Milestone information
- Project:
- Zope 2
- Series:
- 2.7
- Version:
- 2.7.6-final
- Released:
- Registrant:
- Sidnei da Silva
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
Building and installing Zope from source
-------
Welcome to Zope! This document describes building and installing
Zope on UNIX and Linux.
See WINDOWS.txt for information about Windows. See the PLATFORMS
directory for notes about various other platforms.
System requirements when building from source
bash or another Bourne shell variant
Python 2.3.5 installed somewhere in the system PATH
(Note: Python 2.4 is officially *not* supported because there has not
been a security audit for Python 2.4 and Zope 2 so far. If you use
Python 2.4 with Zope then you use it at your own risk from the security
perspective). Versions 2.3.3 and 2.3.4 are also acceptable. To
use a correct version of Python which is not on the PATH, or to override
the version found on the PATH, pass the alternate location as the value
of the '--with-python' option to configure.
GNU make
A C compiler (gcc recommended)
Recommendations
- You are recommended to build and install Zope as a non-root user.
Building Zope
To build Zope, run the conventional UNIX build sequence from within
the Zope source tree::
./configure --prefix=
make
If you do not specify a '--prefix' option, during a later step, Zope
will be installed into a default location.
If the configure script cannot find a suitable Python interpreter
for use with Zope, it will complain with an informative error
message. If this happens, you may use the '--with-python'
command-line option to 'configure' to specify which Python
interpreter to use. Run './configure --help' to see other
command-line options available via the configure script.
Optional: Building and Installing Zope 'In-Place'
Older versions of Zope were typically run directly from the
'source' directory itself. This is useful for development
purposes. You can regain that behavior by performing the
following sequence of commands within a Zope source directory:
./configure
make instance
WARNING: "make instance" doesn't work on FreeBSD 5.0 and
presumably other platforms. You should either use GNU make
(gmake instance), or use "make install" instead.
Making an "In-Place" instance builds the binary files and creates
the files necessary for a Zope instance to be run directly
within the build directory (e.g. 'in-place'). You may start
Zope by running::
./bin/runzope
Optional: Building Zope Using The "Clean-Source-Tree" Method
You can run the 'configure' command from outside of the Zope
source tree. If you do so, the makefile will be written to your
current directory. The files generated by the build process (via
'make') will be written to the directory from which you run
'configure'. You can then use 'make install' to install these
files to their canonical locations. This feature is to support
source locations which are not writable.
Installing Zope
To install Zope to the place you've specified via the '--prefix'
option (or to the default location if you didn't specify a prefix),
type::
make install
Creating a Zope Instance Home
Once you've performed the install step, to begin actually using
Zope, you will need to create an "instance home", which is a
directory that contains configuration and data for a Zope server
process. The instance home is created using the 'mkzopeinstance.py'
script::
/where/
You will be asked to provide a user name and password for an
administrator's account during 'mkzopeinstance'. Command-line
options to 'mkzopeinstance' are available, and can be investigated
by running 'mkzopeinstance.py --help'.
Starting Zope
Once an instance home has been created, the Zope server can now be
started using this command:
/location/
If you get errors indicating that addresses are in use, then you
will have to supply arguments to runzope to change the ports used
for HTTP or FTP. The default HTTP and FTP ports used by Zope are
8080 and 8021 respectively. You can change the ports used by
specifying the "port-base" parameter to runzope. For example, to
run Zope on ports 9080 and 9021::
./bin/runzope -X port-base=1000
There is also an interactive Zope command shell named 'zopectl' that
may be invoked by running 'bin/zopectl'. By default, 'zopectl
start' will start a background process that manages Zope and
'zopectl stop' will stop the background process.
Logging In To Zope
Once you've started Zope, you can then connect to the Zope webserver
by directing your browser to::
.. where 'yourhost' is the DNS name or IP address of the machine
running Zope. If you changed the HTTP port as described, use a port
number of 8080 + the port-base value.
You will be prompted for a user name and password. Use the user name
and password you provided in response to the prompts issued during
the "make instance" process.
Now you're off and running! You should be looking at the Zope
management screen which is divided into two frames. On the left you
can navigate between Zope objects and on the right you can edit them
by selecting different management functions with the tabs at the top
of the frame.
If you haven't used Zope before, you should head to the Zope web
site and read some documentation. The Zope Book is a good place to
start. You can access the Zope Book at:
http://
Integrating Zope With An Existing Webserver
Zope doesn't require any existing webserver to run, but you can
integrate it with other webservers as necessary. See the
WEBSERVERS.txt file for more information about configuring Zope with
an existing web server. There is also information about integrating
Zope with existing webservers on the Zope.org website.
Troubleshooting
- This version of Zope requires Python 2.3.3 or better. Version
2.3.5 is the preferred version, as it contains several bugfixes
which affect Zope's operation (see the Python changelog,
http://
- The Python you run Zope with *must* have threads compiled in,
which is the case for a vanilla build. Warning: Zope will not run
with a Python version that uses libpth. You *must* use
libpthread.
- To build Python extensions you need to have Python configuration
information available. If your Python comes from an RPM you may
need the python-devel (or python-dev) package installed too. If
you built Python from source all the configuration information
should already be available.
- See CHANGES.txt for important notes on this version of Zope.
Changelog
Zope Changes
This file contains change information for the current Zope release.
Change information for previous versions of Zope can be found in the
file HISTORY.txt.
Zope 2.7.6 final (2005/04/28)
Bugs fixed
- The previous fix to ZopeUndo/Prefix.py for collector #1726
introduced a new bug. This is fixed, but in order to avoid
bug #1726 in a ZEO environment, you should upgrade the
ZEO server to at least ZODB 3.2.8 (ships with Zope 2.7.6 final).
For details, see the ZODB 3.2.8 NEWS file.
Zope 2.7.6 b2 (2005/04/20)
Bugs fixed
- nt_svcutils: removed the explicit calls to SvcStop()
Zope 2.7.6 b1 (2005/04/13)
Bugs fixed
- Collector #1750: StructuredText: fixed handling of image URLs
with query string
- Collector #1748: Fixed SIGSEGV in Acquisition
- Default log level for the event log set to INFO rather that ALL
- Hotfix_20050405: classes defined in untrusted code could shadow
the roles of methods defined as protected by their bases.
- Collector #1460: Backported test for this bug (which was *not*
present on the Zope 2.7 branch).
- Collector #1726: Transactions from a folder "/foo" would incorrectly
appear in the Undo management screen for a folder "/foobar".
Fixed so that a prefix must be considered as a path.
- ZPublisher would fail to recognize a XML-RPC request if the
- DateIndex/
properly when cleared.
- Fixed brain.getObject() to correctly traverse to an object even
if one of its parents is not accessible, to be close to what the
Publisher does.
- Collector #1730: XML page templates couldn't call aq_parent in
path expressions.
- Collector #1624: FTPServer: a RNFR (rename from) request is now
being responded with a 550 error code if the source file does
not exist.
- Collector #1721: Fixed handling of an empty indexed_attrs parameter
Zope 2.7.5 final (2005/03/20)
Bugs fixed
- AccessControl/
for authenticated users
- Renamed utility methods in zdaemon/
a clash with unittest.TestCase methods (the clash surfaced only
under Python 2.4.1c1, due to subtle changes in MRO behavior).
- Removed redundant 'getIndexSource
- Hardened a locale-sensitive unit test in
return type of 'getlocale'.
- Updated doc/INSTALL.txt to match currently preferred and
acceptable Python versions.
- Use 'del' instead of 'list.remove()' in
same name, and it could potentially break catalog metadata as
remove() may remove more than one element from the list if
they have the same value. Also, we already have the list index
we are interested in deleting so it doesn't make sense to look
up the value and call 'list.remove()' on it.
- A null resource locked by WebDAV should not acquire index_html;
it should act just like it does not exist
Zope 2.7.5 RC 1 (2005/03/09)
Bugs fixed
- Collector #1721: Fixed handling of the 'extra' parameter in UnIndex.py
Zope 2.7.5 beta 1 (2005/02/28)
Features added
- Collector #533: ZMI Find now searches in text Files.
Bugs fixed
- Collector #1705: CopySource.
- guarded_getattr: Restored ability to aquire "through" unprotected
contexts, broken through overzealous cleanup in Zope 2.7.3.
- ZEO/zrpc: Fixed several thread and asyncore races in ZEO's
connection dance.
- Collector #1683: fixing batching in the DA "Test" tab
- Got rid of import order dependencies in PageTemplates, TAL, and
ZTUtils. This also means that the Z2 implementation of PageTemplates
no longer works outside of Zope.
- Collector #1648: Fix bug in Medusa FTP
- OFS.OrderSupport: Added tpValues method.
Trees like the ZMI menu did not show subfolders in the defined order.
(http://
- The IStreamIterator interface had inappropriate "self" arguments
in its method definitions.
- Clarified implementation of getUserById. The method should return
None if the requested user does not exist.
- Collector #1667: allow 'max-number-
the same effect as setting the value via the web interface (i.e.,
make the number of session objects unlimited, rather than falling
back to the default).
- Collector #1661: make 'python-
actually work as documented. This setting allows for important
tuning opportunities for production Zope servers.
- Collector #1657: Don't break host-based virtual hosting when
purging an HTTP accelerator cache.
- Collector: #1651: removed compiler warning
Zope 2.7.4 final (2005/01/15)
Bugs fixed
- Restored test.py to the version shipping with Zope 2.7.3.
- Collector #1655: fixed severe memory leak in TemporaryStorage
- Collector #1656: Several iterator operations were broken,
- DTML Methods were not interoperable with the new filestream_iterator
and caches based on it (FileCacheManager).
Zope 2.7.4 RC 2 (2005/01/07)
Bugs fixed
- Collector #1407: fixed XML escaping problem introduced in 2.7.4 b1
- moved Docutils back to lib/python/docutils
- removed sitecustomize.py file introduced in 2.7.4b1
- updated Docutils to V 0.3.7
Zope 2.7.4 RC 1 (2004/12/23)
Bugs fixed
- Added a workaround that allows MSIE's (buggy) WebFolders client
to display modified and created dates properly for Zope objects.
- Running Zope as a service under Windows did not work.
- Collector #1626: webdav.NullResource raised Forbidden as a
last resort for any exception type, which masked genuine
errors and also caused problems for clients legitimiately expecting
an Unauthorized response. Fixed to raise Unauthorized if
we get a CopyError, and let everything else pass through.
- Collector #1151: HTTP compression was broken on error pages
Zope 2.7.4 beta 2 (2004/12/15)
Bugs fixed
- Collector #1617: fixed unchecked buffer accesses and unchecked
Python API calls in cAccessControl.c (thanks to Tim Peters)
Zope 2.7.4 beta 1 (2004/12/02)
Features added
- RAMCacheManager: Allow invalidation of a cache entry from the
Statistics view in the ZMI
- Collector #1454/OFS.File: Accept content types ending with
text/<foo> types
Bugs fixed
- The REQUEST now contains a new entry ACTUAL_URL which contains the
full URL without query string as it appears within the location bar of
the browser. The key has been added to provide a single key that is
available for vhosted and non-vhosted installations.
- Collector #1605: VHM did not quote URLs
- webdav.
potentially bring your box to a halt, because the whole file
would be read into memory just to detect the
control the boundary where a file gets read completely into
memory. The same directive controls the creation of a tmpfile
vs. reading the whole request into memory on ZServer as well.
- The 'connection-limit' directive was not taking effect as it
modified a module-level global that was already bound to the
functions that used it by the time the directive took
effect. Modified the functions so that they import the
variable in the function body instead of at the top of the
module.
- webdav.Resource: during COPY, manage_afterClone was called way
too early, thus the object wasn't bound to the database and
couldn't find a context. Changed to behave the same way as
- RAMCacheManager: opimized performance by using cPickle instead
of pickle and by using the highest pickle protocol available
instead of using ASCII pickles (patch by Dieter Maurer)
- Collector #631: Image URLs in StructuredText containing port
numbers were not rendered correctly
- Collector #1003: added new 'http-header-
to zope.conf to specific the maximum length of a HTTP request
header before it is considered as a possible DoS attack and
discarded.
- bin/zopectl test now uses os.execv, instead os os.system,
so that options with characters that needs shell quoting
doesn't break the command.
- Updated doc/UNITTEST.txt and lib/python/
reflect progress made since UNITTEST.txt was originally written.
- Collector #1498: Don't choke on malformed cookies. Cookies of
the form "foo=bar; hmm; baz=gee" will give an empty value for
'hmm' instead of silently discarding it and the rest of the
string. (Thanks to 'sirilyan' for the patch.)
- Collector #945: Couldn't programmatically add "empty" PythonScripts.
- Collector #1219: XML export is working again (Thanks Tres)
- Collector #1510: Allow encoding of application/
according to the charset specified in the Content-Type header
(thanks to Jacek Konieczny for the patch).
- Collector #1599: made sqltest work with unicode strings (thanks
to Peter Sabaini for the patch).
- zopectl: fixed handling of child processes (patch by Dieter Maurer)
- Collector #1593: fixed dumb _get_id() implementation in
to Alexandre Boeglin for the patch).
- Collector #1450: files in utilities/ZODBTools are now installed
during the installation process in the 'bin' directory
- Collector #1371: added new 'cgi-maxlen' directive to zope.conf
to limit the amount of form data being processed by Zope
to prevent DoS attacks
- Collector #1407: changed WebDAV display name for objects
to title_or_id()
- the 'trusted-proxy' directive in zope.conf now also accepts
hostnames instead of IP addresses only (patch by Dieter Maurer)
- Fixed test.py to not over-resolve symbolic links. Needed to run
tests when the Products directory and a product are symlinks.
- Collector #1583/ZReST: Fixed handling of the title attribute
for non-ascii characters.
- Collector #1577: Fixed cryptic error message in ZPublisher if a
non-ASCII string is passed to a date, int, long or float property.
- Collector #1576: Fixed Z Search Interface to use proper HTML.
- Collector #1569/DateTime: Added a new ISO8601-method that will
return correctly formatted ISO 8601-representa
the ISO method which isn't compliant with ISO 8601.
- Collector #1127: strftime did not take timezone into account.
