You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix_2001-05-01 » Zope hotfix: ZClass permission mapping bug » View NewsItem
Log in
Name

Password

 
Link icon Forgot your password?
Print

Zope hotfix: ZClass permission mapping bug

This hotfix addresses an important security issue that affects all Zope versions up to and including Zope 2.3.2.

The issue is related to ZClasses in that any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.

We highly recommend that any Zope site running versions of Zope up to and including 2.3.2 have this hotfix product installed to mitigate this issue. Further releases of Zope 2.3 (as well as Zope 2.4) will contain a fix for the issue, at which time the hotfix can be removed.

README

http://www.zope.org/Products/Zope/Hotfix_2001-05-01/Hotfix_2001-05-01.tgz

Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)