Zenoss Security Announcement

Matt Ray has posted a Zenoss Security Announcement on the Zenoss Blog.

Zenoss has discovered a security vulnerability related to XML-RPC authentication which, in some cases, allows for un-authenticated method invocation in all versions of Zenoss Professional, Enterprise, Service Provider and Core.

Zenoss strongly recommends you patch this vulnerability immediately. All users should review this advisory, however, those customers who have installed Zenoss in a publicly available network may be at an increased risk.

Time to upgrade!

EDIT: as said my Matt Ray

This is for for pre-2.3 releases of Zenoss only