March 2007 - Zope-Announce

Announcing the Release of Zope version 2.8.9.1
by Tres Seaver 29 Mar '07

29 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On behalf of Zope Corporation and the Zope community I am pleased to announce the release of Zope 2.8.9.1. You can download the sources from "http://www.zope.org/Products/Zope/2.8.9.1/", http://www.zope.org/Products/Zope/2.8.9.1 This bugfix release corrects a problem introduced in 2.8.9, which prevented starting Zope in "background" / "daemonized" mode. New features of Zope 2.8.x - ZODB 3.4 with MVCC (multi version concurrency control) support. MVCC solves nearly every problem with ZODB read-conflict errors which is very important for high-traffic Zope sites. - Extension Classes were rewritten as Python new-style classes making all features of Python new-style classes available in Zope objects. This includes support for cyclic garbage collection. - Integration of Zope 3 technologies through Five (see http://codespeak.net/z3/five/) More Information For more information on what is new in this release, see the CHANGES.txt files for the release: "http://www.zope.org/Products/Zope/2.8.9.1/CHANGES.txt", http://www.zope.org/Products/Zope/2.8.9.1/CHANGES.txt See also: "http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView" http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView For more information on the available Zope releases, guidance for selecting the right distribution and installation instructions, please see: "http://www.plope.com/Books/2_7Edition/InstallingZope.stx", http://www.plope.com/Books/2_7Edition/InstallingZope.stx Reporting Bugs Please report all the bugs you have found to the Zope bugtracker: "http://collector.zope.org/Zope", http://collector.zope.org/Zope Supported Python versions At this time the only **supported** and **recommended** Python versions are 2.3.5 and 2.3.6. Using Python 2.4.X is **not supported** and **not recommended** at this time. Python 2.4.X will be supported when a security audit takes place. This means that you are using Python 2.4 + Zope 2.8 at **your own risk**. This warning also applies to binary packages that install Zope packages ogether with a system wide Python 2.4 installation (e.g. Fedora, SuSE...). Such installations are in general not supported. In addition there some third-party products and Python packages that don't work with Python 2.4 and can cause trouble when using Python 2.4. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver(a)palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDCIL+gerLs4ltQ4RAjV8AJ4qc4gChSxhoDQC2E+l+5UbbTr2kgCgiDZf f23x570Y4wNvsWcS55QZ8+o= =CNr8 -----END PGP SIGNATURE-----

1 0

Silva 1.6 Final Released
by eric casteleijn 27 Mar '07

27 Mar '07

27 march 2007 – Infrae has released version 1.6 of the Silva content management system. This release brings a range of improvements and several key new features, such as automatic PDF and Word file fulltext indexing, Atom/RSS feeds from containers, ‘classic’ list-based menu rendering, and additions to the documentation. Performance has been significantly improved by changing how containers are published and optimizing calls to the metadata service. Silva Find The Silva Find extension has been renovated to take advantage of the PDF and Word file fulltext cataloging. It now supports search by all metadata fields, including those in your custom sets. The search and result views can be extensively customized. Silva Find is included in the silva-extra tarball. Major changes in Silva 1.6 * The published state of containers is now determined by the state of the index document, as opposed to nested content, resulting in a significant performance gain. * Index items are now distinguished from simple anchors, and the Indexer content type has been improved. Old index items will be gracefully upgraded. * The page language can now be based on the metadata setting. This also opens up many possibilities for multi-language sites. * Silva now uses ZCML for registration of Silva extensions and the content types they define. See doc/developer_changes.txt. Developers should read doc/extension.txt. * Many i18n changes: o New languages o i18n fixes * Lots of bugfixes and subtle improvements. * This is one of the best tested final releases in Silva’s history. Many thanks to all who contributed. See HISTORY.txt in the Silva core package for more information about changes in Silva 1.6. For developer-level changes, see doc/developer_changes. Also see the changes in components such as Silva Metadata, External Sources, etc. What is Silva? Silva is an enterprise-class CMS designed for large organizations that manage multiple or complex websites. Content is stored in clean and future-proof XML, independent of layout and presentation. Features include a multi-version workflow system, XSLT rendering support, content reuse in multiple publications, sophisticated access management, extensive import/export facilities, fine-grained templating, and hi-res image storage and manipulation. Silva and its extensions are open source software. For more complete information, see the Silva Product Pages at http://www.infrae.com/products/silva. Download The package can be downloaded from http://www.infrae.com/download/Silva. Links to developer mailing lists, the issue tracker, and info about SVN access can be found on the Silva product page. Contact FMI contact Eric Casteleijn, eric at infrae com, +31 10 243 7051. -- - eric casteleijn http://infrae.com

1 0

Re: [Zope-Annce] Zope 2.8.9, Zope 2.9.7, Zope 2.10.3 released
by Tres Seaver 26 Mar '07

26 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marc Balmer wrote: > Andreas Jung wrote: > >> I uploaded corrected versions of the Zope 2.9.7 and 2.10.3 tar-balls. >> The tar-balls released yesterday contained a bug that caused >> a startup failure when using "zopectl start". > > don't do this again. Don't do what? I was about to agree, as I don't think re-releasing under the same version number was correct: the new releases should be 2.9.7.1, 2.10.3.1, or something similary (or bump to 2.9.8, 2.10.4). > this bug is so obvious to catch that I have some serious doubts about > your software testing process. are you releasing totally untested code? > can we trust your releases in the future, will you change sth in your > process? The testing that gets done is not done from "released" tarballs, but from subversion checkouts. This was a bug in the process that created the tarball from a checkout, and not in the underlying Zope software itself. I *think* it also affected only those who build and install Zope as root, although I can't tell for sure, since the tarballs have been replaced. At any rate, I *never* build, install, or run Zope as root, and hence would never have noticed the problem, even if I were doing the releases myself. > Releasing software as a security fix that does not even start makes you > look like a moron, I am sorry to say. Too harsh. Certainly nobody likes having released a "brown bagger", but mistakes do happen. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver(a)palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCDHa+gerLs4ltQ4RAqHbAJ9UvloqzCCj9NrCaGSeYZDfZduaJwCdFH5l ydlyxzoHGP7aNnVjG1IJClU= =6vHA -----END PGP SIGNATURE-----

1 0

Zope 2.8.9, Zope 2.9.7, Zope 2.10.3 released
by Andreas Jung 26 Mar '07

26 Mar '07

The Zope developer community I is pleased to announce the release of three new Zope releases: 2.8.9, 2.9.7 and 2.10.3. You can download the releases from: http://www.zope.org/Products/Zope/2.8.9/ http://www.zope.org/Products/Zope/2.9.7/ http://www.zope.org/Products/Zope/2.10.3/ The release notes and release information are available directly from the links above. All releases are bugfix releasse and include the hotfix published some days ago: http://www.zope.org/Products/Zope/Hotfix-2007-03-20 - -- Andreas Jung -- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: info(a)zopyx.com - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope & Plone development, Consulting

1 1

[German Zope Conference] Reminder: Call for Papers open
by Andreas Jung 26 Mar '07

26 Mar '07

Dear Zope Community, the eighth Zope conference organized by the German Zope User Group (DZUG) will be held this year at the Potsdam Institute for Climate Impact Research from 4. to 5 June 2007 (near Berlin). The topic of the conference will be Zope in sciences. Proposals for talks and workshops can be submitted until 01.04.2007 http://www.zope.de/redaktion/dzug/tagung/potsdam-2007/dzug-conference-2007-… or http://www.zope.de/redaktion/dzug/tagung/potsdam-2007/dzug-conference-2007-… Both German and English proposals are highly welcome. You can find further information about the Zope conference here: http://www.zope.de/8-dzug-tagung Regards, Andreas Jung Assistant Chairman DZUG e.V.

1 0

Zope 2.8.9, Zope 2.9.7, Zope 2.10.3 released
by Andreas Jung 25 Mar '07

25 Mar '07

The Zope developer community I is pleased to announce the release of three new Zope releases: 2.8.9, 2.9.7 and 2.10.3. You can download the releases from: http://www.zope.org/Products/Zope/2.8.9/ http://www.zope.org/Products/Zope/2.9.7/ http://www.zope.org/Products/Zope/2.10.3/ The release notes and release information are available directly from the links above. All releases are bugfix releasse and include the hotfix published some days ago: http://www.zope.org/Products/Zope/Hotfix-2007-03-20 - -- Andreas Jung -- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: info(a)zopyx.com - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope & Plone development, Consulting

1 0

Hotfix for cross-site scripting vulnerability
by Martijn Pieters 21 Mar '07

21 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected. Overview This hotfix removes the exploit by mandating that security setting alterations can only be made through POST requests. This vulnerability has been fixed in the Zope 2.8, 2.9 and 2.10 branches and all future releases of Zope will include this fix. Do note that this patch only affects direct requests to the security methods; any 3rd-party code that calls these methods indirectly may still be affected. Hotfix We have prepared a hot fix for this problem at: "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/ Hotfix-20070320/", http://www.zope.org/Products/Zope/Hotfix-2007-03-20/ Hotfix-20070320/. This hotfix should be installed as soon as possible. To install, simply extract the archive into your Products directory in your Zope installation. See: "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/ Hotfix-20070320/README.txt", http://www.zope.org/Products/Zope/Hotfix-2007-03-20/ Hotfix-20070320/README.txt, for installation instructions. - -- Martijn Pieters -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF/54F3xaj2GOvgP0RAt2tAJ9YjecowrNAEx08+6GdxNP4sk4aagCfaODt aeZE9vqYxwF3ICjrHVcAFNE= =DnMj -----END PGP SIGNATURE-----

