from the announcement, it sounded like the only change from 2.1.6 to 2.1.7
was the fix to DT_String. Zope-2.1.7-src/doc/CHANGES.txt only lists:

      Bugs Fixed

        - An inadequately protected base class method made DTMLDocuments 
          and DTMLMethods vulnerable to having their contents changed by 
          unauthorized users.

But when I diff 2.1.6 and 2.1.7, I get modifications in 29 files, ranging
from MailHost to ZLogger and so on.

I haven't yet groked the patches to 2.1.7 suggested by Adam, but some of
them look like fixes to things that were broken from 2.1.6 to 2.1.7. Judging
from the announcement, I would not have expected that 2.1.7 could break

Therefore a little plea: Please try to keep the CHANGES.txt accurate and
comprehensive; that's most urgent for security releases like this IMHO: Most
people will install them without much preparation.


On Thu, Jun 15, 2000 at 05:26:18PM -0400, Brian Lloyd wrote:
> A Zope 2.1.7 release has been made that resolves this issue for 
> Zope 2.1.x users. This release is available from
> A patch is also available if it is not feasible to update your 
> Zope installation at this time (the patch is based on 2.1.6):

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to