-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Brian Lloyd Sent: Thursday, June 15, 2000 5:26 PM To: 'zope@zope.org'; 'zope-dev@zope.org'; 'zope-announce@zope.org' Subject: [Zope] Zope security alert and 2.1.7 update [*important*]
A Zope 2.1.7 release has been made that resolves this issue for Zope 2.1.x users. This release is available from Zope.org:
I assume based on the change log that this is the only fix in 2.1.7, correct? I fought for a full day to get my ZSQLMethods working in 2.1.6, but apparently the argument aquisition or something like that is still so broken that I had to jump back to 2.1.4. I applied the various unofficial "fixes" from the list archives (not all at the same time, of course) and none of them did the trick. I know others beat themselves up over this too. The problem I'm talking about is the one where the arguments to the sql method seem to be ignored. That is, if I have an argument 'order', and I have a DTML method (or any other "item") named 'order' in the same folder, <dtml-var order> in the sql method refers to the DTML method, not the argument. This breaks dozens of sql methods I have. With all of these security issues popping up, I don't like not being able to upgrade. Does anyone have a real fix for the ZSQLMethod problems in 2.1.6 that could be officially applied to the 2.1 series, or should I start using the 2.2 betas? Thanks! _______________________ Ron Bickers Logic Etc, Inc. rbickers@logicetc.com