[Zope] BIG security hole in www.zope.org
Paul Everitt
Paul@digicool.com
Thu, 16 Sep 1999 18:35:35 -0400
Andy wrote:
> It's way worse than I thought: You can do the same thing with at least
> standard_html_footer! Hope all you Digital Creations guys haven't gone
> home yet...
Nope, we're here and working on it.
Since this has now happened twice, I'm going to try to be more clear.
Everybody, PLEASE don't mail security bugs to the mailing list. This is
such an impolite thing to do that I'm surprised that I am bringing it up
twice in the same month.
Instead of an email with a subject line of "BIG security hole", whose
contents discuss the details of the problem...doesn't it make a lot more
sense to let us know about it first and have a shot at fixing it?
Let us know in private and give us a shot at promptly fixing it and
notifying people. If the response isn't swift, then decide whether the
community at large would be best served by a direct announcement.
Because the problem has now been announced, we have to bring the entire
site down again like we did the last time. We'll make a separate
announcement about this changeover to the old site.
--Paul
Paul Everitt Digital Creations
paul@digicool.com 540.371.6909
-----------------------------------------
The Open Source Zope application server
http://www.zope.org/