December 2004 - Zope-Announce

[Security advisory] Zope 2.7 + 2.8
by Andreas Jung 12 Jan '05

12 Jan '05

Synopsis: Due to an error in the cAccessControl module of Zope it is possible to bring down a complete Zope site as documented in http://mail.zope.org/pipermail/zope-dev/2004-December/024087.html This exploit causes a segmentation fault of the Python interpreter. Vulnerable for this exploit are at least all Zope installations that allow untrusted users to edit ZPTs (possibly DTML as well) either through the ZMI or through the file system. Affected versions: Zope 2.7.X, Zope 2.8.X Recommended solution: Turn off cAccessControl and enable the Python AccessControl implementation in etc/zope.conf (this line is commented in the default configuration): security-policy-implemenation python A fixed implementation of cAccessControl will be included in the upcoming Zope 2.7.4 beta 2 release. ---- Andreas Jung Zope 2 Release Manager

2 1

[ANN] Zope 2.7.4 RC1 released
by Andreas Jung 23 Dec '04

23 Dec '04

Dear Zope Community, on behalf of Zope Corporation and all Zope 2 developers and contributors I am pleased to announce the release of Zope 2.7.4 RC1. This release is a maintenance release and fixes a lot of bugs (too much to mention them all here). Zope 2.7.4 RC 1 can be downloaded from http://www.zope.org/Products/Zope/2.7.4rc1 The release notes can be found at http://www.zope.org/Products/Zope/2.7.4rc1/CHANGES.txt For informations on using Python 2.4 with Zope 2.7: see doc/INSTALL.txt Andreas Jung

1 0

Silva 1.1.1 released
by Martijn Faassen 21 Dec '04

21 Dec '04

Silva is an easy to use, open source, enterprise-class content management system with a focus on structured content and XML. It comes with a fully integrated browser-based WYWIWYG editor (Kupu), and has extensive XML support, such as XSLT-based rendering of content. Silva separates public website layout from its user interface, so that it is easy to completely customize Silva to use the layout templates for your website. Silva 1.1 includes the following new features: * XSLT support for rendering Silva objects. This adds more flexibility to the way Silva objects are presented, and when used also provides a nice performance boost. XSLT support can optionally be enabled on a per-object basis. XSLT support needs libxml2/libxslt, but Silva also continues to work if you do not have these installed. * A new XML export/system that can also export and import asset data in a zip file. * abbr and acronym support for both forms editor and Kupu. * New parser for SilvaDocument forms-based editor, using a HTML subset instead of the old-style method using special characters. This should increase the performance of the parser and makes it easier to use. Silva 1.1.1 is a bugfix release, and includes: * new feature: an XSLT renderer that can render documents without the main title at the top. This can be useful in layout templates that already include this title. * Silva 1.1.1 is Zope 2.7.3 compatible. * A number of bugfixes. Silva 1.1.1 works with Silva News 1.0 and SilvaExternalSources 0.9.1, both to be found on the Infrae website. Download Silva here: http://www.infrae.com/download/Silva/ The easiest way is to download the Silva-1.1.1-all.tgz file, and unpack this in your products directory. See the INSTALL.txt included in the Silva product for more information. For Silva extensions such as SilvaNews and SilvaExternalSources, lease see the overview here: http://www.infrae.com/download/ For more information about Silva, please see: http://www.infrae.com/products/silva

1 0

zasync 1.0 released
by Gary Poster 17 Dec '04

17 Dec '04

I am happy to announce the 1.0 release of zasync, a Zope 2 product that enables tasks to be done asynchronously via a Twisted ZEO Client. http://www.zope.org/Members/poster/zasync What is it? zasync is a Zope 2 product that enables tasks to be done asynchronously. If your application needs to allow users to request that a long-running job be performed, but the user (and the Zope thread) shouldn't be tied up waiting for the job to complete, zasync is one possible solution. When the result of the job is ready, zasync supports both push and pull: the response can trigger TALES expressions run in the security context of the user who made the call, or the call manager can be polled to see if the response is ready. What are some examples of a long-running job? - you need to poll a database that may take a very long time to respond - you need the app to download something off the internet, maybe big, maybe just with a big timeout - you need to do a long-running transaction within Zope itself (SUPPORTED, BUT HERE BE DRAGONS, i.e. ConflictError fun, particularly pre-Zope 2.8) - you want the user to be associated with a long-running socket (e.g., an IM server component or a client) that should not be turned on and off within a single transaction How does it work? zasync is comprised of two sides: the side that lives in Zope and allows users to make asynchronous calls and poll for results; and the worker that actually does the jobs. The worker is intended to be pluggable, maybe eventually supporting workers that live within the main Zope process so that developer boxes and low-load servers can use a worker simply. However, zasync 1.0 ships with a single worker: a ZEO client driven by the Twisted reactor. A Twisted ZEO client? Yup. The approach has some nice scalability advantages (it can be run on a different box, for instance). It also comes with a few plugins, a couple for LDAP calls and one for calling back into Zope to do tasks. A plugin simply is a registered callable that can return a result (unlikely) or a deferred (much more likely). The zasync client includes meaty logging. The ZEO client must be configured using a standard ZConfig schema, and started using a (very bare bones at the moment) shell script. Disadvantages include the fact that you have another process to keep track of, and that you have to keep up with an additional configuration. Are there any docs? Yup. Of course, not as many or of as high a quality as I'd like. There's a README and a doctest for the call manager, as well as some docs and tests for some of the components. Is it easy to set up? Uh. If you know zope.conf then it shouldn't be too hard to modify the files you need to. I tried to include reasonable directions. Does it work on Windows? I imagine you could make it work on Windows: I wanted to make sure it was a possibility. I haven't yet. You might just need to get the start script right... Does it work on UNIX-ish stuff? Yup, it should work on a UNIX-ish system that runs the current stable Zope. What does the future hold? Wouldn't we all like to know. This product is in active use at the moment, so development, or at least bug fixes, are likely. I hope to port this to Zope 3, refactoring as I go to take advantages of lessons learned and maybe including the simpler non-ZEO worker also so that it is easier for developers and simpler deployments to get started. Is this in a public version control repository? Yup. http://cvs.zope.org/Packages/zasync/ . Shoulda been in Products: oh well. :-) It has a package in there, at least... Thanks to Zope Corporation for open sourcing this product! Gary

1 0

[ANN] Zope 2.7.4b2 released
by Andreas Jung 15 Dec '04

15 Dec '04

Dear Zope Community, on behalf of Zope Corporation and all Zope 2 developers and contributors I am pleased to announce the release of Zope 2.7.4 b2. This release is a maintenance release and fixes a lot of bugs (too much to mention them all here). Zope 2.7.4b2 can be downloaded from http://www.zope.org/Products/Zope/2.7.4b2 The release notes can be found at http://www.zope.org/Products/Zope/2.7.4b2/CHANGES.txt Andreas Jung

1 0

SOAP Support on ZOPE
by Aruna Kathiria 14 Dec '04

14 Dec '04

Hello: I did some work regarding SOAP support on ZOPE and published this document on zope.org. The link for this document is http://zope.org/Members/arunacgx/SOAP%20Support%20on%20Zope/file_view I would like to get feedback/suggestion regarding this document. With Regards, Aruna Kathiriya Sr.Consultant, CIGNEX Technologies, Inc T: 408.327.9900 x 314 F: 408.273.6785 C: 408.896.1330 E: aruna(a)cignex.com U: www.cignex.com "Implement IT Right"

1 0

CPS 3.3.0 (devel branch) released
by Stefane Fermigier 14 Dec '04

14 Dec '04

CPS 3.3.0 (devel branch) released CPS 3.3.0 has been released. This is the first devel release since CPS 3.2.0 (stable) was released in september 2004. Of course, the development has been available in real time using CVS: * http://cvs.nuxeo.org/cgi-bin/viewcvs.cgi/CPS3/ * http://cvstrac.nuxeo.org/ What's new in CPS 3.3.0 ? * CPSCore refactoring * I18n of content (multilingual documents and containers) * Start of CPSSkins integration * More unit tests, including regression tests * Stack workflow * OpenOffice.org integration * CPSUserFolder now does everything that NuxUserGroups used to do * Lots of CPSSkins work (full CPSSkins integration to be done in CPS 3.3.1) * Webmail improvements * TypeMaker improvements * Calendar improvements * Subscriptions improvements * Numerous XHTML / CSS fixes * Zope 2.8 and CMF 1.5 compatibility fixes (must be tested!) * Many more (more than 2000 commits since CPS 3.2.0) Download urls We have made two packages: CPS-3.3.0.tar.gz for CPS 3.3.0 with CMF 1.4.7 and CPS-3.3.0-cmf15.tar.gz for CPS 3.3.0 with CMF 1.5.0. We only have made extensive tests with the former. We expect, however, to switch to CMF 1.5 when releasing CPS 3.3.1. We need your help in testing CPS 3.3 with CMF 1.5 to ensure that CPS 3.3.1 doesn't have bugs related to the CMF 1.4 to 1.5 switch. The packages are available here: http://zope.org/Members/nuxeo/Products/CPS3/CPS-3.3.0/folder_contents About CPS Nuxeo CPS is an extensive collaborative Web content management system (CMS) implemented on top of Zope and the CMF, that enables organizations to easily, quickly and efficiently implement collaborative portals (intranet, extranet or internet) and workflow-oriented business applications. Nuxeo CPS has already been adopted by major accounts in the Administration (French Ministries of Interior, of Culture, of Finance, of Justice, French Atomic Energy Commission...), in the private sector (Groupe Suez, STMicroelectronics...) and by the major french IT consultancies (Capgemini, Unilog, Steria, Transiciel...). CPS is developped by Nuxeo and a community of contributors. Thanks Many thanks to the CPS3 developers, testers, translators around the world. Special thanks to Jean-Marc Orliaguet. -- Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile). Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps Gestion de contenu web / portail collaboratif / groupware / open source!

1 0

FSDumpTool 0.1 released
by Brent Hendricks 13 Dec '04

13 Dec '04

Connexions is pleased to announce the initial release of FSDumpTool. What is FSDumpTool? =================== Inspired by Tres Seaver's FSDump, FSDumpTool is a CMF tool for exporting and importing content between the filesystem and the ZODB. How does it differ from FSDump? =============================== - It's bidirectional: FSDumpTool supports both exporting *to* and importing *from* the filesystem. - FSDumpTool is designed specifically for CMF content objects. It allows you to configure "dump" parameters on a per content-type basis. - Easily extensible through pluggable "Dumpers" to handle various metadata properties (currently supports DublinCore. Help wanted writing Dumpers for workflow state, local roles, etc.) Where to find it? ================== FSDumpTool development is sponsored by the Connexions Project (http://cnx.rice.edu) and may be downloaded here: http://software.cnx.rice.edu/downloads/zope/FSDumpTool/ CVS access is available through the collective on SourceForge: http://cvs.sourceforge.net/viewcvs.py/collective/FSDumpTool/ Feedback and contributions welcome Brent Hendricks -- ------------------------------------------------------------------------- "The programmer, like the poet, works only slightly removed from pure thought-stuff. He builds his castles in the air, from air, creating by exertion of the imagination. Few media of creation are so flexible, so easy to polish and rework, so readily capable of realizing grand conceptual structures." -- Frederick Brooks, Jr., The Mythical Man Month

1 0

CPS 3.2.3 released
by Stefane Fermigier 13 Dec '04

13 Dec '04

CPS 3.2.3 has been released. It features several important bugfixes over the previous stable release, CPS 3.2.1 (CPS 3.2.2 had issues and was not released publicly). We recommend that production sites using the stable branch (CPS 3.2) be upgraded to CPS 3.2.3. Download: http://zope.org/Members/nuxeo/Products/CPS3/CPS-3.2.3/ About CPS: Nuxeo CPS is an extensive collaborative Web content management system (CMS) implemented on top of Zope and the CMF. Nuxeo CPS enables organizations to easily, quickly and efficiently implement collaborative intranet, extranet or internet applications. More info on CPS3: http://zope.org/Members/nuxeo/Products/CPS3/ S. -- Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile). Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps Gestion de contenu web / portail collaboratif / groupware / open source!

1 0

ZopeMag looking for articles
by Mark Pratt 13 Dec '04

13 Dec '04

Hi, ZopeMag, the only Magazine focused on Zope technology, is looking for a few more article proposals for Issues 10 and 11. We are particularly interested in Zope 3, CMF, ZEO, Plone, CPS and Silva articles. ZopeMag pays for all article submissions and authors also receive a complimentary one year subscription. See our writer's guidelines for more details: http://www.zopemag.com/writefor.html Regards, Mark Pratt

1 0