- ZPublisher: changed some hardcoded 'latin1' arguments to 'iso-8859-15'
since latin1 is obsolete.
- Collector #1566: Installation of Zope on some older Solaris versions
could fail due to a broken "echo" implementation causing the
creation of a borked version.txt file.
- Collector #934: Image and File objects are now always internally
split into small chunks even when initialized from a string.
- docutils: updated to V 0.3.5. The Zope core now contains a full copy
of the docutils package except some GPLed files which can not be
included with the Zope distribution due to license constraints on
- docutils: moved from lib/python/docutils to
- Collector #1557/OFS.Image: Introducing new 'alt' property. The 'alt'
attribute is no longer taken from the 'title' property but from the new
'alt' property. The border="0" attribute is no longer part of the HTML
output except specified otherwise.
- Set a default value of '' for the new 'alt' property as not to
break existing content.
- Collector #1511: made IPCServer show up in the Control Panel under
"Network Services"
- Collector #1443: Applied patch by Simon Eisenmann that reimplements
the XML parser used in WebDAV fixing a memory leak.
- Always unescape element contents on webdav.xmltools
- Use saxutils to escape/unescape values for/from
- Make OFS.PropertySheet use the escaping function from
- Escape/unescape " and '
- Don't escape properties stored as XML (ie: having a
PROPFIND response.
- If a PROPPATCH element value contains only a CDATA section,
store the CDATA contents only.
- Catch AttributeErrors and KeyErrors raised from
a more verbose error message is issued, the same way it's done
on attribute/item traversal.
Zope 2.7.3 final (2004/10/24)
Bugs fixed
Zope 2.7.3 beta 2 (2004/10/11)
Bugs fixed
- PageTemplates/TAL: Enabled i18n namespace for XML mode.
http://
- Re-added the DAV header (Collector #1518) which had been removed
in beta 1.
- Added a "reset" button to the TOC management page and a reset
argument to the associated target method. This allows users
to decide to ditch the contents of their TOC and "start over".
(Useful for people having problems with upgrades from older
Zope versions).
- Make TransientObject
Upgrades should be flawless from Zope 2.7.0, 2.7.1, and 2.7.2.
Upgrades from 2.6.3 will work, but data may not be retained.
- Changed default resolution for new TransientObject
seconds (this is helpful to prevent certain classes of conflicts,
see http://
Zope 2.7.3 beta 1 (2004/09/26)
Features added
- Made test.py follow symbolic links on POSIX systems.
- added a set of unit tests for the SiteErrorLog.
- Add a knob (not exposed to UI) to TransientObject
turn off "inband" housekeeping Housekeeping can now optionally
be done using an external scheduling facility by calling the
"housekeep" method regularly.
Bugs fixed
- Collector #1425: correct example for trace logger in zope.conf.
- Collector #1457: ZCTextIndex's QueryError and ParseError
are now available for import from untrusted code.
- Collector #1491: talgettext.py did not create a proper header
for the generated .pot file if multiple pagetemplate files
were processed.
- A composite of sessioning/
various KeyError/
under very high sessioning load See
http://
and http://
- TransientObject conflict resolver could potentially fail; when
it failed, the conflict resolution machinery could resolve the
- Collector #1477: TaintedString.
same signature as str.strip()
- Collector 789: Add Michael Dunstan's "explicit abort after error
propagates into publisher" patch as documented in
http://
to ZODB which prevent a connection from being cleanly closed if
improved sessioning behavior as a result also.)
- If an object implementing the IStreamIterator interface
(ala filestream_
and for whatever reason, the ZServer response object was
leaked, a reference to the stream iterator was kept around, which
could result in a symptom of many files being held open by Zope
after a large number of response objects had leaked. The
response now explicitly removes the reference that it has to
the stream producer after response output, sealing this variety
of leak.
- OFS: Fixed 'Last Modified' reverse sorting in main.dtml.
- TAL: tal:on-error does not trap ConflictError anymore.
- OFS.CopySupport: Enforced "Delete objects" permission during
move (CMF Collector #259).
- Removed DWIM'y attempt to filter acquired-
results from 'guarded_getattr'.
- Collector #1267: applied patch to fix segmentation faults on
x86_64 systems
- ZReST: the charset used in the rendered HTML was not set to the
changing the encodings through the Properties tab did not re-render
the HTML.
- Collector #1234: an exception triple passed to LOG() was not propagated
properly to the logging module of Python
- Python 2.3.4 is now the recommended Python version, Python 2.3.3
is still a valid choice
- Collector #1441: Removed headers introduced to make Microsoft
webfolders and office apps happy, since they make a lot of
into trying to edit office files stored in Zope via WebDAV even
when the user isn't allowed to edit them and is only trying to
download them.
If you NEED this functionality then uncomment the lines
prefixed with:
# XXMSXX
...in the following files:
AND file an issue in http://
these headers are getting totally deleted in Zope 2.8 unless
you do!
- Collector #1445: Fixed bad interaction between -p and -v(v)
options to test.py that resulted in exceptions being printed
when they shouldn't have been.
- Collector #1370: Fixed html generated by Z Search interface.
- Collector #729: manage_main doesn't display the correct page title
most of the time. It is not completely fixed but using title_or_id
makes folders display the correct id as a fallback.
- Collector #1295: Fixed minor niglet with the Elvis tutorial.
- Collector #1436: applied patch to fix a memory leak in
- Collector #1435: fixed mis-spelled variable name in zopeservice.py
- Collector #1431: fix in initgroups.c for NetBSD
- Added Stefan Holek's changes to test.py that allow for tests to be
run from an instance
- added "version.txt" to setup.py to avoid untrue "unreleased version"
messages within the control panel
Zope 2.7.2 final (2004/07/21)
Bugs fixed
- ZEO/ClientStorage: fixed check for temporary cache files (patch
by Dieter Maurer)
Zope 2.7.2 RC1 (2004/07/14)
Bugs fixed
- Collector #1403: Transience.
a path naming an onAdd or onDelete method pointed to a nonexistent
object.
- Collector #1384: Fixed LazyCat length calculation after all contained
sequences have been fully accessed.
- Collector #1386: Fixed ISO 1386, making the colon in the timezone
offset optional.
- Collector #1392: ExternalMethod ignored management_
- Fix for issue 233 in the Zope 3 collector. This corresponds to the
Zope 2.7.1 final (2004/06/21)
Bugs fixed
- reST support has been broken due to a failed import
Zope 2.7.1 beta2 (2004/06/12)
Bugs fixed
- Zope can now be embedded in C/C++ without exceptions being raised
in zdoptions.
- Sessioning machinery "delete notifier" could in many cases be called
much later than the expiration of the actual session data object
it was called upon. It is now guaranteed to be called on the first
exercising of the session machinery after object expiration +
- Collector #1293: missing 'address' parameters within one of the server
sections raise an exception.
- Collector #1265: Fixed handling of orphans in ZTUtil.Batch
- Collector #1213: Fixed wrong labels of cache parameters
- Collector #596: Page Templates can now be added via
REQUEST is passed without a file and a text arg is provided.
