Release date: July 29, 2004 The Zope 3 development team is proud to announce the second beta release of Zope X3 3.0.0. Zope X3 is the next major Zope release and has been written from scratch based on the latest software design patterns and the experiences of Zope 2. The "X" in the name stands for "experimental", since this release does not try to provide any backward-compatibility to Zope 2. Downloads http://zope.org/Products/ZopeX3 Installation instructions for both Windows and Un*x/Linux are now available in the top level README.txt of the distribution. The binary installer is recommended for Windows. Changes since beta 1 - Separated the trusted and untrusted behaviors of page templates in the application server. File-system-based templates are trusted, and database-based templates are untrusted. - Improved using documentation files as tests. (Needed to test new security policy): Changed !DocFileSuite: o If a package is passed, it must be passed as a keyword argument. (For now, a package can also be passed before passing any file names, but this generates a deprecation warning.) o File paths may contain '/'s as separators. These will be converted to native file separators at run time. o It is now possible to pass set-up and tear-down methods o It is now possible to pass a dictionary of initial global variables. o Error output is improved as is meta data used for verbose output. - Fixed issue 248. Path expressions in page templates that contain empty segments now cause an error to be raised when the expression is compiled rather than when it is evaluated. This has always been illegal according to the specification, and most often caused a runtime error before. Template authors can now get an error up front, avoiding embarrasment when once an application is moved into production after insufficient testing. - Fixed the default 'text/*' content type for file objects. Backport of the fix for bug 201. - Changed the security policy: o Fix a bug (actually a missfeature). It wasn't possible for local settings to override global (zcml) settings. o Changed the way role denies work. A role deny simply prevents a principal from having a role. A principal may still have access through other roles or through principal grants. Role grants or denies never override principal grants or denies *even* if the role-based grants or denies are more local. o Implemented a caching scheme that provides huge performance benefits when the authenticated principal is defined in a local auth service, rather than a global one (zcml). - Fixed bug in !TypeRegistry for zope.app.publisher.browser.globalbrowsermenuservice which allows passing classes instead of interfaces as well but has a missing import. - A monkey patch to cope with weakref problems in Python 2.3.3 was removed, so Python 2.3.4 is required now. - Views for I18nFile/I18nImage now use the contentType attribute instead of outdated getContentType method. Goals The API is frozen for X3.0.0. We would like to ask all people to test this release and report any bugs or mis-behaviors! The entire beta period will likely last for about 2 months. During this time we will try to complete the following tasks: - Fix outstanding bugs. - Optimize critical components to speed up the system. - Write and update documentation. - Add and complete translations. - Remove as many XXX comments as possible. Though much progress has been made since the first beta, there is still much to do! Even if you are not a programmer, you can help! Please send any bug reports and comments to zope3-dev@zope.org! Thank you very much in advance for your help! Contributors Jim Fulton, Marius Gedminas, Fred Drake, Philipp von Weitershausen, Stephan Richter, Dmitry -Fred -- Fred L. Drake, Jr. <fdrake at gmail.com> Zope Corporation