[Zope-PTK] Security Release: Membership 0.7.6
Tres Seaver
tseaver@digicool.com
Wed, 20 Sep 2000 23:55:26 -0400
Bill Anderson wrote:
>
> This is a security fix release.
>
> Membership 0.7.5 had an annoyingly nasty security bug. This bug has
> been fixed, and is the only change in this release. It is *strongly*
> recommended you NOT use anything prior to this release.
>
> To Upgrade from 0.7.5:
> o Untar the release file in your ZOPE_HOME.
> o Restart Zope
>
> The changes are in PersistentUserSource.py, and are minor, so the
> upgrade should go smoothly. This is in relation to 0.7.5.
Is this upgrade by any chance related to the problem Michael Bernstein
reported with local roles? He wrote:
> For some reason, when I create a PortalMembership member, add the two
> Python methods as I described earlier, and use the local roles screen to
> give them a role, they are subsequently authenticated regardless of
> whether their password is correct.
I don't know the Membership product well enough to figure out whether
these two are related.
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org