Features Added
- Collector #1317: FindSupport.
in SearchableText() if available (i.e. CMF content)
Zope 2.7.1 beta1 (2004/05/23)
Features Added
- Collector #1233: Scripts written before the new configuration
behavior in Zope 2.7 used to be able to simply do "import Zope;
app = Zope.app()" to get a hold of the root Zope object. With
the introduction of the new configuration machinery, an extra
step needed to be taken, so the equivalent becomes "import Zope;
This feature "fixes" that by allowing an environment variable
the "Zope.configure
process will take the vaule of ZOPE_CONFIG as the config file
name.
- New top-level configuration file directive:
specifying the number of seconds to be used as the "timeout resolution"
of the '/temp_
object database.
- New knob for transient object containers: 'timeout resolution (in
seconds). Setting this higher than the default (20 seconds)
allows the transience machinery to do fewer "writes" at
the expense of causing items to time out later than the "Data
object timeout value" by a factor of (at most) this many
seconds. This number must divide evenly into the number of
timeout seconds ("Data object timeout value" * 60) and cannot
be set higher than the timeout value in seconds.
- New "transience" implementation which is more stable under high
load. This fixes some sessioning problems. Much gratitude to
Michael Dunstan for providing a function testing rig for sessioning
that allowed for the reproduction of various failures at will!
- Recataloging a ZCatalog instance is now more safe and predictable.
Indexing errors are catched and logged. In addition the progress of the
recataloging operation is logged. So one can see how much documents are
already processed and how much documents are remaining.
- AccessControl/
parameter 'permission' to retrieve the settings for a specific
permission.
- OFS.OrderSupport: Added optional 'subset_ids' argument to move methods.
This is useful in combination with views that filter out some hidden
sub-objects.
- Zope application code can now return a "stream iterator" object
to ZPublisher. If a stream iterator is returned from
application code, it will be unwound by Zope's networking code
and its data will be rendered as the body of the response to a
client. An example:
def method_
import os, stat
from ZPublisher.
path = '/var/zope/Z2.log'
size = os.stat(
Python iterator that is guaranteed to iterate over a stream of
bytes. This interface is defined within the
implements this interface may be returned to ZPublisher.
Before a stream iterator is returned from Zope code the
The major use for this feature is to allow application code to
serve static files from the filesystem without first needing to
read all file data into memory or explicitly chunking data from
static files out via 'RESPONSE.write' (both of which are slower
than just letting medusa itself handle the output via a native
producer).
http://
has more information.
- OFS.Image's index_html method now calls its own ZCacheable_set
method with the single argument None. Existing cache managers
such as HTTPAccelerated
nothing with this value, but other cache managers are free to
inspect the caller and cache its data.
- OFS.Image's index_html method now attempts to retrieve data
from a cache manager via its own ZCacheable_get method.
Previously, this method did call in to ZCacheable_get, but did
nothing with the data that it retrieved (under the assumption
that there are no cache manager implementations which could
handle large file data). Existing cache managers will return a
null value from ZCacheable_get, but future cache managers will
be free to return a stream iterator, which can be returned
directly to the publisher. For a sample implementation of such
a cache manager, see cvs.zope.
- OFS.Image's manage_FTPget now attempts to get data from a cache
manager before sending back data out of the database.
- New restructured text implementation with an updated docutils
package v0.3.4.
- New zope.conf directive called rest-header-level with a default
value of 3. It's setting the initial header level for rest like
- Collector #1233: Introducing a new environment variable ZOPE_CONFIG
has can be used to specify the location of the zope.conf file for
scripts importing the 'Zope' module directly. In earlier versions
it has been necessary to call Zope.configure explict.
Example::
export ZOPE_CONFIG=
From Python script:
# Zope.configure(
app = Zope.app()
- The testrunner.py has been removed since it is replaced with the
test.py script.
Bugs Fixed
- Collector #789: Zope's transaction behavior flawed. Historically,
if an error bubbled up to Zope's publishing machinery, execution
of the error handler code would be performed in a context
that was essentially "between" two transactions. This caused
problems for applications (like sessioning) which want to be able
to write to the database during an error message. That need may sound
insane, but since the transaction is aborted after the error handler
has executed, it has the same effect as the "old" behavior inasmuch
as no inconsistent state will ever be committed to the database
as a result of this behavior unless someone really wants to shoot
themselves by calling "get_transactio
handling code.
- TransientObjects (session data objects) may have lost state at
ZODB commit time after they were mutated via their __setitem__,
__delitem__, update, or clear methods because they did not
signal to the ZODB persistence machinery that they had been
modified.
- Collector #852: Bug in the error reporting of some failure
cases in transactions meant that the cause of the failure was
not logged.
- Collector #1345: AcceleratedHTTP
- Fixed inconsistency between the way MultiHook and traverse() call
traversal hooks.
- Collector #1304: zopectl doesn't allow specification of zdrun
effective user. zopectl now supports the -u switch which
tells it to setuid to the specified username/uid when
running the daemon manager.
- Collector #1341: TemporaryStorage was not usable under a ZEO server.
- Collector #777: 'HTTPRequest.
the values of password fields; the issue notes their presence in the
error log, but '<dtml-var REQEUEST>' or
'<div tal:replace structure request>' had the same effect.
- Fixed bug in catalog merging which could cause a KeyError when
merging results sorted by an index with few keys.
- Collector #1126: ZPublisher.
splitlines() instead of split('\n').
- Collector #1322: fixed HTML quoting problem with ZSQL methods
in DA.py
- TemporaryStorage bug fixed where KeyErrors could be reported
coming from TemporaryStorag
during sessioning usage).
- Collector #1261: fspack.py neglected to import the oid_repr()
function, but used it to produce error output.
- Collector #1124: The ZReST product now uses the same reST encoding
parameters from zope.conf as the low-level reStructuredText
- Collector #1259: removed the "uninstall" target from the Makefile
since the uninstall routine could also remove non-Zope files. Because
this was to dangerous it has been removed completely.
- Collector #1299: Fixed bug in sequence.sort()
- Collector #1309: The reference counts reported by
- Collector #1159: Added test for __MACH__ to initgroups.c so the
initgroups method becomes available on Mac OS X.
- Collector #1226: ZTUtils.Tree encoding could include carriage
returns, which would result in a malformed cookie HTTP header.
- Collector #1222: Fixed broken API help by adding missing security
declarations in APIHelpTopic.py.
- Collector #1004: text,token properties were missing in
- Collector #553: sporadic Zope crashes
BTree bucket conflict resolution could segfault if fed three empty
buckets. A BTree had to start out empty, and two overlapping
transactions had to each add something to the tree and delete it
again before committing, so this was unlikely and hard to reproduce.
- Collector #1298, ZSQLMethods now have a __traceback_
so they are not rendered in the site error log.
- Collector #562: pDocumentTemplate is now disconnected because it
has been broken for some time. It will no longer get imported
if cDocumentTemplate isn't there. It is left only as an implementation
reference for the C version.
- Collector #1300, Fixed persistence of dtml-tree state which was
caused by an overly cautious unpickler.
- Collector #544: Remove Content-Length header for 304 responses from
images/files which violated RFC 2616. This was a workaround for a
since fixed Apache proxy-cache bug.
- Display index name on error message when index can't be used as
'sort_on'.
