[Zope-PTK] Security Release: Membership 0.7.6

Tres Seaver tseaver@digicool.com
Wed, 20 Sep 2000 23:55:26 -0400


Bill Anderson wrote:
> 
> This is a security fix release.
> 
> Membership 0.7.5  had an annoyingly nasty security bug. This bug has
> been fixed, and is the only change in this release. It is *strongly*
> recommended you NOT use anything prior to this release.
> 
> To Upgrade from 0.7.5:
> o Untar the release file in your ZOPE_HOME.
> o Restart Zope
> 
> The changes are in PersistentUserSource.py, and are minor, so the
> upgrade should go smoothly. This is in relation to 0.7.5.

Is this upgrade by any chance related to the problem Michael Bernstein
reported with local roles?  He wrote:

> For some reason, when I create a PortalMembership member, add the two
> Python methods as I described earlier, and use the local roles screen to
> give them a role, they are subsequently authenticated regardless of
> whether their password is correct.

I don't know the Membership product well enough to figure out whether
these two are related.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@digicool.com
Digital Creations     "Zope Dealers"       http://www.zope.org