ÖйúÍø¹ÜÁªÃË

¡¡¡¡
 
Éæ¼°³ÌÐò£º
Zope 2.1.7 ÒÔÏ°汾
 
ÃèÊö£º
Zope 2.1.7 ÒÔÏ°汾´æÔÚ°²È«ÎÊÌ⣠
 
Ïêϸ£º
Zope ÊÇÒ»¸ö Http ·þÎñÈí¼þ¡£Zope 2.1.7 ÒÔÏ°汾´æÔÚ°²È«ÎÊÌ⣬Õâ¸öÎÊÌâÊÇ¶Ô DocumentTemplate package ÄÚµÄÒ»¸ö»ù±¾ÀàÖÐȱÉÙ×ã¹»µÄ°²È«±£»¤£¬Õâ»áµ¼Ö²»Ç¿ÖÆÓû§µÄÈÏÖ¤¾Í¿ÉÒÔͨ¹ý TML ´úÂëÔ¶³ÌµØÐÞ¸Ä DTMLDocuments or DTMLMethods µÄÄÚÈÝ¡£
Õâ¸öÈí¼þ×îа汾ÊÇ Zope 2.2 Beta 1 µ«»¹ÓÐÕâ¸öÎÊÌ⣬ҲÐíÔÚ Zope 2.2 Beta 2 ÖлáÐÞÕý¡£


> A patch is also available if it is not feasible to update your
> Zope installation at this time (the patch is based on 2.1.6):
>
> http://www.zope.org/Products/Zope/2.1.7/DT_String.diff
>
> If you are evaluating any of the recent 2.2 alpha or beta releases,
> you should apply the patch noted above if your site is accessible
> by untrusted clients. A forthcoming 2.2 beta 2 release will contain feedom.net
> the fix for this issue.
>
> While we know of no instances of this issue being used to exploit a
> site, we *highly* recommend that any Zope site that is accessible by
> untrusted clients take the appropriate mitigation steps immediately.
 
 
½â¾ö·½°¸£º
ʹÓò¹¶¡