Thanks - I've marked these resolved. FYI I have a number of other issues still to mark resolved - I'll be trying to work through those today. Brian Lloyd brian@zope.com V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com
-----Original Message----- From: zope-dev-bounces@zope.org [mailto:zope-dev-bounces@zope.org]On Behalf Of Jamie Heilman Sent: Tuesday, January 20, 2004 12:16 AM To: zope-dev@zope.org Subject: Re: [Zope-dev] post security update analysis
Jamie Heilman wrote:
Now that we've reached closure on some of the outstanding security issues in Zope there's a lot of stuff in the Collector that needs to be revisited...
Brian Lloyd wrote: ...
- Proxy rights on DTMLMethods transferred via acquisition
I believe this means issue #743 and issue #977 can be resolved now. Actually, #977 already was rejected IIRC but its never been marked as public which is rather irritating.
I've verified that this is the case, #977 should be made public, and #743 can resolved.
- Improper security assertions on DTMLDocument objects
probably fixes issue #865, but because Zope-HEAD doesn't actually run right now, due to a myriad of other bugs, I actually haven't tested it
I've tested this now, #865 can be resolved.
-- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )