[Zope-Checkins] SVN: Zope/trunk/doc/HISTORY.txt updated
Andreas Jung
andreas at andreas-jung.com
Thu Jun 8 13:21:29 EDT 2006
Log message for revision 68529:
updated
Changed:
U Zope/trunk/doc/HISTORY.txt
-=-
Modified: Zope/trunk/doc/HISTORY.txt
===================================================================
--- Zope/trunk/doc/HISTORY.txt 2006-06-08 17:15:12 UTC (rev 68528)
+++ Zope/trunk/doc/HISTORY.txt 2006-06-08 17:21:28 UTC (rev 68529)
@@ -4,7603 +4,361 @@
Zope. Change information for the current release can be found
in the file CHANGES.txt.
+ Zope 2.10.0 beta 2 (unreleased)
- Zope 2.7.5 RC 2
-
- Bugs fixed
-
- - Renamed utility methods in zdaemon/tests/test_zdrun.py to avoid
- a clash with unittest.TestCase methods (the clash surfaced only
- under Python 2.4.1c1, due to subtle changes in MRO behavior).
-
- - Removed redundant 'getIndexSourceNames' implementation in
- lib/python/Products/PluginIndexes/common/UnIndex.py.
-
- - Hardened a locale-sensitive unit test in
- Zope/Startup/tests/testStarter.py against platform-specific
- return type of 'getlocale'.
-
- - Updated doc/INSTALL.txt to match currently preferred and
- acceptable Python versions.
-
- - Use 'del' instead of 'list.remove()' in
- Catalog.delColumn(). There can be only one column with the
- same name, and it could potentially break catalog metadata as
- remove() may remove more than one element from the list if
- they have the same value. Also, we already have the list index
- we are interested in deleting so it doesn't make sense to look
- up the value and call 'list.remove()' on it.
-
- Zope 2.7.5 RC 1 (2005/03/09)
-
- Bugs fixed
-
- - Collector #1721: Fixed handling of the 'extra' parameter in UnIndex.py
-
-
- Zope 2.7.5 beta 1 (2005/02/28)
-
- Features added
-
- - Collector #533: ZMI Find now searches in text Files.
-
- Bugs fixed
-
- - Collector #1705: CopySource._postCopy is never called
-
- - guarded_getattr: Restored ability to aquire "through" unprotected
- contexts, broken through overzealous cleanup in Zope 2.7.3.
-
- - ZEO/zrpc: Fixed several thread and asyncore races in ZEO's
- connection dance.
-
- - Collector #1683: fixing batching in the DA "Test" tab
-
- - Got rid of import order dependencies in PageTemplates, TAL, and
- ZTUtils. This also means that the Z2 implementation of PageTemplates
- no longer works outside of Zope.
-
- - Collector #1648: Fix bug in Medusa FTP
-
- - OFS.OrderSupport: Added tpValues method.
- Trees like the ZMI menu did not show subfolders in the defined order.
- (http://collector.zope.org/Zope/1339)
-
- - The IStreamIterator interface had inappropriate "self" arguments
- in its method definitions.
-
- - Clarified implementation of getUserById. The method should return
- None if the requested user does not exist.
-
- - Collector #1667: allow 'max-number-of-session-objects 0' to have
- the same effect as setting the value via the web interface (i.e.,
- make the number of session objects unlimited, rather than falling
- back to the default).
-
- - Collector #1661: make 'python-check-interval' setting in zope.conf
- actually work as documented. This setting allows for important
- tuning opportunities for production Zope servers.
-
- - Collector #1657: Don't break host-based virtual hosting when
- purging an HTTP accelerator cache.
-
- - Collector: #1651: removed compiler warning
-
- Zope 2.7.4 final (2005/01/15)
-
- Bugs fixed
-
- - Restored test.py to the version shipping with Zope 2.7.3.
-
- - Collector #1655: fixed severe memory leak in TemporaryStorage
-
- - Collector #1656: Several iterator operations were broken,
- particularly enumerate().
-
- - DTML Methods were not interoperable with the new filestream_iterator
- and caches based on it (FileCacheManager).
-
-
- Zope 2.7.4 RC 2 (2005/01/07)
-
- Bugs fixed
-
- - Collector #1407: fixed XML escaping problem introduced in 2.7.4 b1
-
- - moved Docutils back to lib/python/docutils
-
- - removed sitecustomize.py file introduced in 2.7.4b1
-
- - updated Docutils to V 0.3.7
-
- Zope 2.7.4 RC 1 (2004/12/23)
-
- Bugs fixed
-
- - Added a workaround that allows MSIE's (buggy) WebFolders client
- to display modified and created dates properly for Zope objects.
-
- - Running Zope as a service under Windows did not work.
-
- - Collector #1626: webdav.NullResource raised Forbidden as a
- last resort for any exception type, which masked genuine
- errors and also caused problems for clients legitimiately expecting
- an Unauthorized response. Fixed to raise Unauthorized if
- we get a CopyError, and let everything else pass through.
-
- - Collector #1151: HTTP compression was broken on error pages
-
- Zope 2.7.4 beta 2 (2004/12/15)
-
- Bugs fixed
-
- - Collector #1617: fixed unchecked buffer accesses and unchecked
- Python API calls in cAccessControl.c (thanks to Tim Peters)
-
- Zope 2.7.4 beta 1 (2004/12/02)
-
- Features added
-
- - RAMCacheManager: Allow invalidation of a cache entry from the
- Statistics view in the ZMI
-
- - Collector #1454/OFS.File: Accept content types ending with
- "javascript" as editable through the File edit form, just like
- text/<foo> types
-
- Bugs fixed
-
- - The REQUEST now contains a new entry ACTUAL_URL which contains the
- full URL without query string as it appears within the location bar of
- the browser. The key has been added to provide a single key that is
- available for vhosted and non-vhosted installations.
-
- - Collector #1605: VHM did not quote URLs
-
- - webdav.NullResource: doing a PUT of a large file could
- potentially bring your box to a halt, because the whole file
- would be read into memory just to detect the
- content-type. Added a 'large-file-threshold' directive to
- control the boundary where a file gets read completely into
- memory. The same directive controls the creation of a tmpfile
- vs. reading the whole request into memory on ZServer as well.
-
- - The 'connection-limit' directive was not taking effect as it
- modified a module-level global that was already bound to the
- functions that used it by the time the directive took
- effect. Modified the functions so that they import the
- variable in the function body instead of at the top of the
- module.
-
- - webdav.Resource: during COPY, manage_afterClone was called way
- too early, thus the object wasn't bound to the database and
- couldn't find a context. Changed to behave the same way as
- CopySupport.
-
- - RAMCacheManager: opimized performance by using cPickle instead
- of pickle and by using the highest pickle protocol available
- instead of using ASCII pickles (patch by Dieter Maurer)
-
- - Collector #631: Image URLs in StructuredText containing port
- numbers were not rendered correctly
-
- - Collector #1003: added new 'http-header-max-length' directive
- to zope.conf to specific the maximum length of a HTTP request
- header before it is considered as a possible DoS attack and
- discarded.
-
- - bin/zopectl test now uses os.execv, instead os os.system,
- so that options with characters that needs shell quoting
- doesn't break the command.
