[Zope-Annce] ANNOUNCE: Zope security alert and hotfix release
Fri, 15 Dec 2000 14:02:08 -0500
Hi all -
A security issue has recently come to our attention (thanks to
Erik Enge for identifying this) that affects Zope versions up to
and including Zope 2.2.4.
The issue involves the computation of local roles. In some situations
the computation was not climbing the correct hierarchy of folders,
sometimes granting local roles inappropriately. This could allow
users with privileges in one folder to gain the same privileges in
We *highly* recommend that any Zope site running versions of
Zope up to and including 2.2.4 have this hotfix product installed
to mitigate the issue.
The hotfix will work for all versions of Zope 2.2.0 and higher. A
future version of Zope will contain the fix for this
issue, and you will be able to uninstall the hot fix after upgrading.
Note that we will be making a Zope 2.2.5 release early next week
that includes the fix for this issue as well as the issue addressed
by the recent 12/08 hotfix.
Brian Lloyd firstname.lastname@example.org
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com