AccessControl 2.13.16

Security framework for Zope2.

Overview

AccessControl provides a general security framework for use in Zope2.

Changelog

2.13.16 (2018-01-25)

• In str.format, check the security for keys and items that are accessed. Part of PloneHotfix20171128. [maurits]

• set explicit PyPI index, the old zc.buildout defaults no longer work

• add tox testing configuration

2.13.15 (2017-02-15)

• In str.format, check the security for attributes that are accessed. Part of PloneHotfix20170117. [maurits]

• Added override_container context manager. Used this in tests to make them pass when the standard permissive security assertions for strings has been changed. [maurits]

2.13.14 (2015-12-21)

• Avoid acquiring access from module wrapped by SecurityInfo._ModuleSecurityInfo. See: https://github.com/zopefoundation/AccessControl/issues/12

2.13.13 (2013-07-16)

• LP #1169923: ensure initialization of shared ImplPython state (used by ImplC) when using the “C” security policy. Thanks to Arnaud Fontaine for the patch.

2.13.12 (2012-10-31)

• LP #1071067: Use a stronger random number generator and a constant time comparison function.

2.13.11 (2012-10-21)

• LP #966101: Recognize special zope2.Private permission in ZCML role directive.

2.13.10 (2012-09-09)

• LP #1047318: Tighten import restrictions for restricted code.

2.13.9 (2012-08-23)

• Fix a bug in ZopeSecurityPolicy.py. Global variable rolesForPermissionOn could be overridden if __role__ had custom rolesForPermissionOn.

2.13.8 (2012-06-22)

• Add Anonymous as a default role for Public permission.

2.13.7 (2011-12-12)

• Exclude compiled .so and .dll files from source distributions.

2.13.6 (2011-12-12)

• Added manifest.in to ensure the inclusion of the include directory into the release.

2.13.5 (2011-12-12)

• Apply changes made available in Products.Zope_Hotfix_20111024 and make them more robust.

2.13.4 (2011-01-11)

• Return the created user in _doAddUser.

• Added IUser interface.

• LP #659968: Added support for level argument to the __import__ function as introduced in Python 2.5. Currently only level = -1 is supported.

2.13.3 (2010-08-28)

• Added a role subdirective for the permission ZCML directive. If any roles are specified, they will override the default set of default roles (Manager).

2.13.2 (2010-07-16)

• Added override_existing_protection parameter to the protectName helper.

2.13.1 (2010-06-19)

• Restore security declarations for deprecated sets module.

2.13.0 (2010-06-19)

• Released as separate package.