-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Tres, I am afraid you seem to be the only one able to verify this. IIRC the security fix is yours as - of course - is CMF. ;-)
The CMF is not tied to one person. No one has "responsibility for all eternity" to fix it, even for no-longer-maintained versions.
I am ready to remove irrelevant combinations, but in this case I have been reluctant up to now because of the possible security implications.
CMF 1.4 is unmaintained. This has been known for a long time. Plone, as the largest "customer", prescribes specific Zope and CMF versions, which obviously have been tested ad infinitum. I don't see the value for continuing to automatically test combinations that are not used.
jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFPhEMRAx5nvEhZLIRAgIoAJ4/UUgy/OIDoKiqb8vVhlAWQgWIsgCgidrg lT6hgw8C8TepZE/1yhwcnqc= =Xh5G -----END PGP SIGNATURE----- _______________________________________________ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests