On Wed, Aug 14, 2002 at 04:25:09PM -0400, Brian Lloyd wrote:
> So here's what we'll do. Zope 2.6 will include the string tainting
> changes, enabled by default. The tainting can be turned off by
> providing an environment variable.
> The next Zope 2.5.x release will contain the tainting code, but it
> will be *disabled* by default. If you are worried about the issues
> it addresses, you will be able to enable it explicitly using an
> environment variable (without having to upgrade to 2.6).

I checked in the changes for 2.5; auto quoating now has to be enabled with
an environment variable. Higly recommended!

Martijn Pieters
| Software Engineer  mailto:[EMAIL PROTECTED]
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to