--On 13. Juni 2005 09:47:33 +0200 gabor <[EMAIL PROTECTED]> wrote:


what's the backward compatibility policy of zope?

i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some
problems. simple ones (like the 'lines' property type seems to have
changed from list to tuple), but still problems.

From the cvs log of PropertyManager.py

revision 1.56
date: 2004/01/15 22:50:17;  author: tseaver;  state: Exp;  lines: +4 -2

 - CGI escape merge (from 2.6 / 2.7 audit).

 - Store 'lines' and 'tokens' properties as tuples, not lists (merge from
   2.6 / 2.7 audit).

So this change was driven by security issues. And btw. it *is* documented in the release notes:

- Some property types were stored in a mutable data type (list) which
      could potentially allow untrusted code to effect changes on those
      properties without going through appropriate security checks in
      particular scenarios.



Attachment: pgpjn16CGO7WY.pgp
Description: PGP signature

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to