-
- - Updated doc/UNITTEST.txt and lib/python/Testing/README.txt to
- reflect progress made since UNITTEST.txt was originally written.
-
- - Collector #1498: Don't choke on malformed cookies. Cookies of
- the form "foo=bar; hmm; baz=gee" will give an empty value for
- 'hmm' instead of silently discarding it and the rest of the
- string. (Thanks to 'sirilyan' for the patch.)
-
- - Collector #945: Couldn't programmatically add "empty" PythonScripts.
-
- - Collector #1219: XML export is working again (Thanks Tres)
-
- - Collector #1510: Allow encoding of application/xhtml+xml pages
- according to the charset specified in the Content-Type header
- (thanks to Jacek Konieczny for the patch).
-
- - Collector #1599: made sqltest work with unicode strings (thanks
- to Peter Sabaini for the patch).
-
- - zopectl: fixed handling of child processes (patch by Dieter Maurer)
-
- - Collector #1593: fixed dumb _get_id() implementation in
- OFS.CopySupport that produced copy_of_copy_of....files (thanks
- to Alexandre Boeglin for the patch).
-
- - Collector #1450: files in utilities/ZODBTools are now installed
- during the installation process in the 'bin' directory
-
- - Collector #1371: added new 'cgi-maxlen' directive to zope.conf
- to limit the amount of form data being processed by Zope
- to prevent DoS attacks
-
- - Collector #1407: changed WebDAV display name for objects
- to title_or_id()
-
- - the 'trusted-proxy' directive in zope.conf now also accepts
- hostnames instead of IP addresses only (patch by Dieter Maurer)
-
- - Fixed test.py to not over-resolve symbolic links. Needed to run
- tests when the Products directory and a product are symlinks.
-
- - Collector #1583/ZReST: Fixed handling of the title attribute
- for non-ascii characters.
-
- - Collector #1577: Fixed cryptic error message in ZPublisher if a
- non-ASCII string is passed to a date, int, long or float property.
-
- - Collector #1576: Fixed Z Search Interface to use proper HTML.
-
- - Collector #1569/DateTime: Added a new ISO8601-method that will
- return correctly formatted ISO 8601-representations to augment
- the ISO method which isn't compliant with ISO 8601.
-
- - Collector #1127: strftime did not take timezone into account.
-
- - ZPublisher: changed some hardcoded 'latin1' arguments to 'iso-8859-15'
- since latin1 is obsolete.
-
- - Collector #1566: Installation of Zope on some older Solaris versions
- could fail due to a broken "echo" implementation causing the
- creation of a borked version.txt file.
-
- - Collector #934: Image and File objects are now always internally
- split into small chunks even when initialized from a string.
-
- - docutils: updated to V 0.3.5. The Zope core now contains a full copy
- of the docutils package except some GPLed files which can not be
- included with the Zope distribution due to license constraints on
- cvs.zope.org.
-
- - docutils: moved from lib/python/docutils to
- lib/python/third_party/docutils
-
- - Collector #1557/OFS.Image: Introducing new 'alt' property. The 'alt'
- attribute is no longer taken from the 'title' property but from the new
- 'alt' property. The border="0" attribute is no longer part of the HTML
- output except specified otherwise.
-
- - Set a default value of '' for the new 'alt' property as not to
- break existing content.
-
- - Collector #1511: made IPCServer show up in the Control Panel under
- "Network Services"
-
- - Collector #1443: Applied patch by Simon Eisenmann that reimplements
- the XML parser used in WebDAV fixing a memory leak.
-
- - Always unescape element contents on webdav.xmltools
-
- - Use saxutils to escape/unescape values for/from
- PROPFIND/PROPPATCH.
-
- - Make OFS.PropertySheet use the escaping function from
- webdav.xmltools.
-
- - Escape/unescape " and '
-
- - Don't escape properties stored as XML (ie: having a
- __xml_attrs__ metadata set by PROPPATCH) when building a
- PROPFIND response.
-
- - If a PROPPATCH element value contains only a CDATA section,
- store the CDATA contents only.
-
- - Catch AttributeErrors and KeyErrors raised from
- __bobo_traverse__ and convert them to NotFound. In debug mode
- a more verbose error message is issued, the same way it's done
- on attribute/item traversal.
-
- Zope 2.7.3 final (2004/10/24)
-
- Bugs fixed
-
-
- Zope 2.7.3 beta 2 (2004/10/11)
-
- Bugs fixed
-
- - PageTemplates/TAL: Enabled i18n namespace for XML mode.
- http://collector.zope.org/Zope/1101
-
- - Re-added the DAV header (Collector #1518) which had been removed
- in beta 1.
-
- - Added a "reset" button to the TOC management page and a reset
- argument to the associated target method. This allows users
- to decide to ditch the contents of their TOC and "start over".
- (Useful for people having problems with upgrades from older
- Zope versions).
-
- - Make TransientObjectContainer __setstate__ actually work.
- Upgrades should be flawless from Zope 2.7.0, 2.7.1, and 2.7.2.
- Upgrades from 2.6.3 will work, but data may not be retained.
-
- - Changed default resolution for new TransientObjectContainers to 60
- seconds (this is helpful to prevent certain classes of conflicts,
- see http://www.plope.com/Members/dunny/conflicts for more info).
-
- Zope 2.7.3 beta 1 (2004/09/26)
-
- Features added
-
- - Made test.py follow symbolic links on POSIX systems.
-
- - added a set of unit tests for the SiteErrorLog.
-
- - Add a knob (not exposed to UI) to TransientObjectContainer to
- turn off "inband" housekeeping Housekeeping can now optionally
- be done using an external scheduling facility by calling the
- "housekeep" method regularly.
-
- Bugs fixed
-
- - Collector #1425: correct example for trace logger in zope.conf.
-
- - Collector #1457: ZCTextIndex's QueryError and ParseError
- are now available for import from untrusted code.
-
- - Collector #1491: talgettext.py did not create a proper header
- for the generated .pot file if multiple pagetemplate files
- were processed.
-
- - A composite of sessioning/ZODB/publisher bugfixes should help
- various KeyError/SystemError symptoms when using Plone / PTS or
- under very high sessioning load See
- http://zope.org/Collectors/Zope/1401
- and http://collector.zope.org/Zope/789 .
-
- - TransientObject conflict resolver could potentially fail; when
- it failed, the conflict resolution machinery could resolve the
- TransientObject to None. (never reported)
-
- - Collector #1477: TaintedString.strip() now implements the
- same signature as str.strip()
-
- - Collector 789: Add Michael Dunstan's "explicit abort after error
- propagates into publisher" patch as documented in
- http://zope.org/Collectors/Zope/789 and as required by recent changes
- to ZODB which prevent a connection from being cleanly closed if
- modifications are extant in that connection. (Reports exist of
- improved sessioning behavior as a result also.)
-
- - If an object implementing the IStreamIterator interface
- (ala filestream_iterator) was returned by Zope to the publisher
- and for whatever reason, the ZServer response object was
- leaked, a reference to the stream iterator was kept around, which
- could result in a symptom of many files being held open by Zope
- after a large number of response objects had leaked. The
- response now explicitly removes the reference that it has to
- the stream producer after response output, sealing this variety
- of leak.
-
- - OFS: Fixed 'Last Modified' reverse sorting in main.dtml.
