[Zope] Re: [Zope-Annce] ANNOUNCE: Zope security alert and hotfix release

Gregor Hoffleit gregor@hoffleit.de
Mon, 18 Dec 2000 12:01:01 +0100


On Fri, Dec 15, 2000 at 02:02:08PM -0500, Brian Lloyd wrote:
>   A security issue has recently come to our attention (thanks to
>   Erik Enge for identifying this) that affects Zope versions up to
>   and including Zope 2.2.4.

...

>   The hotfix will work for all versions of Zope 2.2.0 and higher. A
>   future version of Zope will contain the fix for this
>   issue, and you will be able to uninstall the hot fix after upgrading.

This seems to imply that 2.1.6 is vulnerable as well, but that this Hotfix
won't work, and that no fix exists. Is that correct, or is the fix simply
not tested with 2.1.6 ?

    Gregor