[Zope-dev] post security update analysis

Jamie Heilman jamie at audible.transient.net
Tue Jan 20 00:16:11 EST 2004


Jamie Heilman wrote:
> Now that we've reached closure on some of the outstanding security
> issues in Zope there's a lot of stuff in the Collector that needs to
> be revisited...
> 
> Brian Lloyd wrote:
...
> >   - Proxy rights on DTMLMethods transferred via acquisition
> 
> I believe this means issue #743 and issue #977 can be resolved now.
> Actually, #977 already was rejected IIRC but its never been marked as
> public which is rather irritating.  

I've verified that this is the case, #977 should be made public, and
#743 can resolved.
 
> >   - Improper security assertions on DTMLDocument objects
> 
> probably fixes issue #865, but because Zope-HEAD doesn't actually run
> right now, due to a myriad of other bugs, I actually haven't tested it

I've tested this now, #865 can be resolved.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle
 into a lion's mouth and flicking his lovespuds with a wet towel, pure
 insanity..."                                           -Rimmer



More information about the Zope-Dev mailing list