-
- - TAL: tal:on-error does not trap ConflictError anymore.
-
- - OFS.CopySupport: Enforced "Delete objects" permission during
- move (CMF Collector #259).
-
- - Removed DWIM'y attempt to filter acquired-but-not-aceessible
- results from 'guarded_getattr'.
-
- - Collector #1267: applied patch to fix segmentation faults on
- x86_64 systems
-
- - ZReST: the charset used in the rendered HTML was not set to the
- corresponding output_encoding property of the ZReST instance. In addition
- changing the encodings through the Properties tab did not re-render
- the HTML.
-
- - Collector #1234: an exception triple passed to LOG() was not propagated
- properly to the logging module of Python
-
- - Python 2.3.4 is now the recommended Python version, Python 2.3.3
- is still a valid choice
-
- - Collector #1441: Removed headers introduced to make Microsoft
- webfolders and office apps happy, since they make a lot of
- standards-compliant things unhappy AND they trick MS Office
- into trying to edit office files stored in Zope via WebDAV even
- when the user isn't allowed to edit them and is only trying to
- download them.
-
- If you NEED this functionality then uncomment the lines
- prefixed with:
-
- # XXMSXX
-
- ...in the following files:
-
- lib/python/webdav/Resource.py
- lib/python/webdav/Collection.py
- lib/python/ZServer/HTTPResponse.py
-
- AND file an issue in http://www.zope.org/Collectors/Zope since
- these headers are getting totally deleted in Zope 2.8 unless
- you do!
-
- - Collector #1445: Fixed bad interaction between -p and -v(v)
- options to test.py that resulted in exceptions being printed
- when they shouldn't have been.
-
- - Collector #1370: Fixed html generated by Z Search interface.
-
- - Collector #729: manage_main doesn't display the correct page title
- most of the time. It is not completely fixed but using title_or_id
- makes folders display the correct id as a fallback.
-
- - Collector #1295: Fixed minor niglet with the Elvis tutorial.
-
- - Collector #1436: applied patch to fix a memory leak in
- cAccessControl.
-
- - Collector #1435: fixed mis-spelled variable name in zopeservice.py
-
- - Collector #1431: fix in initgroups.c for NetBSD
-
- - Added Stefan Holek's changes to test.py that allow for tests to be
- run from an instance
-
- - added "version.txt" to setup.py to avoid untrue "unreleased version"
- messages within the control panel
-
- Zope 2.7.2 final (2004/07/21)
-
- Bugs fixed
-
- - ZEO/ClientStorage: fixed check for temporary cache files (patch
- by Dieter Maurer)
-
- Zope 2.7.2 RC1 (2004/07/14)
-
- Bugs fixed
-
- - Collector #1403: Transience._getCallback raised NameError when
- a path naming an onAdd or onDelete method pointed to a nonexistent
- object.
-
- - Collector #1384: Fixed LazyCat length calculation after all contained
- sequences have been fully accessed.
-
- - Collector #1386: Fixed ISO 1386, making the colon in the timezone
- offset optional.
-
- - Collector #1392: ExternalMethod ignored management_page_charset
-
- - Fix for issue 233 in the Zope 3 collector. This corresponds to the
- Hotfix_2004-07-13 product.
-
-
- Zope 2.7.1 final (2004/06/21)
-
- Bugs fixed
-
- - reST support has been broken due to a failed import
-
- Zope 2.7.1 beta2 (2004/06/12)
-
- Bugs fixed
-
- - Zope can now be embedded in C/C++ without exceptions being raised
- in zdoptions.
-
- - Sessioning machinery "delete notifier" could in many cases be called
- much later than the expiration of the actual session data object
- it was called upon. It is now guaranteed to be called on the first
- exercising of the session machinery after object expiration +
- 'session-resolution-seconds'.
-
- - Collector #1293: missing 'address' parameters within one of the server
- sections raise an exception.
-
- - Collector #1265: Fixed handling of orphans in ZTUtil.Batch
-
- - Collector #1213: Fixed wrong labels of cache parameters
-
- - Collector #596: Page Templates can now be added via
- ZPublisher.Client or any other situation in which
- REQUEST is passed without a file and a text arg is provided.
-
- Features Added
-
- - Collector #1317: FindSupport.ZopeFind now searches
- in SearchableText() if available (i.e. CMF content)
-
-
- Zope 2.7.1 beta1 (2004/05/23)
-
- Features Added
-
- - Collector #1233: Scripts written before the new configuration
- behavior in Zope 2.7 used to be able to simply do "import Zope;
- app = Zope.app()" to get a hold of the root Zope object. With
- the introduction of the new configuration machinery, an extra
- step needed to be taken, so the equivalent becomes "import Zope;
- Zope.configure('/path/to/configfile'); app=Zope.app()".
- This feature "fixes" that by allowing an environment variable
- "ZOPE_CONFIG" to be set. If the ZOPE_CONFIG envvar is set,
- the "Zope.configure(..)" line can be omitted, as the startup
- process will take the vaule of ZOPE_CONFIG as the config file
- name.
-
- - New top-level configuration file directive:
- 'session-esolution-seconds'. This represents an integer value
- specifying the number of seconds to be used as the "timeout resolution"
- of the '/temp_folder/session_data' transient object container in Zope's
- object database.
-
- - New knob for transient object containers: 'timeout resolution (in
- seconds). Setting this higher than the default (20 seconds)
- allows the transience machinery to do fewer "writes" at
- the expense of causing items to time out later than the "Data
- object timeout value" by a factor of (at most) this many
- seconds. This number must divide evenly into the number of
- timeout seconds ("Data object timeout value" * 60) and cannot
- be set higher than the timeout value in seconds.
-
- - New "transience" implementation which is more stable under high
- load. This fixes some sessioning problems. Much gratitude to
- Michael Dunstan for providing a function testing rig for sessioning
- that allowed for the reproduction of various failures at will!
-
- - Recataloging a ZCatalog instance is now more safe and predictable.
- Indexing errors are catched and logged. In addition the progress of the
- recataloging operation is logged. So one can see how much documents are
- already processed and how much documents are remaining.
-
- - AccessControl/Role.py: permission_settings() has a new optional
- parameter 'permission' to retrieve the settings for a specific
- permission.
-
- - OFS.OrderSupport: Added optional 'subset_ids' argument to move methods.
- This is useful in combination with views that filter out some hidden
- sub-objects.
-
- - Zope application code can now return a "stream iterator" object
- to ZPublisher. If a stream iterator is returned from
- application code, it will be unwound by Zope's networking code
- and its data will be rendered as the body of the response to a
- client. An example:
-
- def method_returning_a_stream_iterator(self):
- import os, stat
- from ZPublisher.Iterators import filestream_iterator
- path = '/var/zope/Z2.log'
- size = os.stat(path)[stat.ST_SIZE]
- self.REQUEST.RESPONSE.setHeader('Content-Length', size)
- return filestream_iterator('/var/zope/Z2.log', 'r')
-
- 'filestream_iterator' is a class which implements the
- "IStreamIterator" interface, which just signifies a "normal"
- Python iterator that is guaranteed to iterate over a stream of
- bytes. This interface is defined within the
- ZPublisher.Iterators module. Any instance of a class which
- implements this interface may be returned to ZPublisher.
-
- Before a stream iterator is returned from Zope code the
- 'Content-Length' header of the response *must* be set.
-
- The major use for this feature is to allow application code to
- serve static files from the filesystem without first needing to
- read all file data into memory or explicitly chunking data from
- static files out via 'RESPONSE.write' (both of which are slower
- than just letting medusa itself handle the output via a native
- producer).
-
- http://dev.zope.org/Wikis/DevSite/Proposals/FasterStaticContentServing
- has more information.
-
- - OFS.Image's index_html method now calls its own ZCacheable_set
- method with the single argument None. Existing cache managers
- such as HTTPAcceleratedCacheManager and RAMCacheManager will do
- nothing with this value, but other cache managers are free to
- inspect the caller and cache its data.
-
- - OFS.Image's index_html method now attempts to retrieve data
- from a cache manager via its own ZCacheable_get method.
- Previously, this method did call in to ZCacheable_get, but did
- nothing with the data that it retrieved (under the assumption
- that there are no cache manager implementations which could
- handle large file data). Existing cache managers will return a
- null value from ZCacheable_get, but future cache managers will
- be free to return a stream iterator, which can be returned
- directly to the publisher. For a sample implementation of such
- a cache manager, see cvs.zope.org:/Products/FileCacheManager.
-
- - OFS.Image's manage_FTPget now attempts to get data from a cache
- manager before sending back data out of the database.
-
- - New restructured text implementation with an updated docutils
- package v0.3.4.
-
- - New zope.conf directive called rest-header-level with a default
- value of 3. It's setting the initial header level for rest like
- structured-text-header-level for stx.
-
- - Collector #1233: Introducing a new environment variable ZOPE_CONFIG
- has can be used to specify the location of the zope.conf file for
- scripts importing the 'Zope' module directly. In earlier versions
- it has been necessary to call Zope.configure explict.
-
- Example::
-
- export ZOPE_CONFIG=$INSTANCE_HOME/etc/zope.conf
-
- From Python script:
-
- import Zope
- # Zope.configure('etc/zope.conf') <-- no longer needed
- app = Zope.app()
-
- - The testrunner.py has been removed since it is replaced with the
- test.py script.
-
-
Bugs Fixed
- - Collector #789: Zope's transaction behavior flawed. Historically,
- if an error bubbled up to Zope's publishing machinery, execution
- of the error handler code would be performed in a context
- that was essentially "between" two transactions. This caused
- problems for applications (like sessioning) which want to be able
- to write to the database during an error message. That need may sound
- insane, but since the transaction is aborted after the error handler
- has executed, it has the same effect as the "old" behavior inasmuch
- as no inconsistent state will ever be committed to the database
- as a result of this behavior unless someone really wants to shoot
- themselves by calling "transaction.commit()" during error
- handling code.
+ - Acquisition wrappers now correctly proxy __contains__.
- - TransientObjects (session data objects) may have lost state at
- ZODB commit time after they were mutated via their __setitem__,
- __delitem__, update, or clear methods because they did not
- signal to the ZODB persistence machinery that they had been
- modified.
+ - Collector #2116: sequence.sort() did not work properly
+ locale related comparison methods
+ Zope 2.10.0 beta 1 (2006/05/30)
- - Collector #852: Bug in the error reporting of some failure
- cases in transactions meant that the cause of the failure was
- not logged.
+ Restructuring
- - Collector #1345: AcceleratedHTTPCacheManager now sends the
- Last-Modified header.
+ - Zope 2.10+ now includes site.zcml as part of its instance
+ creation skel directory. As a consequence Five now requires
+ this file to exist in every instance. If upgrading a site
+ from Zope 2.9 to 2.10, you will need to copy site.zcml and
+ package-includes/ from your installed Zope installation
+ location (skel/etc/) into the etc/ directory of your upgraded
+ instance.
+
+ The rationale for requiring this new file is to bring Zope 2
+ instances closer in consistency to Zope 3 instances. It also
+ eases use of Zope 3 coding techniques in Zope 2 and removes
+ some confusion when trying to run pure Zope 3 applications on
+ Zope 2.
- - Fixed inconsistency between the way MultiHook and traverse() call
- traversal hooks.
+ - Products.PageTemplates now uses the Zope 3 ZPT implementation
+ in zope.pagetemplate.
- - Collector #1304: zopectl doesn't allow specification of zdrun
- effective user. zopectl now supports the -u switch which
- tells it to setuid to the specified username/uid when
- running the daemon manager.
+ - The TAL package has been deprecated in favour of the TAL
+ engine from zope.tal.
- - Collector #1341: TemporaryStorage was not usable under a ZEO server.
+ - Products.PageTemplates.TALES has been deprecated in favour of
+ the TALES engine from zope.tales.
- - Collector #777: 'HTTPRequest.__str__' was perfectly happy to display
- the values of password fields; the issue notes their presence in the
- error log, but '<dtml-var REQEUEST>' or
- '<div tal:replace structure request>' had the same effect.
+ - ZTUtils.Iterator has been deprecated in favour of the TALES
+ iterator implementation in zope.tales.tales.
- - Fixed bug in catalog merging which could cause a KeyError when
- merging results sorted by an index with few keys.
+ - ZCatalog: removed manage_deleteIndex(), manage_delColumns()
+ which were deprecated since Zope 2.4
- - Collector #1126: ZPublisher.Converters.field2lines now using
- splitlines() instead of split('\n').
+ - deprecated the zLOG module. Use Pythons 'logging' module instead.
- - Collector #1322: fixed HTML quoting problem with ZSQL methods
- in DA.py
+ - replaced all zLOG occurences (expect the zLOG module itself) with
+ the 'logging' module
- - TemporaryStorage bug fixed where KeyErrors could be reported
- coming from TemporaryStorage.load (most often reported seen
- during sessioning usage).
+ - PluginIndexes/TextIndex is deprecated. Use ZCTextIndex instead
- - Collector #1261: fspack.py neglected to import the oid_repr()
- function, but used it to produce error output.
+ - the 'StructuredText' module is deprecated. Use zope.structuredtext
+ instead
- - Collector #1124: The ZReST product now uses the same reST encoding
- parameters from zope.conf as the low-level reStructuredText
- implementation.
+ - removed ZopeTutorial (Elvis is now really dead)
- - Collector #1259: removed the "uninstall" target from the Makefile
- since the uninstall routine could also remove non-Zope files. Because
- this was to dangerous it has been removed completely.
+ - ZClasses are deprecated and should no longer be used. In addition
+ any code related to the ZClasses (re)distribution mechanism is
+ removed.
- - Collector #1299: Fixed bug in sequence.sort()
+ - ZGadyFlyDA/Gadfly is deprecated
- - Collector #1309: The reference counts reported by
- DB.cacheExtremeDetails() for ghosts were one too small.
+ - deprecated OFS.content_types (to be removed in Zope 2.11) and
+ replaced all occurences with zope.app.content_types
- - Collector #1159: Added test for __MACH__ to initgroups.c so the
- initgroups method becomes available on Mac OS X.
+ - OFS.content_types: moved code to zope.app.content_types and added
+ method aliases
- - Collector #1226: ZTUtils.Tree encoding could include carriage
- returns, which would result in a malformed cookie HTTP header.
+ - Using FastCGI is offically deprecated.