- PUT would fail if the created object had a __len__ = 0 (eg:
checking if the returned object is None instead.
- Fix performance bug when calculating the number of objects in a
large ZCatalog. This made clicking on the indexes tab of such a
catalog extremely expensive.
- Collector #1289: Allow ZSQL methods to be edited via WebDAV.
- Collector #1283: DTML Method "standard_
html tag
- WebDAV property values were not being properly escaped on
'propstat'.
- WebDAV 'supportedlock' was not checking if the object did
implement the WriteLockInterface before returning it's
value.
- FTP download speed was very slow because the buffer size used
for the feeding of data into asyncore was very small. Increasing
it to a "normal" amount sped up FTP downloads by ~ 100X.
- OFS.Image's insanely long index_html method was factored out
into several parts.
- ZCatalog result/brain methods getPath() and getObject() now properly
propagate database conflict errors which should eliminate spurious
missing results on busy servers.
- Collector #1160: HTTPResponse.
when an 'expires' keyword argument was passed.
- reStructuredText ignored the encoding parameters in zope.conf
- ObjectManager no longer raises string exceptions.
- Collector #1260: Testing/__init__.py no longer changes the
- App.config.
for debug_mode, Globals.
- Collector #1255: getWrappedOwner() must return None if the object
is owned by the UnownableOwner.
- Collector 434: meta-refresh on web-based restart was set too low,
and would often try to hit the server too soon on slower machines,
displaying a 500 error, which caused people to panic. It was
5 seconds, it's now 10.
- Minor usability tweaks
* Made selection widgets of FindSupport forms 8 lines high.
- Stop testrunner.py from recursing into the 'build-base' directory
created by setup.py.
- Pass along command line args to scripts called via "zopectl run".
This allows you to use scripts which require arguments using
zopectl run. If you do "zopectl run scriptname.py arg1 arg2", the
value of sys.argv within the script will consist of
- The security-
It was not possible to switch from the C implementation.
- DeprecationWarnings in Scripts were converted into mysterious
exceptions. Scripts now gain a '_filepath' attribute, used at
runtime as the '__file__' global value.
- zopectl under daemon mode on MacOS X 10.3, Solaris, Linux 2.6 kernels
emitted a traceback upon startup. This has been fixed.
See http://
- mkzeoinst.py complained if there was already a process listening
on the port that the new instance was told to listen on, and would
not install instance files until the process was shut down. This
has been fixed.
- ZPublisher/Test.py publish() function now conveys
specified in the -e env variable. This change should be very
backwards compatable, since it was previously futile to
provide these values. Also, publish_module() now notices when
it gets a mapping-like argument named 'form' and puts it on
the request - a handy way to get form data to the publisher.
This change may be suprising if you're used to having your
forms ignored.
I think these Zope.debug() enhancments are pretty safe, since
up to now it's been a tool good for not much more than poking
and prodding. Now it should be more useful for more thorough
testing purposes.
- ObjectManager will now attempt to set Owner local role keyed
to the user's id, rather than username.
Zope 2.7.0 (2004/02/11)
(no changes from rc2)
Zope 2.7.0 rc 2 (2004/01/30)
Bugs Fixed
- One of the 2.6.3 fixes added a previously missing security check
when binding 'context' and 'container' to Python Scripts. Because
many existing scripts appear in containers that users cannot access,
this caused a lot of unauthorized errors in existing (mostly CMF)
sites, since 'container' is bound by default. The fix has been
adjusted so that an unauthorized is only raised if the bound name
is actually used in a script, making backward compatibility much
better.
- Collector #1154 / # 615: interaction with sessions could cause
the security context to be discarded, potentially breaking scripts
that depend on proxy roles.
- Stopped overriding the version of xmlrpclib in the Python
standard library. As of Python 2.3, the standard xmlrpclib now
includes all the features Zope needs, plus bugfixes and
integration with new Python types.
- A pre-existing bug that could cause subtly different results
when calling the C vs. Python version of validate() through the
authorize() method of a UserFolder was found and fixed.
- An inadvertant change to the behavior of Owned.getOwner was
reverted.
- Fix for bug 1207: errors building in read-only directories.
Zope 2.7.0 rc1 (2004/01/19)
Bugs Fixed
- Collector #1182: Functions for handling decisions about
unprotected subobjects were not passed "names" when doing
unnamed (item) access. In 2.6.3 we changed access checks when
doing item access to pass None rather than the key value when
validating access. This broke some existing applications. We
have reverted these changes.
- Collector #1186: some globals required to support certain operations
in restricted code (e.g., list comprehensions in DTML expressions)
were not propagated to all the right places.
- Collector #1074: Change Scripts' __name__ to None, added unit
tests for the effect of __name__ on class definitions and imports.
- README.txt (and other file-like objects or directories without
an __init__.py) on the Products path are no longer considered
to be Products. A warning message is no longer raised about
duplicate README.txt "products" upon startup in a default
- XMLRPC queries failed due to a missing import.
- Forward-ported Toby's unicode encoding hacks for propertysheets
from the 2.6 branch.
- Some potential refcount issues in cAccessControl.c were fixed.
- Fixed bug in ZEO server's monitor option. The -m / --monitor
option used to specify the monitor address did not work.
Zope 2.7.0b4 (2004/01/09)
Default config file changes
- Zope no longer creates "default" ZODB databases if none exist in
the zope config file. At least one database (the root database,
at mount-point /) must be specified in zope.conf for Zope to start
properly now. In zope.conf files generated by older 2.7 betas,
just uncomment the "main" and "temporary" zodb_db definitions
in the zope.conf file to be in parity with what would have been
generated in 2.7b4 and beyond.
- Zope no longer configures a "default" set of servers if no
servers are specified in the config file. If no servers are
specified in the config file, no servers are started.
Features added
- Folder listings in FTP now include "." as well as "..".
- Using "_usage" parameters in a ZCatalog query is deprecated and
logged as DeprecationWarning.
- Added a "mime-types" configuration value which names a file
giving additional MIME type to filename extension mappings.
The "mime-types" setting may be given more than once in the
mime.types file distributed with Apache.
- Added a "warnfilter" config directive which allows for
the specification of Python warning filters from within
the Zope configuration file.
- When a VHM is activated, it adds the mapping
to the request's 'other' dictionary. If BASEPATH1 is empty, it
is omitted from the tuple. The joined parts are also added
under the key 'VIRTUAL_URL'. Since the parts are evaluated
before traversal continues, they will not reflect modifications
to the path during traversal or by the addition of a default
method such as 'index_html'.
- Added VHM regression tests to the SiteAccess product. Also see
Collector #809.
- Updated the interactive Zope tutorial to use ZPT in place of
DTML.
- When installing, symlink the Python used to build Zope into the
installed 'bin' directory (unless it has a 'python' already).
- Python 2.3 builtins 'sum', 'dict', and 'enumerate' exposed to
guarded code.
Bugs fixed
- Collector #1140: setting the access control implementation from
the configuration file didn't work. The ZOPE_SECURITY_
environment variable is no longer honored.
- Browsers that do not escape html in query strings such as
Internet Explorer 5.5 could potentially send a script tag in a
query string to the ZSearch interface for cross-site scripting.
