[Zope-dev] About Zope Security (was: Zope - SecurityFocus
Newsletter #232)
Casey Duncan
casey at zope.com
Fri Jan 23 09:21:21 EST 2004
On Fri, 23 Jan 2004 12:17:38 +0100
Dario Lopez-Kästen <dario at ita.chalmers.se> wrote:
> Chris Withers wrote:
>
> > Hi,
> >
> > Can anyone shed light on all of these? I know about some of them,
> > but this is quite a disturbingly long list...
>
> What is the current status of these issues? I am running a rather
> larges site with sensitive personal data.
They are fixed in the latest releases of Zope 2.6 and 2.7
> The decision to use Python/Zope instead of Java/uPortal is very much
> debated by people whith power, and I am trying to protect the
> investment made in Zope.
The security vulnerabilities were not publically announced until new
versions of Zope were available that fixed them.
> I know, you get what you pay for etc, but I am struggling to keep Zope
>
> instead of having to migrate to Java, and it is hard enouigh as it
> is. All this is politics, perception and logistics and has nothing to
> do with technical advantage.
Actually with Zope, I think you get a lot more than you pay for ;^)
> Unfortunately I cannot help very much in resolving these issues since
> I am not knowledgeable enough to be able to help, but I would like to
> follow the status of these issues, under NDA if need be.
The issues are already resolved. The only question is whether you can do
a timely upgrade to a fixed version.
> It is also a matter of taking steps to protect personal data.
Download a new version of Zope and test it out with a copy of your
application. Let us know if anything breaks.
-Casey
More information about the Zope-Dev
mailing list