- - Collector #1222: Fixed broken API help by adding missing security
- declarations in APIHelpTopic.py.
-
- - Collector #1004: text,token properties were missing in
- PropertyManager management page.
-
- - Collector #553: sporadic Zope crashes
- BTree bucket conflict resolution could segfault if fed three empty
- buckets. A BTree had to start out empty, and two overlapping
- transactions had to each add something to the tree and delete it
- again before committing, so this was unlikely and hard to reproduce.
-
- - Collector #1298, ZSQLMethods now have a __traceback_supplement__
- so they are not rendered in the site error log.
-
- - Collector #562: pDocumentTemplate is now disconnected because it
- has been broken for some time. It will no longer get imported
- if cDocumentTemplate isn't there. It is left only as an implementation
- reference for the C version.
-
- - Collector #1300, Fixed persistence of dtml-tree state which was
- caused by an overly cautious unpickler.
-
- - Collector #544: Remove Content-Length header for 304 responses from
- images/files which violated RFC 2616. This was a workaround for a
- since fixed Apache proxy-cache bug.
-
- - Display index name on error message when index can't be used as
- 'sort_on'.
-
- - PUT would fail if the created object had a __len__ = 0 (eg:
- BTreeFolder2) and fallback to _default_put_factory. Fix by
- checking if the returned object is None instead.
-
- - Fix performance bug when calculating the number of objects in a
- large ZCatalog. This made clicking on the indexes tab of such a
- catalog extremely expensive.
-
- - Collector #1289: Allow ZSQL methods to be edited via WebDAV.
-
- - Collector #1283: DTML Method "standard_error_message" with uppercase
- html tag
-
- - WebDAV property values were not being properly escaped on
- 'propstat'.
-
- - WebDAV 'supportedlock' was not checking if the object did
- implement the WriteLockInterface before returning it's
- value.
-
- - FTP download speed was very slow because the buffer size used
- for the feeding of data into asyncore was very small. Increasing
- it to a "normal" amount sped up FTP downloads by ~ 100X.
-
- - OFS.Image's insanely long index_html method was factored out
- into several parts.
-
- - ZCatalog result/brain methods getPath() and getObject() now properly
- propagate database conflict errors which should eliminate spurious
- missing results on busy servers.
-
- - Collector #1160: HTTPResponse.expireCookie() potentially didn't
- when an 'expires' keyword argument was passed.
-
- - reStructuredText ignored the encoding parameters in zope.conf
-
- - ObjectManager no longer raises string exceptions.
-
- - Collector #1260: Testing/__init__.py no longer changes the
- INSTANCE_HOME.
-
- - App.config.setConfiguration() did not update the legacy source
- for debug_mode, Globals.DevelopmentMode.
-
- - Collector #1255: getWrappedOwner() must return None if the object
- is owned by the UnownableOwner.
-
- - Collector 434: meta-refresh on web-based restart was set too low,
- and would often try to hit the server too soon on slower machines,
- displaying a 500 error, which caused people to panic. It was
- 5 seconds, it's now 10.
-
- - Minor usability tweaks
-
- * Made selection widgets of FindSupport forms 8 lines high.
-
- - Stop testrunner.py from recursing into the 'build-base' directory
- created by setup.py.
-
- - Pass along command line args to scripts called via "zopectl run".
- This allows you to use scripts which require arguments using
- zopectl run. If you do "zopectl run scriptname.py arg1 arg2", the
- value of sys.argv within the script will consist of
- ['scriptname.py', 'arg1', 'arg2'].
-
- - The security-policy-implementation directive had no effect.
- It was not possible to switch from the C implementation.
-
- - DeprecationWarnings in Scripts were converted into mysterious
- exceptions. Scripts now gain a '_filepath' attribute, used at
- runtime as the '__file__' global value.
-
- - zopectl under daemon mode on MacOS X 10.3, Solaris, Linux 2.6 kernels
- emitted a traceback upon startup. This has been fixed.
- See http://zope.org/Collectors/Zope/1235 for more info.
-
- - mkzeoinst.py complained if there was already a process listening
- on the port that the new instance was told to listen on, and would
- not install instance files until the process was shut down. This
- has been fixed.
-
- - ZPublisher/Test.py publish() function now conveys
- publisher-specific environment variables on when explicitly
- specified in the -e env variable. This change should be very
- backwards compatable, since it was previously futile to
- provide these values. Also, publish_module() now notices when
- it gets a mapping-like argument named 'form' and puts it on
- the request - a handy way to get form data to the publisher.
- This change may be suprising if you're used to having your
- forms ignored.
-
- I think these Zope.debug() enhancments are pretty safe, since
- up to now it's been a tool good for not much more than poking
- and prodding. Now it should be more useful for more thorough
- testing purposes.
-
- - ObjectManager will now attempt to set Owner local role keyed
- to the user's id, rather than username.
-
- Zope 2.7.0 (2004/02/11)
-
- (no changes from rc2)
-
- Zope 2.7.0 rc 2 (2004/01/30)
-
- Bugs Fixed
-
- - One of the 2.6.3 fixes added a previously missing security check
- when binding 'context' and 'container' to Python Scripts. Because
- many existing scripts appear in containers that users cannot access,
- this caused a lot of unauthorized errors in existing (mostly CMF)
- sites, since 'container' is bound by default. The fix has been
- adjusted so that an unauthorized is only raised if the bound name
- is actually used in a script, making backward compatibility much
- better.
-
- - Collector #1154 / # 615: interaction with sessions could cause
- the security context to be discarded, potentially breaking scripts
- that depend on proxy roles.
-
- - Stopped overriding the version of xmlrpclib in the Python
- standard library. As of Python 2.3, the standard xmlrpclib now
- includes all the features Zope needs, plus bugfixes and
- integration with new Python types.
-
- - A pre-existing bug that could cause subtly different results
- when calling the C vs. Python version of validate() through the
- authorize() method of a UserFolder was found and fixed.
-
- - An inadvertant change to the behavior of Owned.getOwner was
- reverted.
-
- - Fix for bug 1207: errors building in read-only directories.
-
-
- Zope 2.7.0 rc1 (2004/01/19)
-
- Bugs Fixed
-
- - Collector #1182: Functions for handling decisions about
- unprotected subobjects were not passed "names" when doing
- unnamed (item) access. In 2.6.3 we changed access checks when
- doing item access to pass None rather than the key value when
- validating access. This broke some existing applications. We
- have reverted these changes.
-
- - Collector #1186: some globals required to support certain operations
- in restricted code (e.g., list comprehensions in DTML expressions)
- were not propagated to all the right places.
-
- - Collector #1074: Change Scripts' __name__ to None, added unit
- tests for the effect of __name__ on class definitions and imports.
-
- - README.txt (and other file-like objects or directories without
- an __init__.py) on the Products path are no longer considered
- to be Products. A warning message is no longer raised about
- duplicate README.txt "products" upon startup in a default
- installation.
-
- - XMLRPC queries failed due to a missing import.
-
- - Forward-ported Toby's unicode encoding hacks for propertysheets
- from the 2.6 branch.
-
- - Some potential refcount issues in cAccessControl.c were fixed.
-
- - Fixed bug in ZEO server's monitor option. The -m / --monitor
- option used to specify the monitor address did not work.
