December 2008 - Zope-Announce

New Zope Foundation bylaws passed
by Jens Vagelpohl 17 Dec '08

17 Dec '08

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After a lot of hard work a special Zope Foundation membership meeting called for December 12, 2008 passed a new set of bylaws unanimously. The current bylaws were based on those of the Eclipse foundation, which shortly after adoption were discovered to be too heavyweight for the kind of organization the Zope Foundation aims to be. Evolving the existing bylaws into something more appropriate and manageable was attempted but failed. The proposed bylaws are based on the bylaws of the Python Software Foundation, with some additional improvements the PSF itself is intending to implement. They were also brought in line with the fact that the Zope Foundation expects to conduct most of its meetings and communication online. The major differences between the current and the proposed bylaws are: * Making changes to the bylaws becomes easier. * There will be only three classes of members: 1. Nominated Members, an individual and free membership that replaces the old 'committer' and 'associate' memberships. There will no longer be any formal relation between being a Zope Committer and becoming a Foundation Member. 2. Sponsorship Members, members who financially sponsor the Foundation. 3. Emeritus Members, members who retired from active membership. The new bylaws can be downloaded from the Zope Foundation website at http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf Jens Vagelpohl, Board Member, Zope Foundation -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAklJG0cACgkQRAx5nvEhZLKmCACgmkXf1yO4Yj1+fPS2woHJbk4G DTIAoIVjjItCjK9T2tRVnYiAxgfTWe7w =G8KW -----END PGP SIGNATURE-----

1 0

serious security issue in Grok: please upgrade
by Martijn Faassen 12 Dec '08

12 Dec '08

Security issue in Grok: please upgrade! ======================================= December 12, 2008. The Grok team encountered a serious security issue that exposes Grok installations to attacks that erase data as well as remote denial of service attacks. We *strongly* urge people to upgrade to newer versions of Grok immediately. We have supplied new bug fix releases of Grok for Grok 0.11 up to the recent release, Grok 0.14. Only projects that use Grok directly are affected by this security issue. If your Zope 3 project uses the ``grokcore.*`` libraries or if you use ``five.grok`` on Zope 2, there is no security problem. How to upgrade Grok? We give instructions that you can apply in your Grok projects. Please run ``buildout`` after making the changes - this will download the fixed version of Grok. After this restart your server! The upgrade instructions assume two possible installation methods: * Old versions of ``grokproject`` generated projects that only include the ``extends=`` line in ``buildout.cfg``, and updating that line to point to a newer version of Grok is sufficient. * Newer versions of ``grokproject`` create projects that require you to modify ``versions.cfg``. There is also a line pointing to a Grok version in the ``eggbasket`` section in ``buildout.cfg``. While this a download optimization only, we still recommend you update that line as well. Grok 0.14: upgrade to Grok 0.14.1 --------------------------------- In the file ``versions.cfg`` change the line:: grok = 0.14 to this:: grok = 0.14.1 If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and adjust this line:: extends = http://grok.zope.org/releaseinfo/grok-0.14.cfg to this:: extends = http://grok.zope.org/releaseinfo/grok-0.14.1.cfg While not strictly required, we also recommend you modify the following line in the ``[eggbasket]`` section (if present):: url = http://grok.zope.org/releaseinfo/grok-eggs-0.14.tgz to:: url = http://grok.zope.org/releaseinfo/grok-eggs-0.14.1.tgz After this change, run ``buildout`` and restart the server. This version should work properly with Python 2.4 and Python 2.5. Grok 0.13: upgrade to Grok 0.13.1 --------------------------------- In the file ``versions.cfg`` change the line:: grok = 0.13 to this:: grok = 0.13.1 If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and adjust this line:: extends = http://grok.zope.org/releaseinfo/grok-0.13.cfg to this:: extends = http://grok.zope.org/releaseinfo/grok-0.13.1.cfg While not strictly required, we also recommend you modify the following line in the ``[eggbasket]`` section (if present):: url = http://grok.zope.org/releaseinfo/grok-eggs-0.13.tgz to:: url = http://grok.zope.org/releaseinfo/grok-eggs-0.13.1.tgz After this change, run ``buildout`` and restart the server. This version should work properly with Python 2.4 and Python 2.5. Grok 0.12 and Grok 0.12.1: upgrade to Grok 0.12.2 ------------------------------------------------- In the file ``versions.cfg`` change the line:: grok = 0.12 (or 0.12.1) to this:: grok = 0.12.2 If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and adjust this line:: extends = http://grok.zope.org/releaseinfo/grok-0.12.cfg (or grok-0.12.1.cfg) to this:: extends = http://grok.zope.org/releaseinfo/grok-0.12.2.cfg While not strictly required, we also recommend you modify the following line in the ``[eggbasket]`` section (if present):: url = http://grok.zope.org/releaseinfo/grok-eggs-0.12.tgz (or grok-0.12.1.cfg) to:: url = http://grok.zope.org/releaseinfo/grok-eggs-0.12.2.tgz After this change, run ``buildout`` and restart the server. Note: the integrated REST support does not function properly on Python 2.5 in this version. It does work with the recommended version Python 2.4. Grok 0.11 and Grok 0.11.1: upgrade to Grok 0.11.2 ------------------------------------------------- In the file ``versions.cfg`` change the line:: grok = 0.11 (or 0.11.1) to this:: grok = 0.11.2 If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and adjust this line:: extends = http://grok.zope.org/releaseinfo/grok-0.11.cfg (or grok-0.11.1.cfg) to this:: extends = http://grok.zope.org/releaseinfo/grok-0.11.2.cfg We have not released a grok-eggs-0.11.2.tgz as we never maintained such tarball releases for Grok 0.11. After this change, run ``buildout`` and restart the server. Note: the integrated REST support will not function properly on Python 2.5 in this version. It does work with the recommended version Python 2.4.

1 0

Localizer 1.2.3 released
by "J. David Ibáñez" 03 Dec '08

03 Dec '08

Localizer is a Zope product for developers and web masters. Localizer solves the problem of building multilingual products and web sites, ranging from internationalization and localization of the user interface to management of multilingual content. What is new? - Compatibility fixes for Zope 2.10/2.11 (bug #381) - Other minor fixes (including bug #304) Resources --------- Download http://download.hforge.org/localizer/Localizer-1.2.3.tar.gz http://download.hforge.org/itools/itools-0.20.6.tar.gz Home http://www.localizer.org/ Mailing list http://www.hforge.org/community http://archives.hforge.org/index.cgi?list=localizer Bug Tracker http://bugs.hforge.org/ -- J. David Ibáñez Itaapy <http://www.itaapy.com> Tel +33 (0)1 42 23 67 45 9 rue Darwin, 75018 Paris Fax +33 (0)1 53 28 27 88

1 0