From: Andreas J. <li...@zo...> - 2008-08-08 16:50:36
|
--On 8. August 2008 10:09:56 -0500 Stacy Ladnier <Sta...@no...> wrote: > I first apologize for cross posting, but this is a critical issue for my > organization. > > We have several applications built with Plone, ranging from v 2.0.5 to v > 2.5.3 and Zope, ranging from 2.7.3 to 2.9.7. With the August 2008 > release of a Python security vulnerability > (http://secunia.com/advisories/31305/), we are trying to determine how > this affects our web applications and how to mitigate and detect any > attacks. We have seen no discussion among the Zope and Plone communities > regarding this security threat. Is this an indication that Zope and > Plone are immune from these exploits due to the additional security > model it puts in place or is everyone simply waiting for Python to > release a patch? > I don't see any imminent thread for Zope based on the vague advisories. As Limi said: wait until fixed Python versions are available. Andreas |