-
- Zope 2.7.0b4 (2004/01/09)
-
- Default config file changes
-
- - Zope no longer creates "default" ZODB databases if none exist in
- the zope config file. At least one database (the root database,
- at mount-point /) must be specified in zope.conf for Zope to start
- properly now. In zope.conf files generated by older 2.7 betas,
- just uncomment the "main" and "temporary" zodb_db definitions
- in the zope.conf file to be in parity with what would have been
- generated in 2.7b4 and beyond.
-
- - Zope no longer configures a "default" set of servers if no
- servers are specified in the config file. If no servers are
- specified in the config file, no servers are started.
-
Features added
- - Folder listings in FTP now include "." as well as "..".
+ - Included Zope 3.3 and corresponding Five 1.5 release.
- - Using "_usage" parameters in a ZCatalog query is deprecated and
- logged as DeprecationWarning.
-
- - Added a "mime-types" configuration value which names a file
- giving additional MIME type to filename extension mappings.
- The "mime-types" setting may be given more than once in the
- configuration file; the files have the same format at the
- mime.types file distributed with Apache.
-
- - Added a "warnfilter" config directive which allows for
- the specification of Python warning filters from within
- the Zope configuration file.
-
- - When a VHM is activated, it adds the mapping
- 'VIRTUAL_URL_PARTS': (SERVER_URL, BASEPATH1, virtual_url_path)
- to the request's 'other' dictionary. If BASEPATH1 is empty, it
- is omitted from the tuple. The joined parts are also added
- under the key 'VIRTUAL_URL'. Since the parts are evaluated
- before traversal continues, they will not reflect modifications
- to the path during traversal or by the addition of a default
- method such as 'index_html'.
-
- - Added VHM regression tests to the SiteAccess product. Also see
- Collector #809.
-
- - Updated the interactive Zope tutorial to use ZPT in place of
- DTML.
-
- - When installing, symlink the Python used to build Zope into the
- installed 'bin' directory (unless it has a 'python' already).
-
- - Python 2.3 builtins 'sum', 'dict', and 'enumerate' exposed to
- guarded code.
-
- Bugs fixed
-
- - Collector #1140: setting the access control implementation from
- the configuration file didn't work. The ZOPE_SECURITY_POLICY
- environment variable is no longer honored.
-
- - Browsers that do not escape html in query strings such as
- Internet Explorer 5.5 could potentially send a script tag in a
- query string to the ZSearch interface for cross-site scripting.
-
- - FilteredSets (used within TopicIndex) are defined via an expression,
- which was naievely eval'ed.
-
- - The ZTUtils SimpleTree decompressed tree state data from the
- request without checking for final size, which could allow for
- certain types of DoS attacks.
-
- - Inadequate security assertions on administrative "find" methods
- could potentially be abused.
-
- - Some improper security assertions on DTMLDocument objects could
- potentially allow access to members that should be protected.
-
- - Class security was not properly intialized for PythonScripts,
- potentially allowing access to variables that should be protected.
- It turned out that most of the security assertions were in fact
- activated as a side effect of other code, but this fix is still
- appropriate to ensure that all security declarations are properly
- applied.
-
- - The dtml-tree tag used an "eval" of user-supplied data; its
- efforts to prevent abuse were ineffective.
-
- - XML-RPC marshalling of class instances used the instance
- __dict__ to marshal the object, and could include attributes
- prefixed with an underscore name. These attributes are considered
- private in Zope and should generally not be disclosed.
-
- - Some property types were stored in a mutable data type (list) which
- could potentially allow untrusted code to effect changes on those
- properties without going through appropriate security checks in
- particular scenarios.
-
- - Inadequate type checking could allow unicode values passed to
- RESPONSE.write() to be passed into deeper layers of asyncore,
- where an exception would eventually be generated at a level that
- would cause the Zserver main loop to terminate.
-
- - The variables bound to page templates and Python scripts such as
- "context" and "container" were not checked adequately, allowing
- a script to potentially access those objects without ensuring the
- necessary permissions on the part of the executing user.
-
- - Iteration over sequences could in some cases fail to check access
- to an object obtained from the sequence. Subsequent checks (such
- as for attributes access) of such an object would still be
- performed, but it should not have been possible to obtain the
- object in the first place.
-
- - List and dictionary instance methods such as the get method of
- dictionary objects were not security aware and could return an
- object without checking access to that object. Subsequent checks
- (such as for attributes access) of such an object would still be
- performed, but it should not have been possible to obtain the
- object in the first place.
-
- - Use of 'import as. in Python scripts could potentially rebind
- names in ways that could be used to avoid appropriate security
- checks.
-
- - A number of newer built-ins (min, max, enumerate, iter, sum)
- were either unavailable in untrusted code or did not perform
- adequate security checking.
-
- - Unpacking via function calls, variable assignment, exception
- variables and other contexts did not perform adequate security
- checks, potentially allowing access to objects that should have
- been protected.
-
- - DTMLMethods with proxy rights could incorrectly transfer those
- rights via acquisition when traversing to a parent object.
-
- - Range searches with KeywordIndexes did not work with record-style
- query parameters
-
- - Collector #484: Depending on the server's timezone (east of Greenwich)
- and os (Windows) _calcTimezoneName didn't work with 1970/01/01 and some
- other special dates.
-
- - Item_w__name__ now has a working getId() method
-
- - PageTemplateFile now using Item_w__name__ mixin, fixing
- its getId() and absolute_url() methods.
-
- - PCGI, FCGI, and HTTP servers now check for unicode types in their
- close methods.
-
- - Only one VirtualHostMonster is allowed per container.
-
- - Collector #1133: TreeTag choked on Ids of type long.
-
- - Collector #1012: A carefully crafted compressed tree state
- could violate size limit. Limit is no longer hardcoded.
-
- - Collector #1139: tal:attributes didn't escape double quotes.
-
- - Collector #809: Added and documented Traversable.py methods
- absolute_url_path and virtual_url_path, and reverted earlier
- change to absolute_url behaviour.
-
- - Collector #927: Raise a more specific exception than BadRequest
- when disconnected.
-
- - Collector #1129: Improper parsing of ISO8601 in DateTime.
-
- - updated docutils packages (fixes several problems with
- RestructuredText)
-
- - Fixed a bug in the ZEO server's getInvalidations() method. If
- it had the requested invalidations, it would send all the
- invalidations in its queue rather than just the requested ones.
- This didn't affect correctness of the cache, but did cause it
- to throw out valid data.
-
- Zope 2.7.0b3 (2003/11/18)
-
- Features added
-
- - Add 'parity' method to ZTUtils Iterators.
-
- - Allow untrusted code to mutate ZPublisher record objects.
-
- - Changed the ZEO server and control process to work with a
- single configuration file; this is now the default way to
- configure these processes. (It's still possible to use
- separate configuration files.) The ZEO configuration file can
- now include a "runner" section used by the control process and
- ignored by the ZEO server process itself. If present, the
- control process can use the same configuration file.
-
- - ZConfig was updated to version 2.0. The new version includes
- two new ways to perform schema extension; of particular
- interest in Zope is the ability for a configuration file to
- "import" new schema components to allow 3rd-party components
- (such as storages, databases, or logging handlers) to be used.
