This is a critical security hotfix which should be applied to the following versions of Zope:
- Zope 2.13 <= 2.13.7 (Plone 4.1 <= 4.1rc3)
- Zope 2.12 <= 2.12.18 (Plone 4.0 <= 4.0.7)
- Any version of Zope 2.10 or Zope 2.11 where PloneHotfix20110720 is installed (Plone 3.0, 3.1, 3.2 and 3.3 <= 3.3.5).
Additional information about the hotfix including frequently asked questions is available at http://plone.org/products/plone/security/advisories/20110622
This hotfix applies the following modifications to improve Zope security:
- Disables the acquire, attribute, item, lang and vh traversers.
- Patches the traverse method of zope.traversing.namespaces.resource.
Installation instructions can be found at http://plone.org/products/plone-hotfix/releases/20110622
- Initial release
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|Products.Zope_Hotfix_20110622-1.0.tar.gz (3.2 kB) Copy SHA256 Checksum SHA256||–||Source||Jun 28, 2011|
|Products.Zope_Hotfix_20110622-1.0.zip (6.9 kB) Copy SHA256 Checksum SHA256||–||Source||Jun 28, 2011|