- FilteredSets (used within TopicIndex) are defined via an expression,
which was naievely eval'ed.
- The ZTUtils SimpleTree decompressed tree state data from the
request without checking for final size, which could allow for
certain types of DoS attacks.
- Inadequate security assertions on administrative "find" methods
could potentially be abused.
- Some improper security assertions on DTMLDocument objects could
potentially allow access to members that should be protected.
- Class security was not properly intialized for PythonScripts,
potentially allowing access to variables that should be protected.
It turned out that most of the security assertions were in fact
activated as a side effect of other code, but this fix is still
appropriate to ensure that all security declarations are properly
applied.
- The dtml-tree tag used an "eval" of user-supplied data; its
efforts to prevent abuse were ineffective.
- XML-RPC marshalling of class instances used the instance
__dict__ to marshal the object, and could include attributes
prefixed with an underscore name. These attributes are considered
private in Zope and should generally not be disclosed.
- Some property types were stored in a mutable data type (list) which
could potentially allow untrusted code to effect changes on those
properties without going through appropriate security checks in
particular scenarios.
- Inadequate type checking could allow unicode values passed to
where an exception would eventually be generated at a level that
would cause the Zserver main loop to terminate.
- The variables bound to page templates and Python scripts such as
"context" and "container" were not checked adequately, allowing
a script to potentially access those objects without ensuring the
necessary permissions on the part of the executing user.
- Iteration over sequences could in some cases fail to check access
to an object obtained from the sequence. Subsequent checks (such
as for attributes access) of such an object would still be
performed, but it should not have been possible to obtain the
object in the first place.
- List and dictionary instance methods such as the get method of
dictionary objects were not security aware and could return an
object without checking access to that object. Subsequent checks
(such as for attributes access) of such an object would still be
performed, but it should not have been possible to obtain the
object in the first place.
- Use of 'import as. in Python scripts could potentially rebind
names in ways that could be used to avoid appropriate security
checks.
- A number of newer built-ins (min, max, enumerate, iter, sum)
were either unavailable in untrusted code or did not perform
adequate security checking.
- Unpacking via function calls, variable assignment, exception
variables and other contexts did not perform adequate security
checks, potentially allowing access to objects that should have
been protected.
- DTMLMethods with proxy rights could incorrectly transfer those
rights via acquisition when traversing to a parent object.
- Range searches with KeywordIndexes did not work with record-style
query parameters
- Collector #484: Depending on the server's timezone (east of Greenwich)
and os (Windows) _calcTimezoneName didn't work with 1970/01/01 and some
other special dates.
- Item_w__name__ now has a working getId() method
- PageTemplateFile now using Item_w__name__ mixin, fixing
its getId() and absolute_url() methods.
- PCGI, FCGI, and HTTP servers now check for unicode types in their
close methods.
- Only one VirtualHostMonster is allowed per container.
- Collector #1133: TreeTag choked on Ids of type long.
- Collector #1012: A carefully crafted compressed tree state
could violate size limit. Limit is no longer hardcoded.
- Collector #1139: tal:attributes didn't escape double quotes.
- Collector #809: Added and documented Traversable.py methods
change to absolute_url behaviour.
- Collector #927: Raise a more specific exception than BadRequest
when disconnected.
- Collector #1129: Improper parsing of ISO8601 in DateTime.
- updated docutils packages (fixes several problems with
- Fixed a bug in the ZEO server's getInvalidations() method. If
it had the requested invalidations, it would send all the
This didn't affect correctness of the cache, but did cause it
to throw out valid data.
Zope 2.7.0b3 (2003/11/18)
Features added
- Add 'parity' method to ZTUtils Iterators.
- Allow untrusted code to mutate ZPublisher record objects.
- Changed the ZEO server and control process to work with a
single configuration file; this is now the default way to
configure these processes. (It's still possible to use
separate configuration files.) The ZEO configuration file can
now include a "runner" section used by the control process and
ignored by the ZEO server process itself. If present, the
control process can use the same configuration file.
- ZConfig was updated to version 2.0. The new version includes
two new ways to perform schema extension; of particular
interest in Zope is the ability for a configuration file to
"import" new schema components to allow 3rd-party components
(such as storages, databases, or logging handlers) to be used.
- Add an update_metadata keyword argument to instances of a
Catalog's catalogObject method and an ZCatalog's catalog_object
method. This argument defaults to true. If this argument is
specified false, the catalog update will not update the
metadata for the object. If the obejct has never been
cataloged before, the metadata is always added and the flag has
no effect.
- The standard ProperyManager now includes the same label
By adding a 'label' entry to the property definition you
can now display a prettier label for the property.
Bugs fixed
- Removed all cases where string literals were raised as exceptions,
and where named strings caused deprecation messages during unit
tests (some named strings may still be hiding in the woodwork).
- AccessControl.User used a misleading string exeception,
- Collector #1112: logfile reopening didn't work.
- Collector #1110: Under Python 2.3, some DateIndex tests were failing.
- Collector #426: Inconsistent, undocumented error() method.
- Collector #799: Eliminate improper uses of SCRIPT_NAME.
- Collector #445: Add internal global declaration for Script bindings.
- Collector #616: Make CONTEXTS available to TALES Python expressions.
- Collector #1074: Give Script execution context a __name__
- Collector #1095: Allow TAL paths starting with '/varname' as a
preferred spelling for 'CONTEXTS/varname'.
- Collector #391: Cut and paste now requires delete permissions.
- Collector #331: Referenses to URL in manage_tabs was changed
to REQUEST.URL to prevent accidental overriding.
- Made the control panel properly reflect the cache-size setting
of ZODB's object cache once again.
- ConflictError was swallowed in ObjectManager by
expecting to do cleanups before deletion.
- Python 2.3 BooleanType wasn't handled properly by ZTUtils
marshalling and ZPublisher's converters.
- Collector #1065: bin/ scripts didn't export HOME envars.
- Collector #1034: METAL macros with content-type text/xml raised
Unauthorized errors inappropriately.
- Collector #572: WebDAV GET protected by 'FTP Access' permission.
Two new methods have been added to WebDAV resources, "manage_DAVget"
and "listDAVObjects". These are now used by WebDAV instead of the
earlier "manage_FTPget" and "objectValues". This separates the
permissions, and allows WebDAV specific overriding of these methods.
- Workaround for Collector #1081: The 'title' property for objects
derived from OFS.Folder or PropertyManager can now be
removed and replaced with a ustring property. This allows the usage
of non-ISO-8859-1 or ASCII charsets
- profile-
(thanks to Andy McKay for the report).
- Collector #904: Platform specific signals in zdaemon/Daemon.py
(fixed by removing the "fossil" module from 2.7 branch and head).
- Collector #951: DateTime(None) now equal to DateTime()
- Collector #1056: aq_acquire() ignored the default argument
- Collector #1087: ZPT: "repeat/
in the Zope Book.
- Collector #1079: Fixed BaseRequest's traversal loop to avoid some
infinite loop scenarios.
- The View tab in the ZMI in some cases pointed back to
- Added the name "context" as a synonym for "here" in page
templates, since "context" is better understood. This unifies
the convention in templates, scripts, and Zope 3.
