[Framework-Team] Re: security hole in zope 2.10.4

Andreas Zeidler az at zitc.de
Thu Jul 12 01:41:37 UTC 2007


On Jul 12, 2007, at 1:03 AM, Andreas Zeidler wrote:
> i think i just found a pretty nasty security issue in zope 2.10.4,  
> see http://mail.zope.org/pipermail/zope-dev/2007-July/029590.html

to quickly follow up on this (before finally getting some sleep :)),  
martin[1] and tres[2] clarified the issue and this change was  
actually meant as a bug fix for the so far unintentional "untrusted"  
rendering of five view templates...  so, alert lifted again i  
suppose. :)

good night,


andi

[1] http://mail.zope.org/pipermail/zope-dev/2007-July/029592.html
[2] http://mail.zope.org/pipermail/zope-dev/2007-July/029594.html

--
zeidler it consulting - http://zitc.de/ - info at zitc.de
friedelstraße 31 - 12047 berlin - telefon +49 30 25563779
pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/
sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.plone.org/pipermail/plone-framework-team/attachments/20070712/cbff09fc/attachment.sig>


More information about the Framework-Team mailing list