-----BEGIN PGP SIGNED MESSAGE-----
Tres, I am afraid you seem to be the only one able to verify this.
IIRC the security fix is yours as - of course - is CMF. ;-)
The CMF is not tied to one person. No one has "responsibility for all
eternity" to fix it, even for no-longer-maintained versions.
I am ready to remove irrelevant combinations, but in this case I
have been reluctant up to now because of the possible security
CMF 1.4 is unmaintained. This has been known for a long time. Plone,
as the largest "customer", prescribes specific Zope and CMF versions,
which obviously have been tested ad infinitum. I don't see the value
for continuing to automatically test combinations that are not used.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----
Zope-CMF maillist - Zope-CMF@lists.zope.org
See http://collector.zope.org/CMF for bug reports and feature requests