moved here from FrontPageNews?

Security Alert!

summary: upgrade to 0.6.1 now!

DTML trojans: Zwiki versions before 0.6 allowed executable DTML content by default, with a big vulnerability: a hostile anonymous or unprivileged user could add harmful DTML code to a page - eg to delete all zope objects - which could get successfully executed by the next privileged user to view that page. Zwiki 0.6.1 has changes to alleviate this.

HTML trojans: The trojan issue is still a problem even with non-DTML pages which are editable, because most of zwiki's page types are rendered as HTML. This means hostile users could add harmful HTML or javascript to be executed by others who view the page.

What this means: If you manage a zwiki web that is editable by untrusted users, you should (a) upgrade to 0.6.1 or greater (b) familiarize yourself with this issue (c) choose a policy you are comfortable with and change your page types and your view/edit/manage permissions if necessary

For more details, see the commentary on the trojan issue below (ReleaseNotesForZeroPointSix) and http://www.zope.org/Members/jim/ZopeSecurity/TrojanIssueOverview