Hotfix_2000-12-08 This is a "hotfix" product. Hotfix products can be installed to incorporate modifications to Zope at runtime without requiring an immediate installation upgrade. Hotfix products are installed just as you would install any other Zope product. This hotfix addresses an important security issue that affects all released Zope versions from 2.2.0 up to and including Zope 2.2.4 final. The issue involves security registration of "legacy" names for certain object constructors such as the constructors for DTML Method objects. Security was not being applied correctly for the legacy names, making it possible to call those constructors without the permissions that should have been required. This issue could allow anonymous users with enough internal knowledge of Zope to instantiate new DTML Method instances through the Web. We *highly* recommend that any Zope site running versions of Zope 2.2.0 up to and including 2.2.4 have this hotfix product installed to mitigate the issue.