[Zope-Checkins] CVS: Zope/doc - CHANGES.txt:1.625.2.1 HISTORY.txt:1.7.70.1

Chris McDonough chrism@zope.com
Fri, 27 Jun 2003 16:38:24 -0400


Update of /cvs-repository/Zope/doc
In directory cvs.zope.org:/tmp/cvs-serv15262/doc

Modified Files:
      Tag: Zope-2_7-branch
	CHANGES.txt HISTORY.txt 
Log Message:
Fix up CHANGES and HISTORY in prep for release.


=== Zope/doc/CHANGES.txt 1.625 => 1.625.2.1 ===
--- Zope/doc/CHANGES.txt:1.625	Mon Jun 23 04:45:57 2003
+++ Zope/doc/CHANGES.txt	Fri Jun 27 16:38:23 2003
@@ -4,10 +4,10 @@
   Change information for previous versions of Zope can be found in the
   file HISTORY.txt.
 
-  HEAD only
+  2.7.0a1
 
     Features added
- 
+
      - OFS: OrderSupport and OrderedFolder added. OrderSupport is a mixin class
        that adds the IOrderedContainer interface to ObjectManagers.
        OrderedFolder - meta_type 'Folder (Ordered)' - is a new Folder class
@@ -151,831 +151,63 @@
        permission to join or leave versions to run a request in a
        version.
 
+    Backward incompatabilities
 
-  Zope 2.6.1 beta 2
-    
-    Features added
-
-      - DateTime objects now have a tzoffset() method that returns the objects
-        timezones offset from GMT in seconds.
-
-    Bugs Fixed
-
-      - Collector #740: DateTime now handles positive numerical timezones correcly.
-
-      - Collector #763: There was no error when you had a sendmail-tag
-        without specifying a mailhost or smpthost. Also added a missing import.
-
-      - Work around potential BTrees key enumeration bugs in Transience
-        package by checking explicitly for error cases.
-
-      - Collector #736: ZPublisher now allows marshalling tags to contain
-        a '-'. This is the first step towards a fix for Collector #737
-
-      - Collector #714: CopySupport's manage_clone now calls 
-        manage_afterClone in the saem way that manage_pasteObjects does.
-
-      - Collector #697: Multiple selection properties were incorrectly
-        marshalled. note than any non-ascii multiple selection properties
-        modified in versions without this fix will have been corrupted in
-        the zodb.
-
-      - Collector #256: Added a check in _doChangeUser to make sure 
-        passwords isn't encrypted twice.
-
-      - Added a sortKey() method to Shared.DC.ZRDB.TM to silence warnings
-        from updated ZODB that DAs dont have that method.
-
-  Zope 2.6.1 beta 1
-
-    Bugs Fixed
-
-      - VirtualHostMonster handles empty Mapping paths properly.
-    
-      - Deadlock prevention code added.
-
-        It was possible for earlier versions of ZODB to deadlock when
-        using multiple storages.  If multiple transactions committed
-        concurrently and both transactions involved two or more shared
-        storages, deadlock was possible.  This problem has been fixed
-        by introducing a sortKey() method to the transaction and
-        storage APIs that is used to define an ordering on transaction
-        participants.  This solution will prevent deadlocks provided
-        that all transaction participants that use locks define a
-        valid sortKey() method.  A warning is raised if a participant
-        does not define sortKey().  For backwards compatibility,
-        BaseStorage provides a sortKey() that uses __name__.
-
-      - Fixed bug in FileStorage related to object uncreation.  An
-        attempt to load an uncreated object now raises KeyError.
-
-      - Fixed a couple bugs in FileStorage recover() that wrote
-        incorrect backpointers.
-
-      - Fixed data_txn attribute of iterator data records to use
-        the transaction id of the previous transaction, even if it
-        also has a data_txn field.
-
-      - Fixed conflict resolution bug that raised a NameError when a
-        class involved in a conflict could not be loaded.
-
-      - Fixed C extensions that included standard header files before
-        Python.h, which is not allowed.
-
-      - Added code to ThreadedAsync/LoopCallback.py to work around a
-        bug in asyncore.py: a handled signal can cause unwanted reads
-        to happen.
-    
-      - Collector #651: WebDAV Lock Manager was broken.
-
-      - Collector #646: metal:slot was lost during the I18n merge.
-
-      - Collector #640: Fix security assertion on ZCTextIndex query method.
-
-      - Delayed opening the ZODB until after the "Zope" module has
-        been imported, fixing a deadlock issue involving ZEO.  The
-        "Zope" module now has a "startup()" function.
-
-      - Fixed a NameError in the recent change to DateTime.rfc822().
-
-      - Made DateTime.rfc822() simpler and independent of local timezone.
-
-      - Fixed bug in Transience reported by kedai which caused spurious
-        KeyErrors under heavy sessioning usage.
-
-      - Fixed bug in the Interface Verify package; base interfaces were not
-        included in an interface compliancy test.
-
-      - Collector #650: Fixed implicit list marshalling for lists where the
-        first two values are tainted.
-
-      - Collector #671: HTTP Ranges were broken for files and images whose
-        length wasn't exactly divisible by 2**16.
-
-      - ModuleSecurityInfo declarations could be lost if further declarations
-        were made after the Info object already had been applied. Such
-        additional declarations could take place in Python trusted code run
-        after Zope strartup or during a Product refresh.
-
-      - Collector #699: MailHosts created in 2.5 breaks in 2.6.
-
-      - Collector #694: dtml-sendmail mailto specification replaces "To:" header. 
-      - Collector #702: DateTime.rfc822() fails without daylight saving
-
-      - Collector #703: KeyErrors raised when unindexing a PathIndex (and 
-        TopicIndexes) should be swallowed and logged.
-
-  Zope 2.6.0
+      - We no longer honor local security settings that would allow
+        someone to join or leave versions unless the location of the
+        settings is a folder directly or indirectly containing the
+        user's user folder.
 
     Bugs Fixed
 
-      - Caused many places throughout the code base to use
-        calls to user.getId() rather than user.getUserName().  With
-        most (all?) user folder implementations today, this will have
-        no behavioral change, as getId is always alised to getUserName.
-        However, this makes it possible to write user folder
-        implementations which make the distinction between the user's
-        id and the user's name.  These user folders will allow users
-        to change names independent of their identity.
-
-      - WebDAV Lock Manager actually gives the user a chance to
-        specify a starting path **before** searching for locks,
-        shortening query times and memory usage in large Zope
-        instances.
-
-      - PageTemplateFiles were previously owned by whatever object
-        contained them.  This resulted in very hard bugs if the user who
-        owned the container was removed.  Since PageTemplateFiles come
-        from the filesystem, they are now "unowned", similar to
-        DTMLFiles.  Security is still applied, but now it is applied
-        correctly.
-
-      - Collector #411: DateTime.rfc822 is not rfc822 compliant 
-
-  Zope 2.6.0 beta 2
-
-
-    Bugs Fixed
-
-      - The ability to add multiple select properties to
-        PropertyManagers was broken (issue 612).
-
-      - Removed the signal handler hung off USR1 for packing the database. 
-        This feature proved dangerous as the pack operation would happen in
-        the main thread, causing all asyncore operations to stop until it 
-        was finished.
-
-      - Collector #372: tal:attributes failed when combined with tal:replace.
-
-      - Don't try to close network connections in the signal handler
-        for shutdown.  This hosed ZEO clients.
-
-      - Collector #292: PythonScript.write() didn't properly refresh bindings.
-
-      - Dumb bug in zdaemon fixed in which it would try to kill
-        process numbers 1, 2, 3, 10, 12, and 15 when it caught a
-        signal related to any of these signal numbers.   Instead, it
-        actually tries now to kill its child process with the same
-        signal.
-
-      - Write pidfiles out with trailing newlines.
-
-      - Fix setVirtualRoot in the face of unicode paths (such as occur
-        during an XML-RPC request.
-
-      - Collector #539: Fixed rendering of TAL namespace tags with an
-        'on-error' statement.
-
-      - Collector #586:  Generated 'start' scripts had a nonsensical
-        export of an "INST_HOME" environment variable.
+      - Collector #956: automatically installing Examples at startup
+        could be a security risk.  Examples now must be installed
+        explicitly by the user (thanks to Jamie Heilman and day0).
 
-      - Collector #580: TALES evaluateBoolean() was squishing 'default'.
+      - Collector #954: clear() method of TopicIndex removed all filter sets
+        instead of clearing them.
 
-      - Collector #581: TALES Path traversal should not special-case a blank
-        string in the second element position.  It now skips directly
-        to item access when a path element is blank or has a leading '_'.
+      - Collector #882: Fixed typo in PropertySheets
 
-      - Fixed inconsistent attribute access in TALES Paths.
+      - Collector #939: Fixed typo in TopicIndexes
 
-      - Deprecated hasRole alias failed to return result.
+      - Collector #937: UnicodeError exception available within PythonScripts
 
-      - Collector #538: Hybrid path expressions no longer attempt to call
-        a value returned by the final, non-path alternate.
+      - Collector #902: recursive Scripts were broken due to shared globals.
 
-      - Collector #573: ZTUtils Iterator didn't catch AttributeError.
-
-      - Collector #517: The properties page incorrectly rendered properties
-        with non-latin1 values if there were no unicode properties defined,
-        and incorrectly processed properties with non-ascii names.
-
-      - ZTUtils.SimpleTree could not build a tree with a root other than the
-        ZODB root object. Also, filter functions didn't work at all, let
-        alone in accordance with the documentation in the code.
-
-      - Collector #603: ZTUtils.Tree.encodeExpansion encoded depth with '.'
-        characters, but decodeExpansion could possibly see an encoded node
-        id as an encoded depth when that encoded id started with a '.'.
-
-      - Collector #605: ZTUtils.Tree.decodeExpansion set no limits on the
-        string to be decoded, allowing for a DoS attack with very large
-        strings.
-
-      - The fix for issue #144 broke the ability to create an empty Image or
-        File object. This functionality is now reenabled again.
-
-      - ZTUtils.Zope.TreeSkipMixin allows you to skip unauthorized objects in
-        the tree, but the filter wasn't applied when trying to filter candidate
-        child nodes through a custom setChildAccess filter.
-
-      - Emails sent through MailHost now automatically include a Date header if
-        not already present, in compliance with RFC822 and RFC2822.
-      
-    Features Added
-
-      - Add optional 'relative' argument to getURL the method in CatalogBrains.
-        This allows it to generate site relative URLs like absolute_url can.
-
-      - ZTUtils.Tree.encodeExpansion now will use zlib compression by default,
-        allowing for a far larger number of open tree states to be encoded.
-        decodeExpansion handles compressed expansion states automatically.
-
-      - ZTUtils.Tree.TreeMaker now has additional methods for setting
-        various flags and attributes that influence how the tree is built,
-        making these aspects accessible to PythonScripts.
-
-      - ZTUtils.Tree.TreeMaker has a new method setStateFunction, which
-        allows you to set a callback function that can influence the state
-        (open, closed, leaf) of each node in the tree.
-
-      - Pidfile handling improved.  When Zope is started under
-        zdaemon, it no longer writes its own pidfile.  Instead, it
-        passes in the path to Z2.pid to zdaemon as its pidfile name.
-        The 'zProcessManager.pid' file is no longer ever written.
-        This caused a change to the -Z option of z2.py which should be
-        mostly backwards-compatible (unless people were relying on
-        zProcessManager.pid to be written).  Now the -Z option is a
-        boolean.  -Z1 means use a daemon.  -Z0 means dont.  The
-        default is -Z1.
-
-  Zope 2.6.0 beta 1
-
-    Bugs Fixed
+      - Product initialization would only consult a file named "version.txt"
+        to read version information. Now it will check version.txt, VERSION.txt
+        and VERSION.TXT.
     
-      - Collector #587: fixed wrong migration to string methods in 
-        DTMLMethod.py
-
-      - Collector #583: Searching for '/' with PathIndexes failed.
-
-      - Fixed bug in manage_editProperties which used an incorrect default
-        for several types of property when they were not found in the
-        REQUEST.
-
-      - Collector #574: Fixed write on HEAD requests caused by overzealous
-        ETag support.
-
-      - Fixed bug in z2.py where it would eat certain socket error exceptions
-        at startup.
-    
-      - Collector #550: Exceptions in XML-RPC requests no longer envoke
-        standard_error_message. Plain text error messages are instead added to
-        the fault string. In debug mode, a full traceback is also included
-        since access to the error log is not a given for XML-RPC developers.
-
-      - Collector #512,541: Fixed broken WebDAV compatiblity
-        with Cadaver 0.20.X due to a missing Lock-Token header.
-
-      - Zope Page Templates set a 'content-type' header even if
-        the result of their execution was not rendered to the browser.
-        We now check to make sure a content-type header is not
-        already set before allowing a page template to set its own.
-
-      - The title_or_id attribute of browser id managers and
-        session data managers is now accessible publically.
-   
-      - Collector #510: When Python scripts and other "Script" objects were
-        acquired during URL traversal, the __before_publishing_traverse__ code
-        did not properly stop traversal at the script and populate
-        traverse_subpath with the remaining url path elements.
-
-      - Collector #238: Version Save and Discard buttons were too
-        close to each other in Version management screens.
-
-      - The "Add Browser ID Manager" permission was renamed to
-        "Add Browser Id Manager".
-
-      - Collector #437: dtml-sqltest now renders 'v not in (b,c)'
-        when used as <dtml-sqltest v type=... multiple op=ne>.  
-        Previously, a sqltest for inequality would render 'v <> b'
-        when a single value was submitted, but would render
-        'a in (b,c)' when multiple values were present and the
-        'multiple' switch was set.
-
-      - Collector #478: Z Search Interfaces with no parameters are now
-        generating correct HTML.
-
-      - Collector #448: Z Search Interfaces created as PageTemplates
-        have a correct title, not a fragment of dtml.
-
-      - Fixed brokenness of session data manager hasSessionData method.
-        The old method created a session data object as a result of the
-        call; it does not now.
-
-      - Collector #458: Fixed broken reindex_all in CatalogAwareness classes.
-
-      - The default "start" script now causes the event log to be sent to
-        standard output unless the "EVENT_LOG_FILE" or "STUPID_LOG_FILE"
-        environment variable is found in the environment.
-
-      - The much-hated name "STUPID_LOG_FILE" now has a preferred
-        alias:  "EVENT_LOG_FILE".
-
-      - Collector #454: The "default" session_data transient object
-        container was not created if an object named "session_data"
-        existed in the root.
-    
-      - Restored behavior of ZCatalog when arguments with empty string are
-        passed in to searchResults. These values are now ignored. If only 
-        empty string values are passed to searchResults, then it returns all
-        results (it is assuming what was passed is essentially an empty
-        filter).
-
-      - Collector #160: Allow TemporaryStorages to participate
-        when a version is active.
-    
-      - Collector #446: Fixed management security assertions on
-        ZCatalogIndexes class.
-
-      - The BTree module functions weightedIntersection() and
-        weightedUnion() now treat negative weights as documented.  It's
-        hard to explain what their effects were before this fix, as
-        the sign bits were getting confused with an internal
-        distinction between whether the result should be a set or a
-        mapping.
-
-      - New "Transience" (session data storage) implementation.
-        More reliable under high load.
-
-      - Collector #402: PythonScript recompile utility should only be
-        usable by Manager to prevent abuse.
-
-      - Collector #433: Fixed broken Splitter backwards compatiblity
-        issue caused by code cleanup.
-
-      - Collector #151: The Python 2.1 / 2.2 fcntl compatibility hacks
-        were bypassed when using medusa directly without importing
-        ZServer first (as when using monitor_client.py).
-
-      - Collector #72: Start on Windows 95 machines with no network
-        devices installed.
-
-      - Collector #79: Don't swallow App.FindHomes exceptions.
-
-      - The set operation difference(X, None) was returning None
-        instead of returning X, contradicting the docs and common
-        sense.  difference(None, X) continues to return None.
-
-      - Fix bug in ISO_8859_1 splitter which corruped storage on
-        initialization.
-
-      - Collector #421: Storage leak in cAccessControl
-
-      - FileLibrary and GuestBook example applications gave anonymous
-        users the Manager proxy role when uploading files - a potential 
-        vulnerability on production servers.
-
-      - Exceptions that use untrusted information from a REQUEST object in
-        the exception message now html-quote that information.
-
-      - Stop leaking FastCGI Authorization header in environment to
-        prevent password compromise
-
-      - #178: Don't compile PythonScripts in skins directories
-
-      - Fixed the help registration system and Zope tutorial to honor
-        the environment variables, FORCE_PRODUCT_LOAD, and ZEO_CACHE,
-        that affect whether products are installed in the database at
-        application startup.
-
-      - Collector #547: xmlrpclib SlowParser should also handle CDATA
-        sections.
-
-      - Collector #525: Don't mask Unautorized exceptions as XML-RPC faults.
-        Fix based on patch from Brad Clements.
-
-      - Collector #465: Allow XML-RPC requests with no <params /> tag.
-
-      - Collector #528: Don't clear REQUEST_METHOD for XML-RPC requests;
-        instead check for an XML-RPC Response objetc in
-        BaseRequest.traverse.
-
-    Features Added
-    
-      - Browser ids can now be encoded in the URL and Zope can be
-        instructed to automatically include the browser id in its
-        generated URLs.
- 
-      - Browser Id Managers now provide a saner way to obtain a
-        hidden form element which encodes the browser id name and
-        browser id.  An interface method named "getHiddenFormField"
-        on browser id managers now exists which returns a snippet of
-        HTML as a hidden form field that encodes these values.
-
-      - A Site Error Log object is now created in the root at Zope
-        startup time.
-
-      - Added 'url_unquote' and 'url_unquote_plus' modifiers
-        to DTML (also fmt=url-unquote and fmt=url-unquote-plus),
-        and made the same functions available in the PythonScripts.standard
-        module.
-
-      - Collector #186: Added urlencode to the standard importables for
-        Python scripts.
-
-      - <dtml-var name> and &dtml.-name; will now automatically HTML-quote
-        unsafe data taken implictly from the REQUEST object. Data taken
-        explicitly from the REQUEST object is not affected, as well as any
-        other data not originating from REQUEST. This can be disabled (at
-        your own risk!) by setting the environment variable
-        ZOPE_DTML_REQUEST_AUTOQUOTE to one of 'no', '0', or 'disabled'.
-
-      - ZCatalog index management ui is now integrated into ZCatalog rather
-        than being a subobject managment screen with different tabs.
+      - Make ZCTextIndex much less prone to generating conflict errors.
+        Previously *any* concurrent updates would provoke a conflict.
         