1 1

Get paid for spending your summer improving Zope!
by Philipp von Weitershausen 15 Mar '07

15 Mar '07

The Zope Foundation has been accepted as a mentoring organization in this year's Google Summer of Code project. That means chosen students who want to hack on one of the Zope projects (Zope 2, Zope 3, ZODB, CMF, grok, ...) this coming summer will get paid USD 4,500 if they successfully complete a project. What can you work on? --------------------- See project suggestions at http://wiki.zope.org/zope3/SummerOfCode2007. You may also come up with your own suggestions. Who can apply? -------------- Anybody eligible for the GSoC program. See http://code.google.com/support/bin/answer.py?answer=60279&topic=10730. How do I apply? --------------- You may apply until March 24th through the GSoC webapp. See http://code.google.com/support/bin/answer.py?answer=60306&topic=10727 for more info. If you have any questions, feel free to ask questions on the gsoc(a)zope.org (http://mail.zope.org/mailman/listinfo/gsoc) mailinglist. -- http://worldcookery.com -- Professional Zope documentation and training

1 0

CMF 2.1.0-beta released
by Jens Vagelpohl 09 Mar '07

09 Mar '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The CMF developer community is hereby announcing the release of CMF version 2.1.0-beta. The CMF 2.1 series will be used as the foundation for the Plone 3.0 release, which will see its first beta over the next few days as well. What is the CMF? The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. The CMF provides the foundation for popular software packages such as Plone. It is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides. Where do I get it? For release files, change logs, installation instructions and more please visit http://www.zope.org/Products/CMF/CMF-2.1.0-beta. Roadmap and release information can be found at http://www.zope.org/Products/CMF/docs/roadmap. The CMF mailing list can be reached at the zope-cmf(a)zope.org address, to sign up please visit http://mail.zope.org/mailman/listinfo/zope- cmf. Please file bug reports, feature requests or suggestions in the CMF bug collector at http://www.zope.org/Collectors/CMF . What has changed since the last release? IMPORTANT NOTE: If you upgrade an existing CMF instance to CMF 2.1, please see INSTALL.txt for instructions on how to run a separate upgrade script. New Features - CMFCalendar: Zope3 style browser views are now used by default. An additional setup profile allows you to hook up the oldstyle skins and to make customizations TTW. - DirectoryView: Added 'registerDirectory' ZCML directive. Using the old registerDirectory method in __init__.py is now deprecated. See zcml.IRegisterDirectoryDirective for details. - DirectoryView: Added support for non-product packages. This introduces new registry keys. Old registry keys stored in persistent DirectoryView objects are updated on the fly. (http://www.zope.org/Collectors/CMF/467) - Document: Added two new methods for safety belt handling. - setup handlers: Improved properties handler. It now works with properties using a default_charset other than UTF-8. - Merged patches from Martin Aspeli to enable generating events before and after DCWorkflow transitions, and in the 'notify' methods of the workflow tool (http://www.zope.org/Collectors/CMF/461) Bug Fixes - CMFUid.UniqueIdHandlerTool: Touching the internal UID value on a content item will not cause reindexing all indices anymore, only the specific UID index will be touched. (http://www.zope.org/Collectors/CMF/469) - CMFCore.MembershipTool: Fixed inconsistent behavior where member lookup would take all user folders up to the Zope root into account whereas member area creation would not. - CMFCore.MembershipTool/CMFDefault.MembershipTool: when using an object without a __nonzero__ but with a __len__ (ala CMFBTreeFolder) as a member folder, the createMemberArea method would believe there was no members folder if the folder was empty, and so would fail (change "not membersfolder" to "membersfolder is not None") . - CMFDefault.File and CMFDefault.Image: Restored ZMI Cache tab which was lost in CMF 1.6. - CMFCore.DynamicType: Fixed behaviour regarding default view. DynamicType was making it impossible to use a Zope3-style default view for CMF content types. (http://www.zope.org/Collectors/CMF/459) Others - Tool lookup and registration is now done "the Zope 3 way" as utilities. Please see docs/ToolsAreUtilities.txt for some developer notes. - CMFCore utils: Marked 'minimalpath' and 'expandpath' as deprecated. - The CMF now depends on Zope 2.10.2 or higher. jens -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF8SvFRAx5nvEhZLIRAoMdAKCpDmPch1uLAR6g/3Xq+x3F12w1kgCfZKsa qVpT3k6bRXm6C+dutlylMMk= =94JT -----END PGP SIGNATURE-----

1 0

Spaceman 1.0 released
by Morten W. Petersen 05 Mar '07

05 Mar '07

Spaceman is a simple utility to help determine what's eating up your diskspace. It might just be old transactions, in which case a pack will do or it might be big objects somewhere. The script can be downloaded from here: http://products.nidelven-it.no/spaceman -Morten

1 0