You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix-200400807 » README.txt
Log in
Name

Password

 
Link icon Forgot your password?
Print

README.txt

Hotfix-20040807 README

Overview

This hotfix addresses a security issue reported in CMF Collector #259 (http://zope.org/Collectors/CMF/259). This issue concerns a defective privilege check in the OFS.CopySupport module, which may permit unprivilieged (but authenticated) users of a site to move content into a folder under their control.

This issue has been resolved in Zope version 2.7.3 and later; users of such versions do not need the hotfix. Users of older Zope versions should remove the hotfix after upgrading to version 2.7.3 or later.

Installation

To install the hotfix, unpack the tarball / zip file into the Products directory of your site's INSTANCE_HOME, and then restart your Zope application server.

For example, if on your system, the Zope software is installed in /opt/lib/zope2.7, and your instance is in '/var/lib/zope': 

      # cd /var/lib/zope/Products
      # tar xzf /tmp/Hotfix-20040807.tar.gz
      # ../bin/zopectl restart

Removal

To remove the hotfix after upgrading Zope to version 2.7.3 or later, simply remove the product folder and restart the application server.

For example, for the same setup: 

      # cd /var/lib/zope/Products
      # rm -r Hotfix-20040807
      # ../bin/zopectl restart

Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)