Maik Jablonski wrote at 2004-1-21 23:42 +0100: > ... >If we don't have a easy-to-install-security-fix for such people (or a so >called "stable" release, which works out of the box) we should a little >bit cautious about releasing exploits. That's my point...
Almost all the issues covered by Zope 2.6.3 are irrelevant to the "normal" Zope installation (e.g. whether or not someone gets a binding for "context/container" while he does not have the object access permission). I think only the "cross scripting exploits" may be a real problem for "normal" installations. Their fix would probably have broken few sites... -- Dieter _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )