Synopsis:
Due to an error in the cAccessControl module of Zope it is possible to
bring down a complete Zope site as documented in
http://mail.zope.org/pipermail/zope-dev/2004-December/024087.html
This exploit causes a segmentation fault of the Python interpreter.
Vulnerable for this exploit are at least all Zope installations
that allow untrusted users to edit ZPTs (possibly DTML as well) either
through the ZMI or through the file system.
Affected versions:
Zope 2.7.X, Zope 2.8.X
Recommended solution:
Turn off cAccessControl and enable the Python AccessControl
implementation
in etc/zope.conf (this line is commented in the default configuration):
security-policy-implemenation python
A fixed implementation of cAccessControl will be included in the upcoming
Zope 2.7.4 beta 2 release.
----
Andreas Jung
Zope 2 Release Manager
Dear Zope Community,
on behalf of Zope Corporation and all Zope 2 developers and contributors
I am pleased to announce the release of Zope 2.7.4 RC1.
This release is a maintenance release and fixes a lot of bugs (too much
to mention them all here).
Zope 2.7.4 RC 1 can be downloaded from
http://www.zope.org/Products/Zope/2.7.4rc1
The release notes can be found at
http://www.zope.org/Products/Zope/2.7.4rc1/CHANGES.txt
For informations on using Python 2.4 with Zope 2.7: see doc/INSTALL.txt
Andreas Jung
Silva is an easy to use, open source, enterprise-class content
management system with a focus on structured content and XML. It comes
with a fully integrated browser-based WYWIWYG editor (Kupu), and has
extensive XML support, such as XSLT-based rendering of content. Silva
separates public website layout from its user interface, so that it is
easy to completely customize Silva to use the layout templates for
your website.
Silva 1.1 includes the following new features:
* XSLT support for rendering Silva objects. This adds more flexibility
to the way Silva objects are presented, and when used also provides
a nice performance boost. XSLT support can optionally be enabled on
a per-object basis. XSLT support needs libxml2/libxslt, but Silva
also continues to work if you do not have these installed.
* A new XML export/system that can also export and import asset data
in a zip file.
* abbr and acronym support for both forms editor and Kupu.
* New parser for SilvaDocument forms-based editor, using a HTML subset
instead of the old-style method using special characters. This
should increase the performance of the parser and makes it easier to
use.
Silva 1.1.1 is a bugfix release, and includes:
* new feature: an XSLT renderer that can render documents without the
main title at the top. This can be useful in layout templates that
already include this title.
* Silva 1.1.1 is Zope 2.7.3 compatible.
* A number of bugfixes.
Silva 1.1.1 works with Silva News 1.0 and SilvaExternalSources 0.9.1,
both to be found on the Infrae website.
Download Silva here:
http://www.infrae.com/download/Silva/
The easiest way is to download the Silva-1.1.1-all.tgz file, and
unpack this in your products directory. See the INSTALL.txt included
in the Silva product for more information.
For Silva extensions such as SilvaNews and SilvaExternalSources, lease
see the overview here:
http://www.infrae.com/download/
For more information about Silva, please see:
http://www.infrae.com/products/silva
I am happy to announce the 1.0 release of zasync, a Zope 2 product that
enables tasks to be done asynchronously via a Twisted ZEO Client.
http://www.zope.org/Members/poster/zasync
What is it?
zasync is a Zope 2 product that enables tasks to be done
asynchronously. If your application needs to allow users to request
that a long-running job be performed, but the user (and the Zope
thread) shouldn't be tied up waiting for the job to complete, zasync is
one possible solution. When the result of the job is ready, zasync
supports both push and pull: the response can trigger TALES expressions
run in the security context of the user who made the call, or the call
manager can be polled to see if the response is ready.
What are some examples of a long-running job?
- you need to poll a database that may take a very long time to respond
- you need the app to download something off the internet, maybe big,
maybe just with a big timeout
- you need to do a long-running transaction within Zope itself
(SUPPORTED, BUT HERE BE DRAGONS, i.e. ConflictError fun, particularly
pre-Zope 2.8)
- you want the user to be associated with a long-running socket (e.g.,
an IM server component or a client) that should not be turned on and
off within a single transaction
How does it work?
zasync is comprised of two sides: the side that lives in Zope and
allows users to make asynchronous calls and poll for results; and the
worker that actually does the jobs. The worker is intended to be
pluggable, maybe eventually supporting workers that live within the
main Zope process so that developer boxes and low-load servers can use
a worker simply. However, zasync 1.0 ships with a single worker: a ZEO
client driven by the Twisted reactor.
A Twisted ZEO client?
Yup. The approach has some nice scalability advantages (it can be run
on a different box, for instance). It also comes with a few plugins, a
couple for LDAP calls and one for calling back into Zope to do tasks.
A plugin simply is a registered callable that can return a result
(unlikely) or a deferred (much more likely). The zasync client
includes meaty logging. The ZEO client must be configured using a
standard ZConfig schema, and started using a (very bare bones at the
moment) shell script. Disadvantages include the fact that you have
another process to keep track of, and that you have to keep up with an
additional configuration.
Are there any docs?
Yup. Of course, not as many or of as high a quality as I'd like.
There's a README and a doctest for the call manager, as well as some
docs and tests for some of the components.
Is it easy to set up?
Uh. If you know zope.conf then it shouldn't be too hard to modify the
files you need to. I tried to include reasonable directions.
Does it work on Windows?
I imagine you could make it work on Windows: I wanted to make sure it
was a possibility. I haven't yet. You might just need to get the
start script right...
Does it work on UNIX-ish stuff?
Yup, it should work on a UNIX-ish system that runs the current stable
Zope.
What does the future hold?
Wouldn't we all like to know. This product is in active use at the
moment, so development, or at least bug fixes, are likely. I hope to
port this to Zope 3, refactoring as I go to take advantages of lessons
learned and maybe including the simpler non-ZEO worker also so that it
is easier for developers and simpler deployments to get started.
Is this in a public version control repository?
Yup. http://cvs.zope.org/Packages/zasync/ . Shoulda been in Products:
oh well. :-) It has a package in there, at least...
Thanks to Zope Corporation for open sourcing this product!
Gary
Dear Zope Community,
on behalf of Zope Corporation and all Zope 2 developers and contributors
I am pleased to announce the release of Zope 2.7.4 b2.
This release is a maintenance release and fixes a lot of bugs (too much
to mention them all here).
Zope 2.7.4b2 can be downloaded from
http://www.zope.org/Products/Zope/2.7.4b2
The release notes can be found at
http://www.zope.org/Products/Zope/2.7.4b2/CHANGES.txt
Andreas Jung
Hello:
I did some work regarding SOAP support on ZOPE and published this
document on zope.org.
The link for this document is
http://zope.org/Members/arunacgx/SOAP%20Support%20on%20Zope/file_view
I would like to get feedback/suggestion regarding this document.
With Regards,
Aruna Kathiriya
Sr.Consultant,
CIGNEX Technologies, Inc
T: 408.327.9900 x 314
F: 408.273.6785
C: 408.896.1330
E: aruna(a)cignex.com
U: www.cignex.com
"Implement IT Right"
CPS 3.3.0 (devel branch) released
CPS 3.3.0 has been released. This is the first devel release since CPS
3.2.0 (stable) was released in september 2004.
Of course, the development has been available in real time using CVS:
* http://cvs.nuxeo.org/cgi-bin/viewcvs.cgi/CPS3/
* http://cvstrac.nuxeo.org/
What's new in CPS 3.3.0 ?
* CPSCore refactoring
* I18n of content (multilingual documents and containers)
* Start of CPSSkins integration
* More unit tests, including regression tests
* Stack workflow
* OpenOffice.org integration
* CPSUserFolder now does everything that NuxUserGroups used to do
* Lots of CPSSkins work (full CPSSkins integration to be done in CPS
3.3.1)
* Webmail improvements
* TypeMaker improvements
* Calendar improvements
* Subscriptions improvements
* Numerous XHTML / CSS fixes
* Zope 2.8 and CMF 1.5 compatibility fixes (must be tested!)
* Many more (more than 2000 commits since CPS 3.2.0)
Download urls
We have made two packages:
CPS-3.3.0.tar.gz for CPS 3.3.0 with CMF 1.4.7 and
CPS-3.3.0-cmf15.tar.gz for CPS 3.3.0 with CMF 1.5.0. We only have
made extensive tests with the former. We expect, however, to switch to
CMF 1.5 when releasing CPS 3.3.1. We need your help in testing CPS
3.3 with CMF 1.5 to ensure that CPS 3.3.1 doesn't have bugs related to
the CMF 1.4 to 1.5 switch.
The packages are available here:
http://zope.org/Members/nuxeo/Products/CPS3/CPS-3.3.0/folder_contents
About CPS
Nuxeo CPS is an extensive collaborative Web content management system
(CMS) implemented on top of Zope and the CMF, that enables
organizations to easily, quickly and efficiently implement
collaborative portals (intranet, extranet or internet) and
workflow-oriented business applications. Nuxeo CPS has already been
adopted by major accounts in the Administration (French Ministries of
Interior, of Culture, of Finance, of Justice, French Atomic Energy
Commission...), in the private sector (Groupe Suez,
STMicroelectronics...) and by the major french IT consultancies
(Capgemini, Unilog, Steria, Transiciel...). CPS is developped by
Nuxeo and a community of contributors.
Thanks
Many thanks to the CPS3 developers, testers, translators around the
world. Special thanks to Jean-Marc Orliaguet.
--
Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile).
Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps
Gestion de contenu web / portail collaboratif / groupware / open source!
Connexions is pleased to announce the initial release of FSDumpTool.
What is FSDumpTool?
===================
Inspired by Tres Seaver's FSDump, FSDumpTool is a CMF tool for exporting
and importing content between the filesystem and the ZODB.
How does it differ from FSDump?
===============================
- It's bidirectional: FSDumpTool supports both exporting *to* and
importing *from* the filesystem.
- FSDumpTool is designed specifically for CMF content objects. It
allows you to configure "dump" parameters on a per content-type basis.
- Easily extensible through pluggable "Dumpers" to handle various
metadata properties (currently supports DublinCore. Help wanted writing
Dumpers for workflow state, local roles, etc.)
Where to find it?
==================
FSDumpTool development is sponsored by the Connexions Project
(http://cnx.rice.edu) and may be downloaded here:
http://software.cnx.rice.edu/downloads/zope/FSDumpTool/
CVS access is available through the collective on SourceForge:
http://cvs.sourceforge.net/viewcvs.py/collective/FSDumpTool/
Feedback and contributions welcome
Brent Hendricks
--
-------------------------------------------------------------------------
"The programmer, like the poet, works only slightly removed from pure
thought-stuff. He builds his castles in the air, from air, creating
by exertion of the imagination. Few media of creation are so
flexible, so easy to polish and rework, so readily capable of
realizing grand conceptual structures."
-- Frederick Brooks, Jr., The Mythical Man Month
CPS 3.2.3 has been released.
It features several important bugfixes over the previous stable release,
CPS 3.2.1 (CPS 3.2.2 had issues and was not released publicly).
We recommend that production sites using the stable branch (CPS 3.2) be
upgraded to CPS 3.2.3.
Download:
http://zope.org/Members/nuxeo/Products/CPS3/CPS-3.2.3/
About CPS:
Nuxeo CPS is an extensive collaborative Web content management system
(CMS) implemented on top of Zope and the CMF. Nuxeo CPS enables
organizations to easily, quickly and efficiently implement collaborative
intranet, extranet or internet applications.
More info on CPS3:
http://zope.org/Members/nuxeo/Products/CPS3/
S.
--
Stéfane Fermigier, Tel: +33 (0)6 63 04 12 77 (mobile).
Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps
Gestion de contenu web / portail collaboratif / groupware / open source!
Hi,
ZopeMag, the only Magazine focused on Zope technology, is looking for a
few more article proposals for Issues 10 and 11.
We are particularly interested in Zope 3, CMF, ZEO, Plone, CPS and
Silva articles.
ZopeMag pays for all article submissions and authors also receive a
complimentary one year subscription.
See our writer's guidelines for more details:
http://www.zopemag.com/writefor.html
Regards,
Mark Pratt