hi guys,i think i just found a pretty nasty security issue in zope 2.10.4, see http://mail.zope.org/pipermail/zope-dev/2007-July/029590.html for a more detailed explaination. the bug gives you completely unrestricted access in all view templates, which is probably not what we want, even though they cannot be changed ttw. well, actually i haven't tried customerizing them, but this actually should work...
anyway, if this turns out to hold true, i think we should either go back to 2.10.3 for our rc1 or wait until this issue is fixed -- in any case we shouldn't use 2.10.4 as is, imho. what do you think?
cheers, andi -- zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED] friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007
Description: This is a digitally signed message part
_______________________________________________ Framework-Team mailing list Framework-Team@lists.plone.org http://lists.plone.org/mailman/listinfo/framework-team