My understanding (and the way we use it when monkey patching for
instance) is that whenevery you apply new security to a class, you
create a new ClassSecurityInfo on it. It only defines "new stuff"
to do. The real synthesized security is still stored in
__ac_permissions__.
Yes, your under
Jens Vagelpohl wrote:
I have found a strange security issue with Zope 2.8.1 that seems to
stem from code not doing what it was supposed to do in Zope 2.7.x, but
which works in 2.8.1 and then causes other side effects in code that
relied on the broken behavior.
Symptom: In Zope 2.8.1 it is
