Hotfix_2000-12-15a This is a "hotfix" product. Hotfix products can be installed to incorporate modifications to Zope at runtime without requiring an immediate installation upgrade. Hotfix products are installed just as you would install any other Zope product. This hotfix addresses an important security issue that affects all released Zope versions up to and including Zope 2.2.4 final. The issue involves the computation of local roles. In some situations the computation was not climbing the correct hierarchy of folders, sometimes granting local roles inappropriately. This could allow users with privileges in one folder to gain the same privileges in another folder. We *highly* recommend that any Zope site running versions of Zope up to and including 2.2.4 have this hotfix product installed to mitigate the issue if the site is accessible by untrusted users who may have localized privileges.