Brian, from the announcement, it sounded like the only change from 2.1.6 to 2.1.7 was the fix to DT_String. Zope-2.1.7-src/doc/CHANGES.txt only lists: Bugs Fixed - An inadequately protected base class method made DTMLDocuments and DTMLMethods vulnerable to having their contents changed by unauthorized users. But when I diff 2.1.6 and 2.1.7, I get modifications in 29 files, ranging from MailHost to ZLogger and so on. I haven't yet groked the patches to 2.1.7 suggested by Adam, but some of them look like fixes to things that were broken from 2.1.6 to 2.1.7. Judging from the announcement, I would not have expected that 2.1.7 could break anything. Therefore a little plea: Please try to keep the CHANGES.txt accurate and comprehensive; that's most urgent for security releases like this IMHO: Most people will install them without much preparation. thanks, Gregor On Thu, Jun 15, 2000 at 05:26:18PM -0400, Brian Lloyd wrote:
A Zope 2.1.7 release has been made that resolves this issue for Zope 2.1.x users. This release is available from Zope.org:
http://www.zope.org/Products/Zope/2.1.7/
A patch is also available if it is not feasible to update your Zope installation at this time (the patch is based on 2.1.6):