For changes before version 3.0, see HISTORY.rst
.
- Fix deprecation warnings for Python 3 and change visibility of buildfacade to public. (#68, #69, #70)
- Add icon for Bootstrap ZMI.
- Fix order of roles returned by
AccessControl.rolemanager.RoleManager.userdefined_roles
. - Add support for Python 3.7.
- Remove duplicate guard against * imports. (#60)
- Add configuration for zodbupdate.
- Remove leftovers from history support dropped in Zope.
- Drop support for Python 3.4.
- Add
TaintedBytes
besidesTaintedString
inAccessControl.tainted
. (#57)
- Fix deprecation warnings which have shown up when running the tests.
- Python 2 / 3 import improvements.
- add Appveyor configuration to automate building Windows eggs
- fix for compilers that only support C89 syntax (e.g. on Windows)
- Security fix: In
str.format
, check the security for attributes that are accessed. (Ported from 2.13). - Port
override_container
context manager here from 2.13.
- Increase Python 3 compatibility.
- Make the C extension Python 3 compatible.
- Sanitize and test RoleManager role handling.
- Drop Record dependency, which now does its own security declaration.
- Add support for Python 3.4 up to 3.6. (only Python implementation)
- Depend on RestrictedPython >= 4.0.
- Use @implementer class decorator.
- Remove
AccessControl.Permission.name_trans
to ease Python 3 migration. UseAccessControl.Permission.getPermissionIdentifier()
instead.
- Extract
.AuthEncoding
to its own package for reuse.
- Declare missing dependency on BTrees.
- Modernised C code in preparation of porting to Python 3.
- #16: Fixed permission handling by avoiding column and row numbers as identifiers for permissions and roles.
- Avoid acquiring
access
from module wrapped bySecurityInfo._ModuleSecurityInfo
. See: #12
- Harden test fix for machines that do not define localhost.
- Test fix for machines that do not define localhost.
- GitHub #6: Do not pass SecurityInfo instance itself to declarePublic/declarePrivate
when using the public/private decorator. This fixes
Conflicting security declarations
warnings on Zope startup. - LP #1248529: Leave existing security manager in place inside
RoleManager.manage_getUserRolesAndPermissions
.
- LP #1169923: ensure initialization of shared
ImplPython
state (used byImplC
) when using the "C" security policy. Thanks to Arnaud Fontaine for the patch.
- Remove long-deprecated 'Shared' roles support (pre-dates Zope, never used by Zope itself)
- Prevent infinite loop when looking up local roles in an acquisition chain with cycles.
- LP #1071067: Use a stronger random number generator and a constant time comparison function.
- LP #966101: Recognize special zope2.Private permission in ZCML role directive.
- LP #1047318: Tighten import restrictions for restricted code.
- Fix a bug in ZopeSecurityPolicy.py. Global variable rolesForPermissionOn could be overridden if __role__ had custom rolesForPermissionOn.
- Add Anonymous as a default role for Public permission.
- Fix tests under Python 2.6.
- Added decorators for public, private and protected security declarations.
- Update tests to take advantage of automatic test suite discovery.