You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix-200400807 » README.txt » View Document

Log in
Name

Password

 

README.txt

Hotfix-20040807 README

Overview

This hotfix addresses a security issue reported in CMF Collector #259 (http://zope.org/Collectors/CMF/259). This issue concerns a defective privilege check in the OFS.CopySupport module, which may permit unprivilieged (but authenticated) users of a site to move content into a folder under their control.

This issue has been resolved in Zope version 2.7.3 and later; users of such versions do not need the hotfix. Users of older Zope versions should remove the hotfix after upgrading to version 2.7.3 or later.

Installation

To install the hotfix, unpack the tarball / zip file into the Products directory of your site's INSTANCE_HOME, and then restart your Zope application server.

For example, if on your system, the Zope software is installed in /opt/lib/zope2.7, and your instance is in '/var/lib/zope':

      # cd /var/lib/zope/Products
      # tar xzf /tmp/Hotfix-20040807.tar.gz
      # ../bin/zopectl restart

Removal

To remove the hotfix after upgrading Zope to version 2.7.3 or later, simply remove the product folder and restart the application server.

For example, for the same setup:

      # cd /var/lib/zope/Products
      # rm -r Hotfix-20040807
      # ../bin/zopectl restart