README.txt

File contents

Zope Hotfix Release, 2004/07/14

  Overview

    This hotfix product fixes a security bug in Page Templates.  This
    fix ensures that values substituted in named slots in translated
    elements are properly encoded.  If encoding is not desired and the
    source of the replacement text is trusted, the "structure"
    modifier can be used with the tal:content or tal:replace attribute
    to explicitly disable encoding.


  Affected Versions

    This fix applies to Zope 2.7.0 and 2.7.1.  Zope versions 2.7.2 and
    newer already contain this fix, and do not require this hotfix.

    This fix also obsoletes 'Hotfix_20040713', so that should be
    uninstalled when this hotfix is installed.  See the README.txt
    file provided with 'Hotfix_20040713' for instructions on
    removing that hotfix.


  Installing the Hotfix

    1. Be sure to uninstall 'Hotfix_20040713' if it is installed.

    2. Unpack the tarball into a working directory, and then move or
       link the 'Hotfix_20040714' directory into the Products
       directory of your '$INSTANCE_HOME'.

    3. Restart Zope.

    Windows users should unzip the ZIP file and move the extracted
    'Hotfix_20040714' folder to their Zope's 'Products' folder.


  Uninstalling the Hotfix
  
    You may remove the 'Hotfix_20040714' product directory after
    upgrading to one of the updated versions of Zope (2.7.2 or later).

    For example::

      $ cd /var/zope/instance/Products
      $ rm -r Hotfix_20040714