-      - ZCTextIndexes can now be instantiated without constructing a silly 
-        "extra" record object if desired.        
-    
-      - SimpleItem class now passes a new argument "error_log_url" to
-        the standard_error_message template on error. If the site contains
-        an error log object, this will contain the url to the applicable log
-        entry for the error.
-
-      - The IOBTree module also supports multiunion() now.
-
-      - BTrees and TreeSets are complex objects, with parent->child
-        pointers, sibling pointers, and multi-level parent->descendant
-        pointers.  About half the pointers are formally redundant, but
-        speed operations.  BTrees and TreeSets now support a ._check()
-        method, which does a thorough job of examining all these
-        pointers for consistency.  It raises AssertionError if it finds
-        any problems, else returns None.  In Zope 2.5, in rare cases a
-        key deletion could leave these internal pointers in an
-        inconsistent state (what was supposed to be redundant
-        information became conflicting information).  The most likely
-        symptom was that tree.keys() would yield an object that
-        disgreed with the tree about how many keys there are.
-        tree._check() can be used if you suspect such a problem (and if
-        you find one, rebuilding the tree is the best solution for now).
-
-      - Added support for the ZOPE_HOME environment variable, which
-        points to the Zope root, where the ZServer package and default
-        imports may be found.
-
-      - Collector #516 -- "title" property on image tags
-
-      - Collector #117 -- change External Method DTML to name="id" vs
-        unquoted id
-
-      - Collector #61 -- now manage_PasteObjects return a list of dictionaries
-    containing {'id':original_id,'new_id':newly_pasted_obj_id} when called
-    with REQUEST=None
-
-      - Changed FORCE_PRODUCT_LOAD so that if it is set, it determines
-        whether products are installed regardless of whether ZEO_CACHE is
-        set. This means that you can disable product installation by setting
-        FORCE_PRODUCT_LOAD to an empty string even if you are not using a
-        ZEO persistent cache.
-      
-        Documented FORCE_PRODUCT_LOAD
-
-      - xmlrpclib has been updated to the Python 2.2 version, which includes
-        support for the Expat parser for unmarshalling data, which speeds up
-        things considerably.
-
-      - Binary builds for Linux are now built against glibc 2.1.3 with large
-        file support enabled.
-
-      - Binary builds for Solaris are now built against Solaris 8 with large
-        file support enabled.
-
-      - Added i18n support in TAL processing
-      
-  Zope 2.6.0 alpha 1
-
-    Features Added
-
-      - The IIBTree module has a new multiunion function.  It accepts
-        a sequence of sets, treesets, etc, and returns the union of
-        the keys of these objects, as an IISet.  It's designed
-        for peak speed when the input sequence contains many objects.
-
-      - Set the default sys checkinterval to a higher value (500) to
-        take better advantage of faster processors. Since there is no
-        way to scientifically determine a number that works best for
-        everyone, this at least should err on the side of better
-        performance "out of the box" for higher-end production
-        systems.
-
-        Note that you can always use the -i argument to z2 to change
-        the check interval.
-
-      - Added support for gzip content compression for clients that
-        support it. See lib/python/ZPublisher/HTTPResponse.py for more
-        details.
-
-      - Added ZCTextIndex plug-in index product. A replacement for TextIndex.
-
-      - Removed the venerable but senile QuickStart folder from the
-        default FileStorage.  "Alas, poor Yorick!  I knew him, Horatio."
-
-      - Signal handling and log rotation
-
-        All Zope process will respond to signals in the specified manner:
-
-        SIGHUP  - close open database connections and sockets, then restart the
-                  process
-
-        SIGTERM - close open database connections and sockets, then shut down.
-
-        SIGINT  - same as SIGTERM
-
-        SIGUSR2 - rotate all Zope log files (z2.log, event log, detailed log)
-
-        The common idiom for doing automated logfile rotation will become:
-
-         kill -USR2 `cat /path/to/var/z2.pid`
-
-        The common idiom for doing "prophylactic" restarts will become:
-
-         kill -HUP `cat /path/to/var/z2.pid`
-
-        When a process is interrupted via ctrl-C or via a TERM signal
-        (INT, TERM), all open database connections and sockets will be closed
-        before the process dies.  This will speed up restart time for sites
-        that use a FileStorage as its index will be written to the filesystem
-        before shutdown.
-
-        Unspecified signals kill the process without doing cleanup.
-
-      - ZCatalog no longer has a hand in managing text index vocabularies.
-        The cruft associated with this functionality has been exorcised.
-        No default indexes or metadata elements are defined for you when
-        you create a new ZCatalog. Since we now have many new kinds of
-        plug-in indexes it no longer made sense to do this
-        anymore.
-
-      - A new permission "Copy or Move" was added.  This permission
-        may be used respective to an object to prevent objects
-        from being copyable or movable while within the management
-        interface.  The "old" behavior stipulated that users whom
-        possessed the "View management screens" permission to an object's
-        container could copy or move the object arbitrarily, even if they
-        had limited access to the object itself.  Once the object was
-        moved or copied, the user became the owner of the new object,
-        allowing them to see potentially sensitive information in
-        the management interface for the object itself.  This permission
-        is granted to Manager and Anonymous by default, and must be
-        revoked on an object-by-object basis if site managers intend
-        to provide management screen access to folders which contain
-        sensitive subobjects.  This patch came as a result of
-        Collector #376 (thanks to Chris Deckard).
-
-      - Structured Text's "DocumentWithImages" class did not recognize
-        image filenames with underscores.
-
-      - The getElementsByTagName method of STDOM (used by Structured Text)
-        would croak on most documents, especially those containing
-        unwrapped text nodes.  Fixed.
-
-      - FileUpload objects now evaluate false when the have an empty file
-        name. Making it easier to check for omitted file upload form fields.
-
-      - ZClasses now use a python script as their constructor method
-        instead of a DTML method. Also, ZClasses inherit from
-        CatalogPathAwareness now instead of CatalogAwareness.
-
-      - added browser_default hook to ZPublisher. This allows objects to
-        specify the path to the default method that the publisher calls
-        when the object is published. The default for objects not defining
-        browser_default is still 'index_html' for bw compatibility.
-        A ZMI configurable browser_default implementation has been added
-        to ObjectManager. You can configure browser_default for OMs via
-        a new "settings" management tab.
-
-      - added TopicIndexes: a TopicIndex is a container for
-        so-called FilteredSet. A FilteredSet consists of an
-        expression and a set of internal ZCatalog document
-        identifiers that represent a pre-calculated result list for
-        performance reasons. Instead of executing the same query on
-        a ZCatalog multiple times it is much faster to use a
-        TopicIndex instead.
-
-      - requestprofiler: added new --daysago option and added
-        support for reading gzipped detailed logfiles
-
-      - DateTime: new functions JulianDay() and week()
-        to perform calculation of the week number based on the
-        Julian calendar.
-
-      - WebDAV: the new environment variable WEBDAV_SOURCE_PORT_CLIENTS
-        enables retrieval of the document source for dedicated WebDAV
-        clients (see ENVIRONMENT.txt for usage)
-
-      - Collector #272: Optimizations for RESPONSE.write
-
-      - Collector #271: New environment variables are now used
-        to send the access log into syslog. ZSYSLOG_ACCESS,
-        ZSYSLOG_ACCESS_FACILITY, and SYSLOG_ACCESS_SERVER now
-        do the same job as the old environment variables without
-        _ACCESS in their name. Those old environment variables
-        still do the same job of sending the event log to syslog.
-
-      - When run as a daemon on Unix, Zope will now redirect
-        stdin/stdout/stderr to /dev/null
-
-      - Nicer formatting for the increasingly tall permissions
-        table.
-
-      - TextIndex: Enhanced splitter functionality now allows the
-        TextIndex to index numbers, single characters. It is also
-        possible to enable case-sensitive indexing. The new
-        configuration options are available through the addForm
-        of the Vocabulary object.
-
-      - ICP server support. For more information see
-        http://www.zope.org/Members/htrd/icp/intro
-
-      - STXNG: added new env. variable STX_DEFAULT_LEVEL to change
-        the default level for <Hx> elements (see doc/ENVIRONMENT.txt)
-
-      - Collector #304: several catalog optimisations
-
-      - New implementation of ZODB object cache.  The new
-        implemenation is more likely to keep the size of the object
-    cache close to the target size.  This change means that memory
-    consumption may be reduced.  Some users will need to increase
-    the default cache size, because a too small setting is more
-    likely to hurt performance than it did in the past.
-
-        Third-party C extensions that use the persistence API must be
-        recompiled, and may need to be updated to work correctly with
-        the new cache; see PER_GHOSTIFY().
-
-      - The ZODB Connection is now resposible for registering changed
-        objects with the current transaction.
-
-      - Implementation of RestrictedCreation fishbowl proposal;
-        Product registration can now include a function used to
-        determine whether that product constructor want to allow
-        objects to be created in the specified container object.
-
-      - Collector 196: manage_page_style.css is now cacheable.
-        Added freshness information to ImageFile, to improve
-        cacheability of management interface
-
-      - Collector 358: added a new parameter no_push_item to
-        dtml-in, to inhibit automatically pushing sequence-item
-        onto the namespace stack.
-
-      - STXNG: Structured Text now supports images by default
-        by using the HTMLWithImages class (has been disabled prior
-        to Zope 2.6)
-
-      - new option --force-http-connection-close for z2.py to prevent
-        clients from maintaing pipelined connections to the Zope server
-        (Collector #412)
-
-      - Updated the Interface package to be compatible with Zope 3
-        Interfaces. This included changing some interface APIs that
-        may affect existing products.
-
-      - Added a database activity monitoring graph to the control panel,
-        making it easier to tune the ZODB cache size.
-
-    Bugs Fixed
-
-      - External methods didn't properly setup func_defaults and func_code
-        when they were first loaded. This meant mapply couldn't properly map
-        arguments on the first try.
-
-      - Fixed bug #96: Narrower/Wider buttons now work on both CSS and non-CSS
-        compliant browsers. This allows better control for browsers that have a
-        hard time knowing what 100% means.
-
-      - Fix for Collector #319: filtered_manage_options didn't
-        correctly filter tabs based on permission.
-
-      - Made repr of an HTTPRequest.record eval'able as a dict (Collector
-        #89).
-
-      - Fixed bug #144: Upload button on dtml, py scripts, images, files and
-        pts now raises an error if the file is not specified rather than
-        clearing the source.
-
-      - Fixed bug #275: setPermissionDefault didn't actually set the
-        right permission -> role mappings.
-
-      - Fixed bug reported on maillist during EWOULDBLOCK when using FTP server
-        (http:// lists.zope.org/pipermail/zope/2002-March/111521.html).
-
-      - App/FindHomes.py now computes the "real" path for SOFTWARE_HOME and
-        INSTANCE_HOME, resolving any symlinks in any element within paths
-        passed in via the INSTANCE_HOME or SOFTWARE_HOME envvars.  Paths that
-        are computed by "dead reckoning" from os.getcwd and module paths are
-        also "realpathed".  So for instance, if you use '/home/chrism/Instance'
-        as your INSTANCE_HOME, and '/home/chrism' is a symlink to
-        '/other/home/chrism', your INSTANCE_HOME will be computed as
-        '/other/home/chrism/Instance'.  This is necessary to avoid
-        weirdnesses while using "dead reckoning" from INSTANCE_HOME and
-        SOFTWARE_HOME in other parts of the code.  POSIX systems only.
-
-      - Fixed PropertyManager/PropertySheets so that you can safely add a
-        property named 'ids' without breaking your properties page.
-
-      - Removed spurious 'self' from scarecrow interfaces;  updated
-        method-generation in Interface package to ignore self when
-        source is a method (rather than a function).
-
-      - Collector #32: Use difflib instead of ndiff
-
-      - Fixed long standing bug in PythonScript where get_size returned
-        the incorrect length. This broke editing using EMACS via FTP or
-        WebDAV. Thanks to John Glavin at South River Technologies for
-        help finding the bug.
-
-      - Collector #207: fixed problem with inner links in STXNG
-
-      - Collector #210: HTML() function of StructuredText produced wrong
-        <h0> tags.
-
-      - Collector #166: ObjectManger.all_meta_types() implemented only
-        an incomplete filter based on interfaces.
-
-      - FTP: Downloading files through FTP has been broken since 2.4.0
-        because the downloaded file has been stored with a HTTP
-        header at the beginning of the file. Fixed!
-
-      - FTP: Spaces in usernames inside a FTP file listing are now
-        replaced by underscores to avoid confusion with some FTP clients.
-
-      - Collector #227: improved handling of unicode string in TextIndex.py
-        with unmodified default encoding in site.py.
-
-      - Collector #227: z2.py, TextIndex/dtml/manage_vocab.dtml modified
-        to display unicode strings in the vocabulary properly (now using
-        UTF-8 encoding for display purposes)
-
-      - Collector #250: applied several patches for TextIndex for better
-        unicode support for the GlobbingLexicon
-
-      - Collector #254: return owner object from getOwner wrapped in its
-        context
-
-      - Collector #259: walkandscrub.py did not delete all .pyc and .pyo
-        files during installation. Fixed.
-
-      - Collector #231: BTrees ignoring errors from comparison function
-
-      - Collector #278: DocumentWithImages could not handle URLs with
-        underscores
-
-      - Collector #279: changed exception handling for safegmtime() to
-        provide a more intuitive traceback for operating systems with a
-        limited gmtime() implementations
-
-      - Collector #285: Zope changes its working directory
-        to the var directory at startup
-
-      - WebDAV: removing an non-existing property now returns a HTTP
-        200-OK response instead of 404 (now compliant with RFC 2518)
-
-      - Fixed a bug in TM.py that would cause database adapters to hang
-        on errors in the second phase of the two-phase commit.
-
-      - Collector #291: ZCatalog not unindexing deleted properties
-
-      - Collector #266: Retried requests losing track of http request
-        headers, causing Connection:Close requests to stall
-
-      - Collector #17: Fixed broken links in StandardCacheManagers help
-
-      - Collector #1: UNIX security fixes: make starting Zope as 'root'
-        secure, stop using 'nobody', warn of insecure umasks
-
-      - Collector #303: Properties of type 'long' got truncated
-
-      - Collector #325: adding a new TextIndex to an existing Catalog
-        cleared the standard Vocabulary.
+      - Fix query performance and scalability bug in ZCTextIndex.
 
-      - Collector #373: content_type property for Image objects
-        are no longer deletable to prevent malfunction.
+      - Collector #928: DateIndex ignored timezones when indexing and
+        querying
 
-      - Collector #343: The ZCatalogs 'Indexes' view showed the
-        wrong number of indexed objects for FieldIndexes.
+      - Any write request could be tricked into writing into a version
+        be setting a version cookie or by including a version name in
+        the request.  Now we require the user to globally have
+        permission to join or leave versions to run a request in a
+        version.
 
-      - FTP server: replaced 'System_Process' by 'Sysproc' to
-        avoid breaking some FTP clients and the output format
-        with overlong usernames.
+      - Fixed a problem with potentially mis-acquiring 'func_code' in 
+        publisher BeforeTraverse hook.
 
-      - Fixed a potential bug with cAccessControl's permission
-        role deallocator which would try to decref things which
-        may not have been set, due to a change in the initializer
-        (which will bail out if it doesnt get called with a tuple
-        argument)
+      - Fix for issue 683: Image cache manager headers were not sent 
+        when an image request returned a 304 (in response to an if-mod-since
+        request).
 
-      - Collector #185, 341: PCGIServer and FCGIServer logs corrected
-        and now output extended information like HTTPServer does.
+      - Made all PluginIndexes and ZCTextIndex use 'safe_callable',
+        which is aware of extension classes that fill 'tp_callable'
+	but don't define '__call__'.
 
-      - Propertysheets: Ids like 'values' and 'items' are
-        now forbidden as they break WebDAV functionality. Existing
-        Propertysheets are not affected
+      - Made KeywordIndex be more robust about receiving a value that
+        is not a string or an iterable type.
 
-      - Collector #348: decapitate() now recognizes both \r\n and \n\n
-        to be compliant with the HTTP RFC
+      - Fixed incorrect docstring in OFSP/Image help.
 
-      - Collector #386: workaround for hanging FTP connections
-        with NcFTP
+      - Fixed unhelpful signal description.
 
-      - Collector #419: repaired off-by-1 errors and IndexErrors
-        when slicing BTree-based data structures.  For example,
-        an_IIBTree.items()[0:0] had length 1 (should be empty) if
-        the tree wsan't empty.


=== Zope/doc/HISTORY.txt 1.7 => 1.7.70.1 ===
--- Zope/doc/HISTORY.txt:1.7	Mon Jun 17 09:44:57 2002
+++ Zope/doc/HISTORY.txt	Fri Jun 27 16:38:23 2003
@@ -4,6 +4,871 @@
   Zope. Change information for the current release can be found
   in the file CHANGES.txt.
 
+  Zope 2.6.2 beta 2
+
+    Bugs Fixed
+    
+      - TemporaryStorage (which is used by TemporaryFolder, and thus
+        the default sessioning configuration) no longer uses a
+        "LowConflictConnection" database connection.   This fixes
+        a bug in which data structures used for session housekeeping
+        data could become desynchronized; the symptom for this was
+        KeyErrors being raised from TransientObjectContainer's 'get'
+        method.  As a result, many more conflicts will be raised under
+        high session load, but desynchronization will not occur.
+    
+      - Fix potential performance bug in PathIndex.
+    
+      - Scored result sets from catalog (i.e., from text indexes) can now be
+        merged and sorted together across queries like unscored results.
+
+      - Fixed a memory leak in TALES.  If an exception propagated from
+        a tal:repeat block, an uncollectable cycle held a reference to
+        everything in the TALES context.
+
+      - If you're running in development mode, Zope will now
+        raise an exception if a product cannot be initialized properly
+        instead of silently continuing.  This is to prevent a debugging
+        frenzy in which you spelunk through one more more half-initialized
+        modules wondering why the class you wanted isn't part of the
+        module namespace.  If not in development mode, the process
+        continues silently.
+
+      - Though Python 2.2.2 is not officially supported, a potential 
+        issue was found when running under 2.2.2. Some built-in types 
+        gained docstrings in the 2.2.2 release, making them
+        publishable where they weren't publishable before. A fix has 
+        been added to the publisher to ensure that the types of
+        objects that are publishable do not change between 2.1 and
+        2.2.
+
+  Zope 2.6.1 beta 2
+    
+    Features added
+
+      - DateTime objects now have a tzoffset() method that returns the objects
+        timezones offset from GMT in seconds.
+
+    Bugs Fixed
+
+      - Collector #740: DateTime now handles positive numerical timezones correcly.
+
+      - Collector #763: There was no error when you had a sendmail-tag
+        without specifying a mailhost or smpthost. Also added a missing import.
+
+      - Work around potential BTrees key enumeration bugs in Transience
+        package by checking explicitly for error cases.
+
+      - Collector #736: ZPublisher now allows marshalling tags to contain
+        a '-'. This is the first step towards a fix for Collector #737
+
+      - Collector #714: CopySupport's manage_clone now calls 
+        manage_afterClone in the saem way that manage_pasteObjects does.
+
+      - Collector #697: Multiple selection properties were incorrectly
+        marshalled. note than any non-ascii multiple selection properties
+        modified in versions without this fix will have been corrupted in
+        the zodb.
+
+      - Collector #256: Added a check in _doChangeUser to make sure 
+        passwords isn't encrypted twice.
+
+      - Added a sortKey() method to Shared.DC.ZRDB.TM to silence warnings
+        from updated ZODB that DAs dont have that method.
+
+  Zope 2.6.1 beta 1
+
+    Bugs Fixed
+
+      - VirtualHostMonster handles empty Mapping paths properly.
+    
+      - Deadlock prevention code added.
+
+        It was possible for earlier versions of ZODB to deadlock when
+        using multiple storages.  If multiple transactions committed
+        concurrently and both transactions involved two or more shared
+        storages, deadlock was possible.  This problem has been fixed
+        by introducing a sortKey() method to the transaction and
+        storage APIs that is used to define an ordering on transaction
+        participants.  This solution will prevent deadlocks provided
+        that all transaction participants that use locks define a
+        valid sortKey() method.  A warning is raised if a participant
+        does not define sortKey().  For backwards compatibility,
+        BaseStorage provides a sortKey() that uses __name__.
+
+      - Fixed bug in FileStorage related to object uncreation.  An
+        attempt to load an uncreated object now raises KeyError.
+
+      - Fixed a couple bugs in FileStorage recover() that wrote
+        incorrect backpointers.
+
+      - Fixed data_txn attribute of iterator data records to use
+        the transaction id of the previous transaction, even if it
+        also has a data_txn field.
+
+      - Fixed conflict resolution bug that raised a NameError when a
+        class involved in a conflict could not be loaded.
+
+      - Fixed C extensions that included standard header files before
+        Python.h, which is not allowed.
+
+      - Added code to ThreadedAsync/LoopCallback.py to work around a
+        bug in asyncore.py: a handled signal can cause unwanted reads
+        to happen.
+    
+      - Collector #651: WebDAV Lock Manager was broken.
+
+      - Collector #646: metal:slot was lost during the I18n merge.
+
+      - Collector #640: Fix security assertion on ZCTextIndex query method.
+
+      - Delayed opening the ZODB until after the "Zope" module has
+        been imported, fixing a deadlock issue involving ZEO.  The
+        "Zope" module now has a "startup()" function.
+
+      - Fixed a NameError in the recent change to DateTime.rfc822().
+
+      - Made DateTime.rfc822() simpler and independent of local timezone.
+
+      - Fixed bug in Transience reported by kedai which caused spurious
+        KeyErrors under heavy sessioning usage.
+
+      - Fixed bug in the Interface Verify package; base interfaces were not
+        included in an interface compliancy test.
+
+      - Collector #650: Fixed implicit list marshalling for lists where the
+        first two values are tainted.
+
+      - Collector #671: HTTP Ranges were broken for files and images whose
+        length wasn't exactly divisible by 2**16.
+
+      - ModuleSecurityInfo declarations could be lost if further declarations
+        were made after the Info object already had been applied. Such
+        additional declarations could take place in Python trusted code run
+        after Zope strartup or during a Product refresh.
+
+      - Collector #699: MailHosts created in 2.5 breaks in 2.6.
+
+      - Collector #694: dtml-sendmail mailto specification replaces "To:" header. 
+      - Collector #702: DateTime.rfc822() fails without daylight saving
+
+      - Collector #703: KeyErrors raised when unindexing a PathIndex (and 
+        TopicIndexes) should be swallowed and logged.
+
+  Zope 2.6.0
+
+    Bugs Fixed
+
+      - Caused many places throughout the code base to use
+        calls to user.getId() rather than user.getUserName().  With
+        most (all?) user folder implementations today, this will have
+        no behavioral change, as getId is always alised to getUserName.
+        However, this makes it possible to write user folder
+        implementations which make the distinction between the user's
+        id and the user's name.  These user folders will allow users
+        to change names independent of their identity.
+
+      - WebDAV Lock Manager actually gives the user a chance to
+        specify a starting path **before** searching for locks,
+        shortening query times and memory usage in large Zope
+        instances.
+
+      - PageTemplateFiles were previously owned by whatever object
+        contained them.  This resulted in very hard bugs if the user who
+        owned the container was removed.  Since PageTemplateFiles come
+        from the filesystem, they are now "unowned", similar to
+        DTMLFiles.  Security is still applied, but now it is applied
+        correctly.
+
+      - Collector #411: DateTime.rfc822 is not rfc822 compliant 
+
+  Zope 2.6.0 beta 2
+
+
+    Bugs Fixed
+
+      - The ability to add multiple select properties to
+        PropertyManagers was broken (issue 612).
+
+      - Removed the signal handler hung off USR1 for packing the database. 
+        This feature proved dangerous as the pack operation would happen in
+        the main thread, causing all asyncore operations to stop until it 
+        was finished.
+
+      - Collector #372: tal:attributes failed when combined with tal:replace.
+
+      - Don't try to close network connections in the signal handler
+        for shutdown.  This hosed ZEO clients.
+
+      - Collector #292: PythonScript.write() didn't properly refresh bindings.
+
+      - Dumb bug in zdaemon fixed in which it would try to kill
+        process numbers 1, 2, 3, 10, 12, and 15 when it caught a
+        signal related to any of these signal numbers.   Instead, it
+        actually tries now to kill its child process with the same
+        signal.
+
+      - Write pidfiles out with trailing newlines.
+
+      - Fix setVirtualRoot in the face of unicode paths (such as occur
+        during an XML-RPC request.
+
+      - Collector #539: Fixed rendering of TAL namespace tags with an
+        'on-error' statement.
+
+      - Collector #586:  Generated 'start' scripts had a nonsensical
+        export of an "INST_HOME" environment variable.
+
+      - Collector #580: TALES evaluateBoolean() was squishing 'default'.
+
+      - Collector #581: TALES Path traversal should not special-case a blank
+        string in the second element position.  It now skips directly
+        to item access when a path element is blank or has a leading '_'.
+
+      - Fixed inconsistent attribute access in TALES Paths.
+
+      - Deprecated hasRole alias failed to return result.
+
+      - Collector #538: Hybrid path expressions no longer attempt to call
+        a value returned by the final, non-path alternate.
+
+      - Collector #573: ZTUtils Iterator didn't catch AttributeError.
+
+      - Collector #517: The properties page incorrectly rendered properties
+        with non-latin1 values if there were no unicode properties defined,
+        and incorrectly processed properties with non-ascii names.
+
+      - ZTUtils.SimpleTree could not build a tree with a root other than the
+        ZODB root object. Also, filter functions didn't work at all, let
+        alone in accordance with the documentation in the code.
+
+      - Collector #603: ZTUtils.Tree.encodeExpansion encoded depth with '.'
+        characters, but decodeExpansion could possibly see an encoded node
+        id as an encoded depth when that encoded id started with a '.'.
+
+      - Collector #605: ZTUtils.Tree.decodeExpansion set no limits on the
+        string to be decoded, allowing for a DoS attack with very large
+        strings.
+
+      - The fix for issue #144 broke the ability to create an empty Image or
+        File object. This functionality is now reenabled again.
+
+      - ZTUtils.Zope.TreeSkipMixin allows you to skip unauthorized objects in
+        the tree, but the filter wasn't applied when trying to filter candidate
+        child nodes through a custom setChildAccess filter.
+
+      - Emails sent through MailHost now automatically include a Date header if
+        not already present, in compliance with RFC822 and RFC2822.
+      
+    Features Added
+
+      - Add optional 'relative' argument to getURL the method in CatalogBrains.
+        This allows it to generate site relative URLs like absolute_url can.
+
+      - ZTUtils.Tree.encodeExpansion now will use zlib compression by default,
+        allowing for a far larger number of open tree states to be encoded.
+        decodeExpansion handles compressed expansion states automatically.
+
+      - ZTUtils.Tree.TreeMaker now has additional methods for setting
+        various flags and attributes that influence how the tree is built,
+        making these aspects accessible to PythonScripts.
+
+      - ZTUtils.Tree.TreeMaker has a new method setStateFunction, which
+        allows you to set a callback function that can influence the state
+        (open, closed, leaf) of each node in the tree.
+
+      - Pidfile handling improved.  When Zope is started under
+        zdaemon, it no longer writes its own pidfile.  Instead, it
+        passes in the path to Z2.pid to zdaemon as its pidfile name.
+        The 'zProcessManager.pid' file is no longer ever written.
+        This caused a change to the -Z option of z2.py which should be
+        mostly backwards-compatible (unless people were relying on
+        zProcessManager.pid to be written).  Now the -Z option is a
+        boolean.  -Z1 means use a daemon.  -Z0 means dont.  The
+        default is -Z1.
+
+  Zope 2.6.0 beta 1
+
+    Bugs Fixed
+    
+      - Collector #587: fixed wrong migration to string methods in 
+        DTMLMethod.py
+
+      - Collector #583: Searching for '/' with PathIndexes failed.
+
+      - Fixed bug in manage_editProperties which used an incorrect default
+        for several types of property when they were not found in the
+        REQUEST.
+
+      - Collector #574: Fixed write on HEAD requests caused by overzealous
+        ETag support.
+
+      - Fixed bug in z2.py where it would eat certain socket error exceptions
+        at startup.
+    
+      - Collector #550: Exceptions in XML-RPC requests no longer envoke
+        standard_error_message. Plain text error messages are instead added to
+        the fault string. In debug mode, a full traceback is also included
+        since access to the error log is not a given for XML-RPC developers.
+
+      - Collector #512,541: Fixed broken WebDAV compatiblity
+        with Cadaver 0.20.X due to a missing Lock-Token header.
+
+      - Zope Page Templates set a 'content-type' header even if
+        the result of their execution was not rendered to the browser.
+        We now check to make sure a content-type header is not
+        already set before allowing a page template to set its own.
+
+      - The title_or_id attribute of browser id managers and
+        session data managers is now accessible publically.
+   
+      - Collector #510: When Python scripts and other "Script" objects were
+        acquired during URL traversal, the __before_publishing_traverse__ code
+        did not properly stop traversal at the script and populate
+        traverse_subpath with the remaining url path elements.
+
+      - Collector #238: Version Save and Discard buttons were too
+        close to each other in Version management screens.
+
+      - The "Add Browser ID Manager" permission was renamed to
+        "Add Browser Id Manager".
+
+      - Collector #437: dtml-sqltest now renders 'v not in (b,c)'
+        when used as <dtml-sqltest v type=... multiple op=ne>.  
+        Previously, a sqltest for inequality would render 'v <> b'
+        when a single value was submitted, but would render
+        'a in (b,c)' when multiple values were present and the
+        'multiple' switch was set.
+
+      - Collector #478: Z Search Interfaces with no parameters are now
+        generating correct HTML.
+
+      - Collector #448: Z Search Interfaces created as PageTemplates
+        have a correct title, not a fragment of dtml.
+
+      - Fixed brokenness of session data manager hasSessionData method.
+        The old method created a session data object as a result of the
+        call; it does not now.
+
+      - Collector #458: Fixed broken reindex_all in CatalogAwareness classes.
+
+      - The default "start" script now causes the event log to be sent to
+        standard output unless the "EVENT_LOG_FILE" or "STUPID_LOG_FILE"
+        environment variable is found in the environment.
+
+      - The much-hated name "STUPID_LOG_FILE" now has a preferred
+        alias:  "EVENT_LOG_FILE".
+
+      - Collector #454: The "default" session_data transient object
+        container was not created if an object named "session_data"
+        existed in the root.
+    
+      - Restored behavior of ZCatalog when arguments with empty string are
+        passed in to searchResults. These values are now ignored. If only 
+        empty string values are passed to searchResults, then it returns all
+        results (it is assuming what was passed is essentially an empty
+        filter).
+
+      - Collector #160: Allow TemporaryStorages to participate
+        when a version is active.
+    
+      - Collector #446: Fixed management security assertions on
+        ZCatalogIndexes class.
+
+      - The BTree module functions weightedIntersection() and
+        weightedUnion() now treat negative weights as documented.  It's
+        hard to explain what their effects were before this fix, as
+        the sign bits were getting confused with an internal
+        distinction between whether the result should be a set or a
+        mapping.
+
+      - New "Transience" (session data storage) implementation.
+        More reliable under high load.
+
+      - Collector #402: PythonScript recompile utility should only be
+        usable by Manager to prevent abuse.
+
+      - Collector #433: Fixed broken Splitter backwards compatiblity
+        issue caused by code cleanup.
+
+      - Collector #151: The Python 2.1 / 2.2 fcntl compatibility hacks
+        were bypassed when using medusa directly without importing
+        ZServer first (as when using monitor_client.py).
+
+      - Collector #72: Start on Windows 95 machines with no network
+        devices installed.
+
+      - Collector #79: Don't swallow App.FindHomes exceptions.
+
+      - The set operation difference(X, None) was returning None
+        instead of returning X, contradicting the docs and common
+        sense.  difference(None, X) continues to return None.
+
+      - Fix bug in ISO_8859_1 splitter which corruped storage on
+        initialization.
+
+      - Collector #421: Storage leak in cAccessControl
+
+      - FileLibrary and GuestBook example applications gave anonymous
+        users the Manager proxy role when uploading files - a potential 
+        vulnerability on production servers.
+
+      - Exceptions that use untrusted information from a REQUEST object in
+        the exception message now html-quote that information.
+
+      - Stop leaking FastCGI Authorization header in environment to
+        prevent password compromise
+
+      - #178: Don't compile PythonScripts in skins directories
+
+      - Fixed the help registration system and Zope tutorial to honor
+        the environment variables, FORCE_PRODUCT_LOAD, and ZEO_CACHE,
+        that affect whether products are installed in the database at
+        application startup.
+
+      - Collector #547: xmlrpclib SlowParser should also handle CDATA
+        sections.
+
+      - Collector #525: Don't mask Unautorized exceptions as XML-RPC faults.
+        Fix based on patch from Brad Clements.
+
+      - Collector #465: Allow XML-RPC requests with no <params /> tag.
+
+      - Collector #528: Don't clear REQUEST_METHOD for XML-RPC requests;
+        instead check for an XML-RPC Response objetc in
+        BaseRequest.traverse.
+
+    Features Added
+    
+      - Browser ids can now be encoded in the URL and Zope can be
+        instructed to automatically include the browser id in its
+        generated URLs.
+ 
+      - Browser Id Managers now provide a saner way to obtain a
+        hidden form element which encodes the browser id name and
+        browser id.  An interface method named "getHiddenFormField"
+        on browser id managers now exists which returns a snippet of
+        HTML as a hidden form field that encodes these values.
+
+      - A Site Error Log object is now created in the root at Zope
+        startup time.
+
+      - Added 'url_unquote' and 'url_unquote_plus' modifiers
+        to DTML (also fmt=url-unquote and fmt=url-unquote-plus),
+        and made the same functions available in the PythonScripts.standard
+        module.
+
+      - Collector #186: Added urlencode to the standard importables for
+        Python scripts.
+
+      - <dtml-var name> and &dtml.-name; will now automatically HTML-quote
+        unsafe data taken implictly from the REQUEST object. Data taken
+        explicitly from the REQUEST object is not affected, as well as any
+        other data not originating from REQUEST. This can be disabled (at
+        your own risk!) by setting the environment variable
+        ZOPE_DTML_REQUEST_AUTOQUOTE to one of 'no', '0', or 'disabled'.
+
+      - ZCatalog index management ui is now integrated into ZCatalog rather
+        than being a subobject managment screen with different tabs.
+        
+      - ZCTextIndexes can now be instantiated without constructing a silly 
+        "extra" record object if desired.        
+    
+      - SimpleItem class now passes a new argument "error_log_url" to
+        the standard_error_message template on error. If the site contains
+        an error log object, this will contain the url to the applicable log
+        entry for the error.
+
+      - The IOBTree module also supports multiunion() now.
+
+      - BTrees and TreeSets are complex objects, with parent->child
+        pointers, sibling pointers, and multi-level parent->descendant
+        pointers.  About half the pointers are formally redundant, but
+        speed operations.  BTrees and TreeSets now support a ._check()
+        method, which does a thorough job of examining all these
+        pointers for consistency.  It raises AssertionError if it finds
+        any problems, else returns None.  In Zope 2.5, in rare cases a
+        key deletion could leave these internal pointers in an
+        inconsistent state (what was supposed to be redundant
+        information became conflicting information).  The most likely
+        symptom was that tree.keys() would yield an object that
+        disgreed with the tree about how many keys there are.
+        tree._check() can be used if you suspect such a problem (and if
+        you find one, rebuilding the tree is the best solution for now).
+
+      - Added support for the ZOPE_HOME environment variable, which
+        points to the Zope root, where the ZServer package and default
+        imports may be found.
+
+      - Collector #516 -- "title" property on image tags
+
+      - Collector #117 -- change External Method DTML to name="id" vs
+        unquoted id
+
+      - Collector #61 -- now manage_PasteObjects return a list of dictionaries
+    containing {'id':original_id,'new_id':newly_pasted_obj_id} when called
+    with REQUEST=None
+
+      - Changed FORCE_PRODUCT_LOAD so that if it is set, it determines
+        whether products are installed regardless of whether ZEO_CACHE is
+        set. This means that you can disable product installation by setting
+        FORCE_PRODUCT_LOAD to an empty string even if you are not using a
+        ZEO persistent cache.
+      
+        Documented FORCE_PRODUCT_LOAD
+
+      - xmlrpclib has been updated to the Python 2.2 version, which includes
+        support for the Expat parser for unmarshalling data, which speeds up
+        things considerably.
+
+      - Binary builds for Linux are now built against glibc 2.1.3 with large
+        file support enabled.
+
+      - Binary builds for Solaris are now built against Solaris 8 with large
+        file support enabled.
+
+      - Added i18n support in TAL processing
+      
+  Zope 2.6.0 alpha 1
+
+    Features Added
+
+      - The IIBTree module has a new multiunion function.  It accepts
+        a sequence of sets, treesets, etc, and returns the union of
+        the keys of these objects, as an IISet.  It's designed
+        for peak speed when the input sequence contains many objects.
+
+      - Set the default sys checkinterval to a higher value (500) to
+        take better advantage of faster processors. Since there is no
+        way to scientifically determine a number that works best for
+        everyone, this at least should err on the side of better
+        performance "out of the box" for higher-end production
+        systems.
+
+        Note that you can always use the -i argument to z2 to change
+        the check interval.
+
+      - Added support for gzip content compression for clients that
+        support it. See lib/python/ZPublisher/HTTPResponse.py for more
+        details.
+
+      - Added ZCTextIndex plug-in index product. A replacement for TextIndex.
+
+      - Removed the venerable but senile QuickStart folder from the
+        default FileStorage.  "Alas, poor Yorick!  I knew him, Horatio."
+
+      - Signal handling and log rotation
+
+        All Zope process will respond to signals in the specified manner:
+
+        SIGHUP  - close open database connections and sockets, then restart the
+                  process
+
+        SIGTERM - close open database connections and sockets, then shut down.
+
+        SIGINT  - same as SIGTERM
+
+        SIGUSR2 - rotate all Zope log files (z2.log, event log, detailed log)
+
+        The common idiom for doing automated logfile rotation will become:
+
+         kill -USR2 `cat /path/to/var/z2.pid`
+
+        The common idiom for doing "prophylactic" restarts will become:
+
+         kill -HUP `cat /path/to/var/z2.pid`
+
+        When a process is interrupted via ctrl-C or via a TERM signal
+        (INT, TERM), all open database connections and sockets will be closed
+        before the process dies.  This will speed up restart time for sites
+        that use a FileStorage as its index will be written to the filesystem
+        before shutdown.
+
+        Unspecified signals kill the process without doing cleanup.
+
+      - ZCatalog no longer has a hand in managing text index vocabularies.
+        The cruft associated with this functionality has been exorcised.
+        No default indexes or metadata elements are defined for you when
+        you create a new ZCatalog. Since we now have many new kinds of
+        plug-in indexes it no longer made sense to do this
+        anymore.
+
+      - A new permission "Copy or Move" was added.  This permission
+        may be used respective to an object to prevent objects
+        from being copyable or movable while within the management
+        interface.  The "old" behavior stipulated that users whom
+        possessed the "View management screens" permission to an object's
+        container could copy or move the object arbitrarily, even if they
+        had limited access to the object itself.  Once the object was
+        moved or copied, the user became the owner of the new object,
+        allowing them to see potentially sensitive information in
+        the management interface for the object itself.  This permission
+        is granted to Manager and Anonymous by default, and must be
+        revoked on an object-by-object basis if site managers intend
+        to provide management screen access to folders which contain
+        sensitive subobjects.  This patch came as a result of
+        Collector #376 (thanks to Chris Deckard).
+
+      - Structured Text's "DocumentWithImages" class did not recognize
+        image filenames with underscores.
+
+      - The getElementsByTagName method of STDOM (used by Structured Text)
+        would croak on most documents, especially those containing
+        unwrapped text nodes.  Fixed.
+
+      - FileUpload objects now evaluate false when the have an empty file
+        name. Making it easier to check for omitted file upload form fields.
+
+      - ZClasses now use a python script as their constructor method
+        instead of a DTML method. Also, ZClasses inherit from
+        CatalogPathAwareness now instead of CatalogAwareness.
+
+      - added browser_default hook to ZPublisher. This allows objects to
+        specify the path to the default method that the publisher calls
+        when the object is published. The default for objects not defining
+        browser_default is still 'index_html' for bw compatibility.
+        A ZMI configurable browser_default implementation has been added
+        to ObjectManager. You can configure browser_default for OMs via
+        a new "settings" management tab.
+
+      - added TopicIndexes: a TopicIndex is a container for
+        so-called FilteredSet. A FilteredSet consists of an
+        expression and a set of internal ZCatalog document
+        identifiers that represent a pre-calculated result list for
+        performance reasons. Instead of executing the same query on
+        a ZCatalog multiple times it is much faster to use a
+        TopicIndex instead.
+
+      - requestprofiler: added new --daysago option and added
+        support for reading gzipped detailed logfiles
+
+      - DateTime: new functions JulianDay() and week()
+        to perform calculation of the week number based on the
+        Julian calendar.
+
