You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Hotfix_2002-06-14 » README.txt
Log in
Name

Password

 
Link icon Forgot your password?
Print

README.txt

File details
Size
1 K
File type
text/plain
 

Click here to get the file

File contents

Hotfix_2002-06-14

  This is a "hotfix" product. Hotfix products can be installed to 
  incorporate modifications to Zope at runtime without requiring an
  immediate installation upgrade. Hotfix products are installed 
  just as you would install any other Zope product.

  This hotfix addresses an important security issue that affects
  users of Zope versions 2.4.0 through 2.5.x (or other Zope versions
  with ZCatalog's plug-in index support installed)

  The issue involves the security of the indexes of ZCatalog
  objects. A flaw in the security settings of ZCatalog allows
  anonymous users to call arbitrary methods of catalog indexes. The
  vulnerability also allows untrusted code to do the same.

  We highly recommend that any Zope site running Zope 2.4.0 through
  Zope 2.5.x have this hotfix product installed to mitigate the
  issue. Zope 2.6 will contain a fix for the issue, at which time
  the hotfix can be removed.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)