A vulnerability has been discovered in Zope, whereby misuse of certain
types of HTTP GET could lead to elevated privileges. All Zope versions
up to and including 2.10.2 are affected.
You are only affected by this vulnerability if you allow untrusted
users to log in to your site and create content.
The full description along with the hotfix for Zope 2.7, 2.8, 2.9 and
2.10 is available from the zope.org site:
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcementThe upcoming releases of Zope will have this fix included, in the
meantime, please download the hotfix for your installations. Unpack
the product and restart Zope, and the vulnerability will be patched.
On behalf of the Plone Security Team,
Alexander Limi
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________
Plone-Announce mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-announce
