Nuxeo CPS 3.4.0 released

Stefane Fermigier writes "French open source software vendor Nuxeo has recently released version 3.4.0 of its Zope-based enterprise content management system CPS. CPS is a platform for building content management, collaboration and business process applications, that has been used in several majors projects in the French administration and industry. The result of more than one year of work by 30 contributors, CPS is one of the first major products to leverage the new Zope 3 component architecture."

Re:CMS Systems

[afd8856]

You probably assume that CPS is written in PHP, which is not. I'm not familiar with CPS, but I am familiar with Plone, a somewhat related project. Zope, the underlying framework forces you to declare a security permission for every accesible method. Even XSS type of vulnerabilities would be extremely hard to find, as the CMF filters the dangerous html tags in content items(applet, script, iframe, etc). And while it's possible to create proxies for python scripts to run under a different priviledge, the framework also makes it easy to have validators for that script, so you can check for mailicious actions. Sure, there a few security related fixes in the Plone project, but I don't know yet of any exploit, as oposed to PHP counterparts, Mambo, Drupal, xoom and nukes.