for "context/container" while he does not have
the object access permission).
I think only the "cross scripting exploits" may be a real problem for
"normal" installations. Their fix would probably have broken few
sites...

-- 
Dieter



More information about the Zope-Dev mailing list