Zope-Announce December 2000

zope-announce@zope.dev

8 participants
13 discussions

ANNOUNCE: Zope 2.2.5 b1 released
by Brian Lloyd 27 Dec '00

27 Dec '00

Happy Holidays all, Zope 2.2.5 beta 1 has been released - you can download it from Zope.org: http://www.zope.org/Products/Zope/2.2.5b1/ This release contains a number of bug fixes, and includes all Hotfixes to date. It includes the fix for a memory leak that could occur when accessing SQL data through aliased names, a fix for a problem with contention between concurrent POST requests and a number of fixes to improve support for current WebDAV-aware clients such as Adobe GoLive. Note that this release contains a change to the ExtensionClass binary - if you are running a source release you should rebuild the Zope binaries after upgrading or applying a "diff" update. For more information on what is new in this release, see the CHANGES.txt and HISTORY.txt files for the release: http://www.zope.org/Products/Zope/2.2.5b1/CHANGES.txt http://www.zope.org/Products/Zope/2.2.5b1/HISTORY.txt Note that we have also posted "diff" updates as .tgz files that will let you easily upgrade an existing 2.2.x site. These updates are available for those currently using the 2.2.x source release or the 2.2.x binary releases. To apply a differential update to your site: - download the appropriate .tgz file from zope.org - shutdown your Zope process - copy the .tgz to your Zope directory and extract it - run w_pcgi or wo_pcgi *if you are not using a binary release* - restart your process Brian Lloyd brian(a)digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

1 0

1st Edition - Zope Hosting Guide
by Mark Pratt 22 Dec '00

22 Dec '00

hello all, available immediately from our website via this address: http://www.beehive.de/zope/hosting/guide.html is the first edition of the Zope Hosting Guide. here are the highlights: - free - 23 pages - written for beginners - work in progress (many more releases to come) regards, mark -------------------------------------------------------------- mark pratt (managing director) mark(a)beehive.de beehive elektronische medien GmbH http://www.beehive.de phone: +49 30 847-82 0 fax: +49 30 847-82 299

1 0

ANNOUNCE: Zope security alert and hotfix release
by Brian Lloyd 18 Dec '00

18 Dec '00

Hi all - <Tis the season for hot - fix - es, fa la la la la, waa waa waa waa...> Peter Kelly has brought another potential security issue to our attention that is important enough to make a Hotfix available for those who allow untrusted users to edit DTML on their sites. The issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing priveleges to update the raw data of a File or Image object via DTML though they did not have editing priveleges on the objects themselves. We recommend that any Zope site running versions of Zope up to and including 2.2.4 have this hotfix product installed to mitigate the issue if the site is accessible by untrusted users who have DTML editing privileges. http://www.zope.org/Products/Zope/Hotfix_2000-12-18/README.txt http://www.zope.org/Products/Zope/Hotfix_2000-12-18/Hotfix_2000-12-18.tgz The hotfix will work for all versions of Zope 2.1.x and higher. A Zope 2.2.5 release later this week will contain the fix for this issue (as well as all hot fixes to date) and you will be able to uninstall the hot fix after upgrading. Brian Lloyd brian(a)digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

1 0

ANNOUNCE: updated 12/15 hotfix
by Brian Lloyd 15 Dec '00

15 Dec '00

The version of the Hotfix uploaded initially was flawed :( I have made new one (Hotfix_2000-12-15a) and put redirects at the old location in case people get the original announcement and not this email. If you were quick on the trigger and downloaded the hotfix within an hour or so of the announcement you should get the updated (15a) one, as the flaw may prevent you from adding objects on your site. TGIF, Brian Lloyd brian(a)digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

1 0

ANNOUNCE: Zope security alert and hotfix release
by Brian Lloyd 15 Dec '00

15 Dec '00

Hi all - A security issue has recently come to our attention (thanks to Erik Enge for identifying this) that affects Zope versions up to and including Zope 2.2.4. The issue involves the computation of local roles. In some situations the computation was not climbing the correct hierarchy of folders, sometimes granting local roles inappropriately. This could allow users with privileges in one folder to gain the same privileges in another folder. We *highly* recommend that any Zope site running versions of Zope up to and including 2.2.4 have this hotfix product installed to mitigate the issue. - http://www.zope.org/Products/Zope/Hotfix_2000-12-15/README.txt - http://www.zope.org/Products/Zope/Hotfix_2000-12-15/Hotfix_2000-12-15.tgz The hotfix will work for all versions of Zope 2.2.0 and higher. A future version of Zope will contain the fix for this issue, and you will be able to uninstall the hot fix after upgrading. Note that we will be making a Zope 2.2.5 release early next week that includes the fix for this issue as well as the issue addressed by the recent 12/08 hotfix. Brian Lloyd brian(a)digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

1 0

CoreSessionTracking Release 0.2
by Chris McDonough 15 Dec '00

15 Dec '00

I had some reports yesterday of the Core Session Tracking development code not working against recent Zope 2.2 releases, so I removed dependencies in the code on the Interface module which were causing the incompatibilities. CoreSessionTracking 0.1 will work against Zope 2.3a1, but not against Zope 2.2.3, 2.2.4, etc. A new release of the code which has these dependencies removed, 0.2, is available from http://www.zope.org/Members/mcdonc/Products/CoreSessionTracking . This release works against all Zope 2.2.X based systems, AFAIK. Thanks! - Chris

