--On 13. Juni 2005 09:47:33 +0200 gabor <gabor@nekomancer.net> wrote:
hi,
what's the backward compatibility policy of zope?
i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems.
From the cvs log of PropertyManager.py
""" revision 1.56 date: 2004/01/15 22:50:17; author: tseaver; state: Exp; lines: +4 -2 - CGI escape merge (from 2.6 / 2.7 audit). - Store 'lines' and 'tokens' properties as tuples, not lists (merge from 2.6 / 2.7 audit). """ So this change was driven by security issues. And btw. it *is* documented in the release notes: """ - Some property types were stored in a mutable data type (list) which could potentially allow untrusted code to effect changes on those properties without going through appropriate security checks in particular scenarios. """ -aj