- Disassociate zeo-client-name from enable-
ZConfig keys. In the past, if you ran an appserver as ZEO
client with a persistent cache, the startup logic prevented
products from being loaded. This was a hack that got baked in
via the weird interaction between the FORCE_PRODUCT_LOAD and
ZEO_CLIENT environment variables and was carried over into Zope
2.7 by inertia. Now they have nothing to do with each other
and can be specified independently.
- Monitor server would start even if an emergency user didn't exist.
- Collector #721: Entities in tal:attribute values weren't
properly escaped.
- Collector #851: Traversable.py: A bare try..except shadowed
conflict errors
- Collector #1058: Several fixes for PropertySheets when used
outside ZClasses
- Collector #1053: parseIndexRequest turned empty sequence of search
terms into unrestricted search.
- manage_tabs had a namespace problem with the acquisition of names from
the manage_options variable resulting to acquire "target" and "action"
from objects above in the hierachy.
- PathIndex and TopicIndex are now using a counter for the number
of indexed objects instead of using a very expensive calculation
based on the keys of their indexes.
- Collector #1039: Whitespace problem in Z2.log fixed
- Collector #78: Proxy roles not respected when calling
- changed some bare try: except:'s in Shared.
so that they now log exceptions that occur.
- Responses from Zope's FTP server could sometimes be HTML!
Zope 2.7.0b2 (2003/08/26)
Features added
- New zopectl feature: adduser. Instead of using the inituser
mechanism, "zopectl adduser <name> <password>" will add a user
with the 'Manager' role to your site. This is useful both
- New top-level package: nt_svcutils. This takes the place of
the Zope.Startup.nt package to allow for reuse outside of Zope.
- Renamed the "service file" for a Zope instance under Windows
from ntservice.py to zopeservice.py to allow a ZEO server
instance to share the same instance home as a Zope instance
(the ZEO service file will be called zeoservice.py).
- The TemporaryStorage module was moved from
tempstorage.
- Split functionality of mkzopeinstance into two separate
modules: mkzopeinstance.py and copyzopeskel.py.
custom skeleton directories or mkzopeinstance can use a custom
skeleton directory via the '--skelsrc' flag.
- Added 'environment' and 'path' directives to config file directive
list. 'environment' is a section which allows the user to specify
environment variables within the config file. 'path' allows the
user to specify additional directories to insert into sys.path
when configuration is processed.
- Moved temporary storage related files into their own module
within lib/python, out of Products.
necessary in order to prevent the configuration machinery from
prematurely importing some modules that it didn't need to
during startup (the transitive set of all imported modules
within Products.
- Add a check to the configurator to ensure that the Python found
has an expat parser.
Bugs fixed
- The Products directory in an instance home was not
specified manually). It is now automatically added at instance
startup.
- The Windows runzope.bat file generated by mkzopeinstance from
the default skeleton directory now uses python.exe instead of
pythonw.exe, so you can actually see output from the Zope
process when you run it interactively.
- backport of TAL fixes from z3
* i18n and metal interactions
* fix handling of nested translations with tal:content/replace
and i18n:name
- Collector #1017: reST has been broken
- backward compatibility for i18n:attributes
if items are separated with spaces and there are more than two items,
all are treated as attributes plus deprecation warning
if items are separated with spaces and there are two items :
* i18n:attributes
treated as <attr> <msg_id>
* i18n:attributes
as long as title exist as attribute (both as static or in
- deny attributes being both part of tal:attributes
and having a messageid in i18n:attributes
- Fixed failing Zope.Startup tests caused by import of
nonexistent Startup.getSchema function.
- VHM: manage_edit has been broken
- The container-class keyword to database sections
didn't work.
- ZConfig didn't report a line number and munged capitalization
of replacement keys when a replacement error was provided.
- log-to-stderr on startup will now emit messages to the console at
the lowest logging level defined by any of the handlers in the
eventlog section.
- entirely removed warning when the starting user's umask is "too
permissive". it wasn't clear that it added any value under normal
operations.
- debug-mode config file option did not work.
- ZClasses that subclassed ObjectManager that were created in
earlier versions of Zope would not load under 2.6, due to
the new Interfaces package. Added back a simple stub module
and changed a constructor to allow these ZClasses to work.
- Bugfix: if zopectl is run as the root user, the debug, run, and
adduser commands will cause the Python process which performs
those actions to switch users to the effective user. This
prevents ZODB index files, log files, etc. from being written
as root, potentially preventing later startup by the effective
user.
- Bugfix: allow the zopectl process to ascertain the program that
zdrun should run from the Zope config file. This is necessary
if the file is moved out of a "single-
instance home.
- Various fixes to content of ZopeTutorial to deal with URLs moving
on new.zope.org (thanks to Stefane Fermigier).
- Added optparse and textwrap modules to docutils package to prevent
ReST barfage (AJ).
- Added a sample zeoclient and tempstorage stanzas to the default
config file (zope.conf.in).
- Various tweaks to the dbtab configuration code (Shane).
- Various fixes/enhancements to ZODB/ZEO (PythonLabs).
- Removed 'inst/Zope.spec' Zope RPM spec file in favor of placing
it in a separate internal ZC repository. It will be available
in the SRPM.
- Fix for Collector 823 (XML RPC exception values were always
converted to strings and thus turned into a Fault object).
Thanks to Sandor Palfy for the patch.
- Remove --zeo/-z flags from mkzopeinstance.py, as custom_zodb.py
is no longer the preferred method of configuring custom
storages now that we have DBTab in the core, and you should be
able to create a custom skeleton dir with the right
zope.conf.in that has a zeo client storage set up if you need
to.
- 'make sdist' now creates a file with an extension of '.tgz'
rather than .'.tar.gz' (mainly to meet the expectations of
Zope.org about file names).
- moved 'zpasswd.py' into utilities directory in source tree.
Zope 2.7.0b1 (2003/07/21)
Features added
- zopectl command now has 'debug' and 'run' options.
- the zodb_db section in zope.conf now accepts a 'connection-class'
key that accepts a python dotted-path-name to use as the
connection class for the database.
- The ReST input and output encodings are now configured via the
directives rather than the REST_INPUT_ENCODING and
- Datetime-format settings are now configured via the
- Trusted proxies are now configured via the 'trusted-proxy'
- The maximum number of sockets that ZServer will open in order to
service incoming connections can now be specified via the
- Shane Hathaway's DBTab product has been integrated. The
mounted databases. You can add a mount point by editing the
zope.conf file, adding a zodb_db section for the main database
and other mounted databases, and choosing "ZODB Mount Point"
from the Zope "Add" list.
- DTML Methods and Documents supply a traceback supplement when called.
- Windows installer contains NT/2K/XP service support on
a per-instance-home basis.
- zopectl command now has 'debug' and 'run' options.
- the zodb_db section in zope.conf now accepts a 'connection-class'
key that accepts a python dotted-path-name to use as the
connection class for the database.
Bugs Fixed
- mkzopeinstance did not expand tildes in directory name input.
- The 'configure' script did not work under Solaris sh.
- The SiteErrorLog object did not ignore NotFound errors,
which caused (mainly) useless messages to be kept in the log.
