In Odoo 11 CE, I'm having trouble with the public user not being able to access event registration pages because of an access error for the mail.message object.  They get a 500 error when accessing the page.

It's strange because I've created and sold many tickets through our website over the past year, as recently as June, and have not encountered the error until now.

I assume it's because of some change that I have made since our last event in June, and I have installed a few modules since then, but nothing related to Events.

I can work around it by creating an ACL record that gives the public user permission to read mail.message, but that doesn't feel very sensible or secure to me.  Of course, that might not be right and it might be the default to allow the public user that permission. 

I'm also not sure if this has been the case previously, but chatter messages sent from the event configuration page by internal users (discussions on how the event is being planned for example) are showing up on the public event registration page.  I don't think that should happen obviously, because we don't want to have internal discussions about events made public.

It's almost as if the mail chatter mixin has been added to the event registration page??  Can this be changed?