1 0

Zope 2.3.0 on Python 2.0
by Toby Dickenson 12 Dec '00

12 Dec '00

Im running a project on dev.zope.org with the aim of getting Zope 2.3.0 working well on Python 2.0, including the foundation support for Unicode. Anyone interested please take a look at http://dev.zope.org/Wikis/DevSite/Projects/Python20Migration/FrontPage A list of proposed breakages (which I hope are insignificant) is at http://dev.zope.org/Wikis/DevSite/Projects/Python20Migration/RiskFactors Thanks, Toby Dickenson tdickenson(a)geminidataloggers.com

1 0

ANNOUNCE: Zope 2.3.0 alpha 1 Documentation Release
by Michel Pelletier 11 Dec '00

11 Dec '00

On the heels of Brian's announcement, we are gurgling with joy to announce a sychronized release of the Zope Book for the Zope 2.3 alpha release. http://www.zope.org/Members/michel/ZB/ This release marks the first time the book and Zope are "in sync" enough for you to be able to fully try out all the examples and understand all the concepts. This also marks the first time in long time that Zope has a (fairly) complete, up-to-date manual! Truely exciting times are these. Remember though, both the software *and* the manual are alpha, they both will have bugs. Please report any bugs, suggestions, or comments in the book to docs(a)digicool.com. Happy reading! -Michel

1 0

ANNOUNCE: Zope 2.3.0 alpha 1 released...
by Brian Lloyd 11 Dec '00

11 Dec '00

Hello all, As promised, Zope 2.3.0 alpha 1 is now available. You can download it from Zope.org: http://www.zope.org/Products/Zope/2.3.0a1/ This release contains a number of important new usability features, and also marks the first release where a substantial amount of the work done happened in the Fishbowl on dev.zope.org. Some highlights of this release: - Python Scripts are now part of the Zope core. Big whopping kudos to Evan Simpson for all of the work he has put into this! Having Python Scripts in the core will allow people to much more easily separate logic and presentation (and get that logic out of DTML!) More information and prototype documentation for Python Scripts can be found in the dev.zope.org project: http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods - The process of creating an initial user at install time has finally been fixed. Before you had to create a superuser, login as the superuser, create a normal manager, logout, then log back in as the normal manager. This was obtuse and caused big problems for newbies who would log in as the superuser and start trying to work immediately (leading to errors since the superuser cannot own objects). This process is now much more sane. Now, at install time a default initial manager (not a superuser) is created. The superuser has been renamed to the "emergency user" and is not even created by default. If you ever have a need to log in as the emergency user, you can use zpasswd.py to create it. - The new security assertion support has been checked in. For more information and an updated version of the "Zope security for developers" guide see the project on dev.zope.org: http://dev.zope.org/Wikis/DevSite/Projects/DeclarativeSecurity - Added new getId() method to SimpleItem.Item. This should now be used instead of referencing 'object.id' directly, as it is guaranteed to always be a method and to always return the right thing regardless of how the id of the object is stored internally. This relieves DTML writers of the contortions they previously had to go through to handle varying cases of 'id' being a method or an attribute. - Improved Ownership controls. Now you simply choose whether or not to take ownership of sub-objects when taking ownership. Implementation details about whether ownership is implicit or explicit are no longer forced on the user. - Unit testing infrastructure for the Zope core. PyUnit has been checked in, and a utility has been added that will allow us to incrementally begin accumulating (and running) test suites. The new testrunner.py in the utilities directory is a basic utility for running PyUnit based unit tests. It can be used to run all tests found in the Zope tree, all test suites in a given directory or in specific files. The testrunner will be used to ensure that all checked in tests pass before releases are made. For more information, see the docstring of the actual testrunner.py module. For more information on what is new in this release, see the CHANGES.txt and HISTORY.txt files for the release: http://www.zope.org/Products/Zope/2.3.0a1/CHANGES.txt http://www.zope.org/Products/Zope/2.3.0a1/HISTORY.txt *Please note* that we do not build binary distributions for alpha releases - the alpha is available as a source release only. When we move into the beta period for 2.3, we will build and distribute binary releases. Brian Lloyd brian(a)digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

1 0

SECURITY alert and hotfix release
by Brian Lloyd 08 Dec '00

08 Dec '00

Hi all, Aleksander Salwa has brought a security issue to our attention that affects all Zope versions up to and including Zope 2.2.4. We have released a Hotfix product to address the issue that can be downloaded from zope.org. (Thanks to Aleksander for finding this and to Shane Hathaway for his quick response in resolving it!) The issue involves security registration of "legacy" names for certain object constructors such as the constructors for DTML Method objects. Security was not being applied correctly for the legacy names, making it possible to call those constructors without the permissions that should have been required. This issue could allow anonymous users with enough internal knowledge of Zope to instantiate new DTML Method instances through the Web. The hotfix for this issue is available on the zope.org web site: o http://www.zope.org/Products/Zope/Hotfix_2000-12-08/Hotfix_2000-12-08.tgz We *highly* recommend that any Zope site running versions of Zope up to and including 2.2.4 have this hotfix product installed to mitigate the issue. The hotfix will work for all versions of Zope 2.2.0 and higher. A future version of Zope will contain the fix for this issue, and you will be able to uninstall the hot fix after upgrading. Brian Lloyd brian(a)digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

Zope-Announce December 2000