"The issue is related to ZClasses in that a user with through-the-web
scripting capabilities on a Zope site can view and assign class attributes
to ZClasses, possibly allowing them to make inappropriate changes to ZClass
instances." The complete post has additional details and links to updated files.
February 23, 2001