7 Rashin lahani a cikin Tsarin Gudanar da abun ciki na Plone
Don tsarin sarrafa abun ciki kyauta Abun ciki, an rubuta da Python ta amfani da sabar aikace-aikacen Zope, buga faci tare da kawarwa 7 rauni (Ba a riga an sanya masu gano na CVE ba). Matsalolin sun shafi duk fitowar Plone na yanzu, gami da sakin da aka saki kwanakin baya 5.2.1. Ana shirin gyara batutuwan a cikin fitowar Plone 4.3.20, 5.1.7 da 5.2.2 na gaba, kafin buga su wanda aka ba da shawarar yin amfani da su. hotfix.
Abubuwan da aka gano (ba a bayyana cikakkun bayanai ba):
Haɓaka gata ta hanyar yin amfani da Rest API (yana bayyana ne kawai lokacin da aka kunna plone.restapi);
Sauya lambar SQL saboda rashin isassun tserewa na gina SQL a cikin DTML da abubuwa don haɗawa zuwa DBMS (matsalar ta keɓance ga Zobe kuma ya bayyana a cikin wasu aikace-aikace dangane da shi;
Ikon sake rubuta abun ciki ta hanyar magudi tare da hanyar PUT ba tare da samun haƙƙin rubutu ba;