-
- - Add an update_metadata keyword argument to instances of a
- Catalog's catalogObject method and an ZCatalog's catalog_object
- method. This argument defaults to true. If this argument is
- specified false, the catalog update will not update the
- metadata for the object. If the obejct has never been
- cataloged before, the metadata is always added and the flag has
- no effect.
-
- - The standard ProperyManager now includes the same label
- functionality as the CMF SimpleItemWithProperties object.
- By adding a 'label' entry to the property definition you
- can now display a prettier label for the property.
-
- Bugs fixed
-
- - Removed all cases where string literals were raised as exceptions,
- and where named strings caused deprecation messages during unit
- tests (some named strings may still be hiding in the woodwork).
-
- - AccessControl.User used a misleading string exeception,
- 'NotImplemented', which shadowed the Python builtin.
-
- - Collector #1112: logfile reopening didn't work.
-
- - Collector #1110: Under Python 2.3, some DateIndex tests were failing.
-
- - Collector #426: Inconsistent, undocumented error() method.
-
- - Collector #799: Eliminate improper uses of SCRIPT_NAME.
-
- - Collector #445: Add internal global declaration for Script bindings.
-
- - Collector #616: Make CONTEXTS available to TALES Python expressions.
-
- - Collector #1074: Give Script execution context a __name__
-
- - Collector #1095: Allow TAL paths starting with '/varname' as a
- preferred spelling for 'CONTEXTS/varname'.
-
- - Collector #391: Cut and paste now requires delete permissions.
-
- - Collector #331: Referenses to URL in manage_tabs was changed
- to REQUEST.URL to prevent accidental overriding.
-
- - Made the control panel properly reflect the cache-size setting
- of ZODB's object cache once again.
-
- - ConflictError was swallowed in ObjectManager by
- manage_beforeDelete and _delObject. This could break code
- expecting to do cleanups before deletion.
-
- - Python 2.3 BooleanType wasn't handled properly by ZTUtils
- marshalling and ZPublisher's converters.
-
- - Collector #1065: bin/ scripts didn't export HOME envars.
-
- - Collector #1034: METAL macros with content-type text/xml raised
- Unauthorized errors inappropriately.
-
- - Collector #572: WebDAV GET protected by 'FTP Access' permission.
- Two new methods have been added to WebDAV resources, "manage_DAVget"
- and "listDAVObjects". These are now used by WebDAV instead of the
- earlier "manage_FTPget" and "objectValues". This separates the
- permissions, and allows WebDAV specific overriding of these methods.
-
- - Workaround for Collector #1081: The 'title' property for objects
- derived from OFS.Folder or PropertyManager can now be
- removed and replaced with a ustring property. This allows the usage
- of non-ISO-8859-1 or ASCII charsets
-
- - profile-publisher-file config file directive now works properly
- (thanks to Andy McKay for the report).
-
- - Collector #904: Platform specific signals in zdaemon/Daemon.py
- (fixed by removing the "fossil" module from 2.7 branch and head).
-
- - Collector #951: DateTime(None) now equal to DateTime()
-
- - Collector #1056: aq_acquire() ignored the default argument
-
- - Collector #1087: ZPT: "repeat/item/length" did not work as documented
- in the Zope Book.
-
- - Collector #1079: Fixed BaseRequest's traversal loop to avoid some
- infinite loop scenarios.
-
- - The View tab in the ZMI in some cases pointed back to
- manage_workspace.
-
- - Added the name "context" as a synonym for "here" in page
- templates, since "context" is better understood. This unifies
- the convention in templates, scripts, and Zope 3.
-
- - Disassociate zeo-client-name from enable-product-installation
- ZConfig keys. In the past, if you ran an appserver as ZEO
- client with a persistent cache, the startup logic prevented
- products from being loaded. This was a hack that got baked in
- via the weird interaction between the FORCE_PRODUCT_LOAD and
- ZEO_CLIENT environment variables and was carried over into Zope
- 2.7 by inertia. Now they have nothing to do with each other
- and can be specified independently.
-
- - Monitor server would start even if an emergency user didn't exist.
-
- - Collector #721: Entities in tal:attribute values weren't
- properly escaped.
-
- - Collector #851: Traversable.py: A bare try..except shadowed
- conflict errors
-
- - Collector #1058: Several fixes for PropertySheets when used
- outside ZClasses
-
- - Collector #1053: parseIndexRequest turned empty sequence of search
- terms into unrestricted search.
-
- - manage_tabs had a namespace problem with the acquisition of names from
- the manage_options variable resulting to acquire "target" and "action"
- from objects above in the hierachy.
-
- - PathIndex and TopicIndex are now using a counter for the number
- of indexed objects instead of using a very expensive calculation
- based on the keys of their indexes.
-
- - Collector #1039: Whitespace problem in Z2.log fixed
-
- - Collector #78: Proxy roles not respected when calling
- manage_pasteObjects.
-
- - changed some bare try: except:'s in Shared.DC.ZRDB.Connection
- so that they now log exceptions that occur.
-
- - Responses from Zope's FTP server could sometimes be HTML!
-
- Zope 2.7.0b2 (2003/08/26)
-
- Features added
-
- - New zopectl feature: adduser. Instead of using the inituser
- mechanism, "zopectl adduser <name> <password>" will add a user
- with the 'Manager' role to your site. This is useful both
- interactively and for packagers.
-
- - New top-level package: nt_svcutils. This takes the place of
- the Zope.Startup.nt package to allow for reuse outside of Zope.
-
- - Renamed the "service file" for a Zope instance under Windows
- from ntservice.py to zopeservice.py to allow a ZEO server
- instance to share the same instance home as a Zope instance
- (the ZEO service file will be called zeoservice.py).
-
- - The TemporaryStorage module was moved from
- Products/TemporaryFolder to a new top-level package named
- tempstorage.
-
- - Split functionality of mkzopeinstance into two separate
- modules: mkzopeinstance.py and copyzopeskel.py.
- copyzopeskel.py can be used directly by packagers to install
- custom skeleton directories or mkzopeinstance can use a custom
- skeleton directory via the '--skelsrc' flag.
-
- - Added 'environment' and 'path' directives to config file directive
- list. 'environment' is a section which allows the user to specify
- environment variables within the config file. 'path' allows the
- user to specify additional directories to insert into sys.path
- when configuration is processed.
-
- - Moved temporary storage related files into their own module
- within lib/python, out of Products.TemporaryStorage. This was
- necessary in order to prevent the configuration machinery from
- prematurely importing some modules that it didn't need to
- during startup (the transitive set of all imported modules
- within Products.TemporaryStorage).
-
- - Add a check to the configurator to ensure that the Python found
- has an expat parser.
-
- Bugs fixed
-
- - The Products directory in an instance home was not
- automatically added to the Products.__path__ (it needed to be
- specified manually). It is now automatically added at instance
- startup.
-
- - The Windows runzope.bat file generated by mkzopeinstance from
- the default skeleton directory now uses python.exe instead of
- pythonw.exe, so you can actually see output from the Zope
- process when you run it interactively.