- The addition of a linefeed to version.txt in lib/python caused
Apache proxies to choke because the string was injected into
a header including the linefeed. This has been fixed.
- Collector: #964: standard_
HTML code for more information which is deprecated. Referring to
the error log now.
- Collector #893: Mailhost: munge_header has been broken for addresses
containing the recipients full name
- Zope's setup.py didn't include the ZEO.auth package.
- Collector #628: Applied patch to fix several textarea resize
problems.
- Collector #953: fixed namespace collision with form_title in ZMI
- Collector #342: Avoiding insertion of a BASE tag for file objects
with content-type text/html
- Windows installer properly deletes pyc/pyo files on uninstall.
- Windows binary post-install quickstart page is now more
informative.
- Fixed a potential bug in ZTUtils.
potentially empty string was tested for it's first character; used
.startswith for safety.
Zope 2.7.0a1 (2003/07/03)
Features added
- OFS: OrderSupport and OrderedFolder added. OrderSupport is a mixin class
that adds the IOrderedContainer interface to ObjectManagers.
using OrderSupport.
(thanks to Stephan Richter for inspiration and some code)
- Folder: Constructor now takes an optional 'id' argument.
- Show known medusa servers in Control_Panel.
- New startup and installation regime (./configure; make; make install
instances use a config file, daemon is now a separate process). See
http://
for more information.
- New module: App.config. New API for getting a configuration
object. This should be the preferred way for all code in Zope
to get configured values for many settings. For settings made
available via this module, alternate locations are deprecated,
though will to be supported for Zope 2.7.
- Collector #435: Support for passwords encoded using MySQL's
PASSWORD() function add to lib/python/
- Collector #167: Support __getattr__ on cAccessControl PermissionRole
objects to allow gathering of permission names for products like
DocFinder and VerboseSecurity.
- Added a new REQUEST method, getClientAddr(), to determine a clients
IP address. Address restrictions in the user folder have been changed
to use this method. By default the value returned by this method is the
same as the initial value of REQUEST[
support for obtaining a more useful value from other headers if a
front-end proxy is in use. See doc/ENVIRONMENT.txt for details.
- DateTime module: added support to parse international dateformats. The
Datetime constructor has a new "datefmt" parameter to enforce the
parsing of a date as "us" or "international" date. The new field
descriptor field descriptor "date_internati
enforce this behaviour inside the ZPublisher. See also
- KeywordIndex, FieldIndex and ZCTextIndex are now able to index more
than one attribute of an object. This removes the ties between the
indexes ID and the attribute name to be indexed.
- Integration of reStructuredText (reST) and the ZReST product
by Richard Jones. See doc/RESTRUCTURE
- Objects locked through WebDAV are now marked with a lock icon
inside the ZMI.
- Collector #741: Applied patch to provide better FTP error messages.
- Made all PluginIndexes and ZCTextIndex use 'safe_callable',
which is aware of extension classes that fill 'tp_callable'
but don't define '__call__'.
- Made KeywordIndex be more robust about receiving a value that
is not a string or an iterable type.
Bugs Fixed
- Collector #954: clear() method of TopicIndex removed all filter sets
instead of clearing them.
- Collector #939: Fixed typo in TopicIndexes
- Collector #937: UnicodeError exception available within PythonScripts
- Collector #902: recursive Scripts were broken due to shared globals.
- Product initialization would only consult a file named "version.txt"
to read version information. Now it will check version.txt, VERSION.txt
and VERSION.TXT.
- Collector #928: DateIndex ignored timezones when indexing and
querying
- Collector #892: misleading error msg when initializing an OIBTree
from a dict with a float value. The message claimed that the
dict's items didn't consist of 2-element tuples, but of course
they do. The TypeError now says "expected integer value".
- Collector #882: delPropertySheet was broken due to a typo
- Collector #683: WeDAV request without XML preamble
were not recognized by Zope and raised an exception.
- Index constructors were called without acquisition context of the
calling object. This caused caller.
indexes depending on this information.
- Collector #814: PathIndexes now uses IITreeSet instead of
IISet. This should result in less memory usage.
- Fixed a whitespace problem in Z2.log (AWStats failed to process
Zope logfiles)
- Collector #816: dtml-sendmail corrupted header if message was
left blank.
- Collector #790: WebDAV access is granted by default only
to Managers and Authenticated users instead to Anonymous users.
This restricts access to the Control_Panel and especially
to the Products management to trusted users.
- Rename, Cut & Delete operations on locked objects (WebDAV) are
no longer permitted and will raise an exception. Copies of
locked objects are copied without lock.
- Collector #634: Image objects can now be rendered without border
attribute by calling "image.
- Collector #695: Object IDs "." and ".." are no longer permitted.
- Collector #771: ZCatalog failed to index DTML Document if the name
of a catalog metadata was identical with the name of an acquired
object.
- Collector #686: intSets no longer lose their values.
- Collector #685: Improved documentation explaining how, where and
why security assertions should be placed in:
- The ZEO unit tests and wo_pcgi.py didn't run on Windows if the path
to the python executable included a space.
- Some calls to os.system('chmod') has been replaced with the more
portable os.chmod() call, to make install work properly on Windows.
- Fixed an isinstance() check in SimpleItem on standard_
handling that would always break if the first argument was not
an extension class because the second argument was a type.
- Any write request could be tricked into writing into a version
be setting a version cookie or by including a version name in
the request. Now we require the user to globally have
permission to join or leave versions to run a request in a
version.
Backward incompatabilities
- We no longer honor local security settings that would allow
someone to join or leave versions unless the location of the
settings is a folder directly or indirectly containing the
user's user folder.
Bugs Fixed
- Collector #956: automatically installing Examples at startup
could be a security risk. Examples now must be installed
explicitly by the user (thanks to Jamie Heilman and day0).
- Collector #954: clear() method of TopicIndex removed all filter sets
instead of clearing them.
- Collector #882: Fixed typo in PropertySheets
- Collector #939: Fixed typo in TopicIndexes
- Collector #937: UnicodeError exception available within PythonScripts
- Collector #902: recursive Scripts were broken due to shared globals.
- Product initialization would only consult a file named "version.txt"
to read version information. Now it will check version.txt, VERSION.txt
and VERSION.TXT.
- Make ZCTextIndex much less prone to generating conflict errors.
Previously *any* concurrent updates would provoke a conflict.
- Fix query performance and scalability bug in ZCTextIndex.
- Collector #928: DateIndex ignored timezones when indexing and
querying
- Any write request could be tricked into writing into a version
be setting a version cookie or by including a version name in
the request. Now we require the user to globally have
permission to join or leave versions to run a request in a
version.
- Fixed a problem with potentially mis-acquiring 'func_code' in
publisher BeforeTraverse hook.
- Fix for issue 683: Image cache manager headers were not sent
when an image request returned a 304 (in response to an if-mod-since
request).
- Made all PluginIndexes and ZCTextIndex use 'safe_callable',
which is aware of extension classes that fill 'tp_callable'
but don't define '__call__'.
- Made KeywordIndex be more robust about receiving a value that
is not a string or an iterable type.
- Fixed incorrect docstring in OFSP/Image help.
- Fixed unhelpful signal description.
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.
