Zope security update: dtml-var tags

October 2, 2001

Author: JT Smith

At LWN.net: “Shane Hathaway recently identified a potential security issue in
Zope that could affect sites that let untrusted users write DTML
code. The issue affects Zope versions 2.2.0 through 2.4.1.

The issue involves the ‘fmt’ attribute of dtml-var tags. Without
this correction, Zope does not check security access to methods
invoked through ‘fmt’.”

Category:

Linux

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR