-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On behalf of Zope Corporation and the Zope community I am pleased to
announce the release of Zope 2.8.9.1. You can download the sources
from "http://www.zope.org/Products/Zope/2.8.9.1/",
http://www.zope.org/Products/Zope/2.8.9.1
This bugfix release corrects a problem introduced in 2.8.9, which
prevented starting Zope in "background" / "daemonized" mode.
New features of Zope 2.8.x
- ZODB 3.4 with MVCC (multi version concurrency control) support.
MVCC solves nearly every problem with ZODB read-conflict errors
which is very important for high-traffic Zope sites.
- Extension Classes were rewritten as Python new-style classes making
all features of Python new-style classes available in Zope
objects. This includes support for cyclic garbage collection.
- Integration of Zope 3 technologies through Five
(see http://codespeak.net/z3/five/)
More Information
For more information on what is new in this release, see the
CHANGES.txt files for the release:
"http://www.zope.org/Products/Zope/2.8.9.1/CHANGES.txt",
http://www.zope.org/Products/Zope/2.8.9.1/CHANGES.txt
See also:
"http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView"
http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView
For more information on the available Zope releases, guidance for
selecting the right distribution and installation instructions,
please see:
"http://www.plope.com/Books/2_7Edition/InstallingZope.stx",
http://www.plope.com/Books/2_7Edition/InstallingZope.stx
Reporting Bugs
Please report all the bugs you have found to the Zope bugtracker:
"http://collector.zope.org/Zope",
http://collector.zope.org/Zope
Supported Python versions
At this time the only **supported** and **recommended** Python
versions are 2.3.5 and 2.3.6.
Using Python 2.4.X is **not supported** and **not recommended** at
this time. Python 2.4.X will be supported when a security audit takes
place.
This means that you are using Python 2.4 + Zope 2.8 at **your own
risk**. This warning also applies to binary packages that install Zope
packages ogether with a system wide Python 2.4 installation (e.g.
Fedora, SuSE...).
Such installations are in general not supported. In addition there
some third-party products and Python packages that don't work with
Python 2.4 and can cause trouble when using Python 2.4.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver(a)palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGDCIL+gerLs4ltQ4RAjV8AJ4qc4gChSxhoDQC2E+l+5UbbTr2kgCgiDZf
f23x570Y4wNvsWcS55QZ8+o=
=CNr8
-----END PGP SIGNATURE-----
27 march 2007 – Infrae has released version 1.6 of the Silva content
management system. This release brings a range of improvements and
several key new features, such as automatic PDF and Word file fulltext
indexing, Atom/RSS feeds from containers, ‘classic’ list-based menu
rendering, and additions to the documentation. Performance has been
significantly improved by changing how containers are published and
optimizing calls to the metadata service.
Silva Find
The Silva Find extension has been renovated to take advantage of the PDF
and Word file fulltext cataloging. It now supports search by all
metadata fields, including those in your custom sets. The search and
result views can be extensively customized. Silva Find is included in
the silva-extra tarball.
Major changes in Silva 1.6
* The published state of containers is now determined by the state of
the index document, as opposed to nested content, resulting in a
significant performance gain.
* Index items are now distinguished from simple anchors, and the Indexer
content type has been improved. Old index items will be gracefully upgraded.
* The page language can now be based on the metadata setting. This also
opens up many possibilities for multi-language sites.
* Silva now uses ZCML for registration of Silva extensions and the
content types they define. See doc/developer_changes.txt. Developers
should read doc/extension.txt.
* Many i18n changes:
o New languages
o i18n fixes
* Lots of bugfixes and subtle improvements.
* This is one of the best tested final releases in Silva’s history.
Many thanks to all who contributed.
See HISTORY.txt in the Silva core package for more information about
changes in Silva 1.6. For developer-level changes, see
doc/developer_changes. Also see the changes in components such as Silva
Metadata, External Sources, etc.
What is Silva?
Silva is an enterprise-class CMS designed for large organizations that
manage multiple or complex websites. Content is stored in clean and
future-proof XML, independent of layout and presentation. Features
include a multi-version workflow system, XSLT rendering support, content
reuse in multiple publications, sophisticated access management,
extensive import/export facilities, fine-grained templating, and hi-res
image storage and manipulation. Silva and its extensions are open source
software.
For more complete information, see the Silva Product Pages at
http://www.infrae.com/products/silva.
Download
The package can be downloaded from http://www.infrae.com/download/Silva.
Links to developer mailing lists, the issue tracker, and info about SVN
access can be found on the Silva product page.
Contact
FMI contact Eric Casteleijn, eric at infrae com, +31 10 243 7051.
--
- eric casteleijn
http://infrae.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc Balmer wrote:
> Andreas Jung wrote:
>
>> I uploaded corrected versions of the Zope 2.9.7 and 2.10.3 tar-balls.
>> The tar-balls released yesterday contained a bug that caused
>> a startup failure when using "zopectl start".
>
> don't do this again.
Don't do what? I was about to agree, as I don't think re-releasing
under the same version number was correct: the new releases should be
2.9.7.1, 2.10.3.1, or something similary (or bump to 2.9.8, 2.10.4).
> this bug is so obvious to catch that I have some serious doubts about
> your software testing process. are you releasing totally untested code?
> can we trust your releases in the future, will you change sth in your
> process?
The testing that gets done is not done from "released" tarballs, but
from subversion checkouts. This was a bug in the process that created
the tarball from a checkout, and not in the underlying Zope software
itself. I *think* it also affected only those who build and install
Zope as root, although I can't tell for sure, since the tarballs have
been replaced. At any rate, I *never* build, install, or run Zope as
root, and hence would never have noticed the problem, even if I were
doing the releases myself.
> Releasing software as a security fix that does not even start makes you
> look like a moron, I am sorry to say.
Too harsh. Certainly nobody likes having released a "brown bagger", but
mistakes do happen.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver(a)palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGCDHa+gerLs4ltQ4RAqHbAJ9UvloqzCCj9NrCaGSeYZDfZduaJwCdFH5l
ydlyxzoHGP7aNnVjG1IJClU=
=6vHA
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A vulnerability has been discovered in Zope, where by certain types of
misuse of HTTP GET, an attacker could gain elevated privileges. All
Zope versions up to and including 2.10.2 are affected.
Overview
This hotfix removes the exploit by mandating that security setting
alterations can only be made through POST requests. This
vulnerability
has been fixed in the Zope 2.8, 2.9 and 2.10 branches and all future
releases of Zope will include this fix.
Do note that this patch only affects direct requests to the security
methods; any 3rd-party code that calls these methods indirectly may
still be affected.
Hotfix
We have prepared a hot fix for this problem
at:
"http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Hotfix-20070320/",
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Hotfix-20070320/.
This hotfix should be installed as soon as possible.
To install, simply extract the archive into your Products
directory in your Zope installation.
See: "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Hotfix-20070320/README.txt",
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Hotfix-20070320/README.txt,
for installation instructions.
- --
Martijn Pieters
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFF/54F3xaj2GOvgP0RAt2tAJ9YjecowrNAEx08+6GdxNP4sk4aagCfaODt
aeZE9vqYxwF3ICjrHVcAFNE=
=DnMj
-----END PGP SIGNATURE-----
The Zope Foundation has been accepted as a mentoring organization in
this year's Google Summer of Code project. That means chosen students
who want to hack on one of the Zope projects (Zope 2, Zope 3, ZODB, CMF,
grok, ...) this coming summer will get paid USD 4,500 if they
successfully complete a project.
What can you work on?
---------------------
See project suggestions at http://wiki.zope.org/zope3/SummerOfCode2007.
You may also come up with your own suggestions.
Who can apply?
--------------
Anybody eligible for the GSoC program. See
http://code.google.com/support/bin/answer.py?answer=60279&topic=10730.
How do I apply?
---------------
You may apply until March 24th through the GSoC webapp. See
http://code.google.com/support/bin/answer.py?answer=60306&topic=10727
for more info.
If you have any questions, feel free to ask questions on the
gsoc(a)zope.org (http://mail.zope.org/mailman/listinfo/gsoc) mailinglist.
--
http://worldcookery.com -- Professional Zope documentation and training
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The CMF developer community is hereby announcing the release of CMF
version 2.1.0-beta. The CMF 2.1 series will be used as the foundation
for the Plone 3.0 release, which will see its first beta over the next
few days as well.
What is the CMF?
The Zope Content Management Framework provides a set of services and
content objects useful for building highly dynamic, content-oriented
portal sites. The CMF provides the foundation for popular software
packages such as Plone. It is intended to be easily customizable, in
terms of both the types of content used and the policies and services
it provides.
Where do I get it?
For release files, change logs, installation instructions and more
please visit http://www.zope.org/Products/CMF/CMF-2.1.0-beta.
Roadmap and release information can be found at
http://www.zope.org/Products/CMF/docs/roadmap.
The CMF mailing list can be reached at the zope-cmf(a)zope.org address,
to sign up please visit http://mail.zope.org/mailman/listinfo/zope-
cmf.
Please file bug reports, feature requests or suggestions in the CMF
bug collector at http://www.zope.org/Collectors/CMF .
What has changed since the last release?
IMPORTANT NOTE:
If you upgrade an existing CMF instance to CMF 2.1, please see
INSTALL.txt for instructions on how to run a separate upgrade
script.
New Features
- CMFCalendar: Zope3 style browser views are now used by default.
An additional setup profile allows you to hook up the oldstyle
skins and
to make customizations TTW.
- DirectoryView: Added 'registerDirectory' ZCML directive.
Using the old registerDirectory method in __init__.py is now
deprecated.
See zcml.IRegisterDirectoryDirective for details.
- DirectoryView: Added support for non-product packages.
This introduces new registry keys. Old registry keys stored in
persistent DirectoryView objects are updated on the fly.
(http://www.zope.org/Collectors/CMF/467)
- Document: Added two new methods for safety belt handling.
- setup handlers: Improved properties handler.
It now works with properties using a default_charset other
than UTF-8.
- Merged patches from Martin Aspeli to enable generating events
before
and after DCWorkflow transitions, and in the 'notify' methods
of the
workflow tool (http://www.zope.org/Collectors/CMF/461).
Bug Fixes
- CMFUid.UniqueIdHandlerTool: Touching the internal UID value on a
content item will not cause reindexing all indices anymore,
only the
specific UID index will be touched.
(http://www.zope.org/Collectors/CMF/469)
- CMFCore.MembershipTool: Fixed inconsistent behavior where
member lookup
would take all user folders up to the Zope root into account
whereas
member area creation would not.
- CMFCore.MembershipTool/CMFDefault.MembershipTool: when using an
object without a __nonzero__ but with a __len__ (ala
CMFBTreeFolder) as a member folder, the createMemberArea method
would believe there was no members folder if the folder was
empty, and so would fail (change "not membersfolder" to
"membersfolder is not None") .
- CMFDefault.File and CMFDefault.Image: Restored ZMI Cache tab
which was
lost in CMF 1.6.
- CMFCore.DynamicType: Fixed behaviour regarding default view.
DynamicType was making it impossible to use a Zope3-style
default view for CMF content types.
(http://www.zope.org/Collectors/CMF/459)
Others
- Tool lookup and registration is now done "the Zope 3 way" as
utilities.
Please see docs/ToolsAreUtilities.txt for some developer notes.
- CMFCore utils: Marked 'minimalpath' and 'expandpath' as
deprecated.
- The CMF now depends on Zope 2.10.2 or higher.
jens
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFF8SvFRAx5nvEhZLIRAoMdAKCpDmPch1uLAR6g/3Xq+x3F12w1kgCfZKsa
qVpT3k6bRXm6C+dutlylMMk=
=94JT
-----END PGP SIGNATURE-----
Spaceman is a simple utility to help determine what's eating up your
diskspace. It might just be old transactions, in which case a pack will
do or it might be big objects somewhere.
The script can be downloaded from here:
http://products.nidelven-it.no/spaceman
-Morten