You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix-2006-08-21 » Hotfix for Further reST Integration Issue
Log in
Name

Password

 
Link icon Forgot your password?
Print

Hotfix for Further reST Integration Issue

After reviewing the docutils / reStructuredText integration in Zope 2, we have discovered that versions 2.7.0 - 2.7.8 and 2.8.0 - 2.8.8 are vulnerable to a further information disclosure exploit.

Overview

This hotfix removes the exploit by disabling the reStructuredText feature which exposes the vulnerability. This vulnerability has been fixed on the 2.8 branch, and will thus not be present in any future release from that branch (2.8.9 or later).

Zope2 versions from 2.9 and the trunk are not vulnerable to this exploit.

Note that this hotfix fixes a problem not attressed by the earlier reStructuredText integration hotfix ; that hotfix needs to remain installed until after upgrading to a fixed version of Zope.

Hotfix

We have prepared a hot fix for this problem at:

http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/.

This hotfix should be installed as soon as possible.

To install, simply extract the archive into your Products directory in your Zope installation.

See: http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt,

for installation instructions.

It is important to install this hotfix as soon as possible.

This fix will disable the reStructuredText csv-table directive.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)