ProHoster > Блог > izindaba ze-inthanethi > 7 Ubungozi Ohlelweni Lokuphathwa Kokuqukethwe Kwe-Plone

7 Ubungozi Ohlelweni Lokuphathwa Kokuqukethwe Kwe-Plone

Ukuze uthole uhlelo lokuphatha okuqukethwe mahhala I-Plone, ebhalwe ngePython kusetshenziswa iseva yesicelo se-Zope, eshicilelwe ama-patches ngokuqedwa 7 ubuthakathaka (Izihlonzi ze-CVE azikakanikwa.) Izinkinga zithinta konke ukukhishwa kwamanje kwe-Plone, okuhlanganisa naleyo ekhishwe ezinsukwini ezimbalwa ezedlule. 5.2.1. Izinkinga zihlelelwe ukuthi zilungiswe ekukhishweni okuzayo kwe-Plone 4.3.20, 5.1.7 kanye no-5.2.2, kuze kube yilapho kunconywa ukuthi kusetshenziswe. hotfix.

Ubungozi obuhlonziwe (imininingwane ayikadalulwa):

  • Ukwenyuka kwelungelo ngokukhohlisa kwe-Rest API (kwenzeka kuphela uma i-plone.restapi inikwe amandla);
  • Ukufakwa esikhundleni kwe-SQL ngenxa yokungaphunyuki ngokwanele kokwakhiwa kwe-SQL ku-DTML kanye nezinto zokuxhuma ze-DBMS (inkinga eqondiswe ngqo Zope futhi ivela kwezinye izinhlelo zokusebenza ezisuselwe kuyo);
  • Amathuba okubhala kabusha okuqukethwe ngokukhohlisa indlela ye-PUT ngaphandle kokuba namalungelo okubhala;
  • Vula ukuqondisa kabusha kufomu lokungena;
  • Amathuba okudlulisa izixhumanisi zangaphandle ezinonya ngokudlula ukuhlolwa kwe-isURLInPortal;
  • Ukuhlolwa kwamandla ephasiwedi kuyehluleka kwezinye izimo;
  • I-Cross-site scripting (XSS) ngokushintshanisa ikhodi endaweni kanhlokweni.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster