[Zope-dev] post security update analysis
Jamie Heilman
jamie at audible.transient.net
Tue Jan 20 00:16:11 EST 2004
Jamie Heilman wrote:
> Now that we've reached closure on some of the outstanding security
> issues in Zope there's a lot of stuff in the Collector that needs to
> be revisited...
>
> Brian Lloyd wrote:
...
> > - Proxy rights on DTMLMethods transferred via acquisition
>
> I believe this means issue #743 and issue #977 can be resolved now.
> Actually, #977 already was rejected IIRC but its never been marked as
> public which is rather irritating.
I've verified that this is the case, #977 should be made public, and
#743 can resolved.
> > - Improper security assertions on DTMLDocument objects
>
> probably fixes issue #865, but because Zope-HEAD doesn't actually run
> right now, due to a myriad of other bugs, I actually haven't tested it
I've tested this now, #865 can be resolved.
--
Jamie Heilman http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle
into a lion's mouth and flicking his lovespuds with a wet towel, pure
insanity..." -Rimmer
More information about the Zope-Dev
mailing list