+      - WebDAV: the new environment variable WEBDAV_SOURCE_PORT_CLIENTS
+        enables retrieval of the document source for dedicated WebDAV
+        clients (see ENVIRONMENT.txt for usage)
+
+      - Collector #272: Optimizations for RESPONSE.write
+
+      - Collector #271: New environment variables are now used
+        to send the access log into syslog. ZSYSLOG_ACCESS,
+        ZSYSLOG_ACCESS_FACILITY, and SYSLOG_ACCESS_SERVER now
+        do the same job as the old environment variables without
+        _ACCESS in their name. Those old environment variables
+        still do the same job of sending the event log to syslog.
+
+      - When run as a daemon on Unix, Zope will now redirect
+        stdin/stdout/stderr to /dev/null
+
+      - Nicer formatting for the increasingly tall permissions
+        table.
+
+      - TextIndex: Enhanced splitter functionality now allows the
+        TextIndex to index numbers, single characters. It is also
+        possible to enable case-sensitive indexing. The new
+        configuration options are available through the addForm
+        of the Vocabulary object.
+
+      - ICP server support. For more information see
+        http://www.zope.org/Members/htrd/icp/intro
+
+      - STXNG: added new env. variable STX_DEFAULT_LEVEL to change
+        the default level for <Hx> elements (see doc/ENVIRONMENT.txt)
+
+      - Collector #304: several catalog optimisations
+
+      - New implementation of ZODB object cache.  The new
+        implemenation is more likely to keep the size of the object
+    cache close to the target size.  This change means that memory
+    consumption may be reduced.  Some users will need to increase
+    the default cache size, because a too small setting is more
+    likely to hurt performance than it did in the past.
+
+        Third-party C extensions that use the persistence API must be
+        recompiled, and may need to be updated to work correctly with
+        the new cache; see PER_GHOSTIFY().
+
+      - The ZODB Connection is now resposible for registering changed
+        objects with the current transaction.
+
+      - Implementation of RestrictedCreation fishbowl proposal;
+        Product registration can now include a function used to
+        determine whether that product constructor want to allow
+        objects to be created in the specified container object.
+
+      - Collector 196: manage_page_style.css is now cacheable.
+        Added freshness information to ImageFile, to improve
+        cacheability of management interface
+
+      - Collector 358: added a new parameter no_push_item to
+        dtml-in, to inhibit automatically pushing sequence-item
+        onto the namespace stack.
+
+      - STXNG: Structured Text now supports images by default
+        by using the HTMLWithImages class (has been disabled prior
+        to Zope 2.6)
+
+      - new option --force-http-connection-close for z2.py to prevent
+        clients from maintaing pipelined connections to the Zope server
+        (Collector #412)
+
+      - Updated the Interface package to be compatible with Zope 3
+        Interfaces. This included changing some interface APIs that
+        may affect existing products.
+
+      - Added a database activity monitoring graph to the control panel,
+        making it easier to tune the ZODB cache size.
+
+    Bugs Fixed
+
+      - External methods didn't properly setup func_defaults and func_code
+        when they were first loaded. This meant mapply couldn't properly map
+        arguments on the first try.
+
+      - Fixed bug #96: Narrower/Wider buttons now work on both CSS and non-CSS
+        compliant browsers. This allows better control for browsers that have a
+        hard time knowing what 100% means.
+
+      - Fix for Collector #319: filtered_manage_options didn't
+        correctly filter tabs based on permission.
+
+      - Made repr of an HTTPRequest.record eval'able as a dict (Collector
+        #89).
+
+      - Fixed bug #144: Upload button on dtml, py scripts, images, files and
+        pts now raises an error if the file is not specified rather than
+        clearing the source.
+
+      - Fixed bug #275: setPermissionDefault didn't actually set the
+        right permission -> role mappings.
+
+      - Fixed bug reported on maillist during EWOULDBLOCK when using FTP server
+        (http:// lists.zope.org/pipermail/zope/2002-March/111521.html).
+
+      - App/FindHomes.py now computes the "real" path for SOFTWARE_HOME and
+        INSTANCE_HOME, resolving any symlinks in any element within paths
+        passed in via the INSTANCE_HOME or SOFTWARE_HOME envvars.  Paths that
+        are computed by "dead reckoning" from os.getcwd and module paths are
+        also "realpathed".  So for instance, if you use '/home/chrism/Instance'
+        as your INSTANCE_HOME, and '/home/chrism' is a symlink to
+        '/other/home/chrism', your INSTANCE_HOME will be computed as
+        '/other/home/chrism/Instance'.  This is necessary to avoid
+        weirdnesses while using "dead reckoning" from INSTANCE_HOME and
+        SOFTWARE_HOME in other parts of the code.  POSIX systems only.
+
+      - Fixed PropertyManager/PropertySheets so that you can safely add a
+        property named 'ids' without breaking your properties page.
+
+      - Removed spurious 'self' from scarecrow interfaces;  updated
+        method-generation in Interface package to ignore self when
+        source is a method (rather than a function).
+
+      - Collector #32: Use difflib instead of ndiff
+
+      - Fixed long standing bug in PythonScript where get_size returned
+        the incorrect length. This broke editing using EMACS via FTP or
+        WebDAV. Thanks to John Glavin at South River Technologies for
+        help finding the bug.
+
+      - Collector #207: fixed problem with inner links in STXNG
+
+      - Collector #210: HTML() function of StructuredText produced wrong
+        <h0> tags.
+
+      - Collector #166: ObjectManger.all_meta_types() implemented only
+        an incomplete filter based on interfaces.
+
+      - FTP: Downloading files through FTP has been broken since 2.4.0
+        because the downloaded file has been stored with a HTTP
+        header at the beginning of the file. Fixed!
+
+      - FTP: Spaces in usernames inside a FTP file listing are now
+        replaced by underscores to avoid confusion with some FTP clients.
+
+      - Collector #227: improved handling of unicode string in TextIndex.py
+        with unmodified default encoding in site.py.
+
+      - Collector #227: z2.py, TextIndex/dtml/manage_vocab.dtml modified
+        to display unicode strings in the vocabulary properly (now using
+        UTF-8 encoding for display purposes)
+
+      - Collector #250: applied several patches for TextIndex for better
+        unicode support for the GlobbingLexicon
+
+      - Collector #254: return owner object from getOwner wrapped in its
+        context
+
+      - Collector #259: walkandscrub.py did not delete all .pyc and .pyo
+        files during installation. Fixed.
+
+      - Collector #231: BTrees ignoring errors from comparison function
+
+      - Collector #278: DocumentWithImages could not handle URLs with
+        underscores
+
+      - Collector #279: changed exception handling for safegmtime() to
+        provide a more intuitive traceback for operating systems with a
+        limited gmtime() implementations
+
+      - Collector #285: Zope changes its working directory
+        to the var directory at startup
+
+      - WebDAV: removing an non-existing property now returns a HTTP
+        200-OK response instead of 404 (now compliant with RFC 2518)
+
+      - Fixed a bug in TM.py that would cause database adapters to hang
+        on errors in the second phase of the two-phase commit.
+
+      - Collector #291: ZCatalog not unindexing deleted properties
+
+      - Collector #266: Retried requests losing track of http request
+        headers, causing Connection:Close requests to stall
+
+      - Collector #17: Fixed broken links in StandardCacheManagers help
+
+      - Collector #1: UNIX security fixes: make starting Zope as 'root'
+        secure, stop using 'nobody', warn of insecure umasks
+
+      - Collector #303: Properties of type 'long' got truncated
+
+      - Collector #325: adding a new TextIndex to an existing Catalog
+        cleared the standard Vocabulary.
+
+      - Collector #373: content_type property for Image objects
+        are no longer deletable to prevent malfunction.
+
+      - Collector #343: The ZCatalogs 'Indexes' view showed the
+        wrong number of indexed objects for FieldIndexes.
+
+      - FTP server: replaced 'System_Process' by 'Sysproc' to
+        avoid breaking some FTP clients and the output format
+        with overlong usernames.
+
+      - Fixed a potential bug with cAccessControl's permission
+        role deallocator which would try to decref things which
+        may not have been set, due to a change in the initializer
+        (which will bail out if it doesnt get called with a tuple
+        argument)
+
+      - Collector #185, 341: PCGIServer and FCGIServer logs corrected
+        and now output extended information like HTTPServer does.
+
+      - Propertysheets: Ids like 'values' and 'items' are
+        now forbidden as they break WebDAV functionality. Existing
+        Propertysheets are not affected
+
+      - Collector #348: decapitate() now recognizes both \r\n and \n\n
+        to be compliant with the HTTP RFC
+
+      - Collector #386: workaround for hanging FTP connections
+        with NcFTP
+
+      - Collector #419: repaired off-by-1 errors and IndexErrors
+        when slicing BTree-based data structures.  For example,
+        an_IIBTree.items()[0:0] had length 1 (should be empty) if
+        the tree wsan't empty.
 
   Zope 2.5.1 beta 1