On 10 July 2010 18:16, Hanno Schlichting wrote:
> On Sat, Jul 10, 2010 at 12:14 PM, Martin Aspeli
> wrote:
>> Fixed in r114488 (2.12 branch) and r114490 (trunk). I don't think I'm
>> allowed to close the issue on Launchpad, but it should be fine now.
>
> Awesome! You truly rock!
My powers of cop
On Sat, Jul 10, 2010 at 12:14 PM, Martin Aspeli
wrote:
> Fixed in r114488 (2.12 branch) and r114490 (trunk). I don't think I'm
> allowed to close the issue on Launchpad, but it should be fine now.
Awesome! You truly rock!
Much appreciated,
Hanno
___
Zo
On 27 June 2010 00:24, Hanno Schlichting wrote:
> Hi there,
>
> recently MJ opened a security related bug and disclosed it to the
> public at https://bugs.launchpad.net/zope2/+bug/578326.
>
> In short Zope 2 never supported the permission attribute on ZCML
> browser:view declarations. It seems som
On 9 July 2010 16:12, Hanno Schlichting wrote:
> On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli
> wrote:
>>> Ideally I'd love to add support for the permission attribute, as
>>> clearly people have been using it. But if there's nobody who can
>>> figure out how to do that, I'd at least like to cl
On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli wrote:
>> Ideally I'd love to add support for the permission attribute, as
>> clearly people have been using it. But if there's nobody who can
>> figure out how to do that, I'd at least like to clarify the add view
>> case.
>
> Why can't we just copy t
Hi Hanno,
On 27 June 2010 00:24, Hanno Schlichting wrote:
> Hi there,
>
> recently MJ opened a security related bug and disclosed it to the
> public at https://bugs.launchpad.net/zope2/+bug/578326.
>
> In short Zope 2 never supported the permission attribute on ZCML
> browser:view declarations. I
Hi.
As a reminder: If nobody is able to help with this, I'll disable the
insecure view registration in Zope2 and release new versions Tuesday
13th.
>From my understanding of the code, Zope 2 itself is not vulnerable, as
there's no registrations for IFactory utilities included. But in any
system t
Am 26.06.2010, 18:24 Uhr, schrieb Hanno Schlichting :
> In short Zope 2 never supported the permission attribute on ZCML
> browser:view declarations. It seems some people might have specified
> this attribute and assumed it would do something.
I'm not sure about this affects only views. I have ju
Hi there,
recently MJ opened a security related bug and disclosed it to the
public at https://bugs.launchpad.net/zope2/+bug/578326.
In short Zope 2 never supported the permission attribute on ZCML
browser:view declarations. It seems some people might have specified
this attribute and assumed it w