-
- - backport of TAL fixes from z3
-
- * i18n and metal interactions
-
- * fix handling of nested translations with tal:content/replace
- and i18n:name
-
- - Collector #1017: reST has been broken
-
- - backward compatibility for i18n:attributes
-
- if items are separated with spaces and there are more than two items,
- all are treated as attributes plus deprecation warning
-
- if items are separated with spaces and there are two items :
-
- * i18n:attributes="value msg_id;" (with semicolon) will always be
- treated as <attr> <msg_id>
-
- * i18n:attributes="value title" will be treated as <attr> <attr>
- as long as title exist as attribute (both as static or in
- tal:attributes) plus deprecation warning
-
- - deny attributes being both part of tal:attributes
- and having a messageid in i18n:attributes
-
- - Fixed failing Zope.Startup tests caused by import of
- nonexistent Startup.getSchema function.
-
- - VHM: manage_edit has been broken
-
- - The container-class keyword to database sections
- didn't work.
-
- - ZConfig didn't report a line number and munged capitalization
- of replacement keys when a replacement error was provided.
-
- - log-to-stderr on startup will now emit messages to the console at
- the lowest logging level defined by any of the handlers in the
- eventlog section.
-
- - entirely removed warning when the starting user's umask is "too
- permissive". it wasn't clear that it added any value under normal
- operations.
-
- - debug-mode config file option did not work.
-
- - ZClasses that subclassed ObjectManager that were created in
- earlier versions of Zope would not load under 2.6, due to
- the new Interfaces package. Added back a simple stub module
- and changed a constructor to allow these ZClasses to work.
-
- - Bugfix: if zopectl is run as the root user, the debug, run, and
- adduser commands will cause the Python process which performs
- those actions to switch users to the effective user. This
- prevents ZODB index files, log files, etc. from being written
- as root, potentially preventing later startup by the effective
- user.
-
- - Bugfix: allow the zopectl process to ascertain the program that
- zdrun should run from the Zope config file. This is necessary
- if the file is moved out of a "single-directory-as-instance"
- instance home.
-
- - Various fixes to content of ZopeTutorial to deal with URLs moving
- on new.zope.org (thanks to Stefane Fermigier).
-
- - Added optparse and textwrap modules to docutils package to prevent
- ReST barfage (AJ).
-
- - Added a sample zeoclient and tempstorage stanzas to the default
- config file (zope.conf.in).
-
- - Various tweaks to the dbtab configuration code (Shane).
-
- - Various fixes/enhancements to ZODB/ZEO (PythonLabs).
-
- - Removed 'inst/Zope.spec' Zope RPM spec file in favor of placing
- it in a separate internal ZC repository. It will be available
- in the SRPM.
-
- - Fix for Collector 823 (XML RPC exception values were always
- converted to strings and thus turned into a Fault object).
- Thanks to Sandor Palfy for the patch.
-
- - Remove --zeo/-z flags from mkzopeinstance.py, as custom_zodb.py
- is no longer the preferred method of configuring custom
- storages now that we have DBTab in the core, and you should be
- able to create a custom skeleton dir with the right
- zope.conf.in that has a zeo client storage set up if you need
- to.
-
- - 'make sdist' now creates a file with an extension of '.tgz'
- rather than .'.tar.gz' (mainly to meet the expectations of
- Zope.org about file names).
-
- - moved 'zpasswd.py' into utilities directory in source tree.
-
- Zope 2.7.0b1 (2003/07/21)
-
- Features added
-
- - zopectl command now has 'debug' and 'run' options.
-
- - the zodb_db section in zope.conf now accepts a 'connection-class'
- key that accepts a python dotted-path-name to use as the
- connection class for the database.
-
- - The ReST input and output encodings are now configured via the
- 'rest-input-encoding' and 'rest-output-encoding' config file
- directives rather than the REST_INPUT_ENCODING and
- REST_OUTPUT_ENCODING environment variables.
-
- - Datetime-format settings are now configured via the
- 'datetime-format' configuration file directive rather than the
- DATETIME_FORMAT environment variable.
-
- - Trusted proxies are now configured via the 'trusted-proxy'
- configuration file directive rather than the
- ZOPE_TRUSTED_PROXIES environment variable.
-
- - The maximum number of sockets that ZServer will open in order to
- service incoming connections can now be specified via the
- max-listen-sockets conf file parameter.
-
- - Shane Hathaway's DBTab product has been integrated. The
- Control_Panel -> Databases tab now allows you to control all
- mounted databases. You can add a mount point by editing the
- zope.conf file, adding a zodb_db section for the main database
- and other mounted databases, and choosing "ZODB Mount Point"
- from the Zope "Add" list.
-
- - DTML Methods and Documents supply a traceback supplement when called.
-
- - Windows installer contains NT/2K/XP service support on
- a per-instance-home basis.
-
- - zopectl command now has 'debug' and 'run' options.
-
- - the zodb_db section in zope.conf now accepts a 'connection-class'
- key that accepts a python dotted-path-name to use as the
- connection class for the database.
-
- Bugs Fixed
-
- - mkzopeinstance did not expand tildes in directory name input.
-
- - The 'configure' script did not work under Solaris sh.
-
- - The SiteErrorLog object did not ignore NotFound errors,
- which caused (mainly) useless messages to be kept in the log.
-
- - The addition of a linefeed to version.txt in lib/python caused
- Apache proxies to choke because the string was injected into
- a header including the linefeed. This has been fixed.
-
- - Collector: #964: standard_error_message refers to looking into the
- HTML code for more information which is deprecated. Referring to
- the error log now.
-
- - Collector #893: Mailhost: munge_header has been broken for addresses
- containing the recipients full name
-
- - Zope's setup.py didn't include the ZEO.auth package.
-
- - Collector #628: Applied patch to fix several textarea resize
- problems.
-
- - Collector #953: fixed namespace collision with form_title in ZMI
-
- - Collector #342: Avoiding insertion of a BASE tag for file objects
- with content-type text/html
-
- - Windows installer properly deletes pyc/pyo files on uninstall.
-
- - Windows binary post-install quickstart page is now more
- informative.
-
- - Fixed a potential bug in ZTUtils.Tree.decodeExpansion where a
- potentially empty string was tested for it's first character; used
- .startswith for safety.
-
- Zope 2.7.0a1 (2003/07/03)
-
- Features added
-
- - OFS: OrderSupport and OrderedFolder added. OrderSupport is a mixin class
- that adds the IOrderedContainer interface to ObjectManagers.
- OrderedFolder - meta_type 'Folder (Ordered)' - is a new Folder class
- using OrderSupport.
- (thanks to Stephan Richter for inspiration and some code)
-
- - Folder: Constructor now takes an optional 'id' argument.
-
- - Show known medusa servers in Control_Panel.
-
- - New startup and installation regime (./configure; make; make install
- instances use a config file, daemon is now a separate process). See
- http://dev.zope.org/Wikis/DevSite/Proposals/InstallationAndConfiguration
- for more information.
-
- - New module: App.config. New API for getting a configuration
- object. This should be the preferred way for all code in Zope
- to get configured values for many settings. For settings made
- available via this module, alternate locations are deprecated,
- though will to be supported for Zope 2.7.
-
- - Collector #435: Support for passwords encoded using MySQL's
- PASSWORD() function add to lib/python/AccessControl/AuthEncoding.py.
-
- - Collector #167: Support __getattr__ on cAccessControl PermissionRole
- objects to allow gathering of permission names for products like
- DocFinder and VerboseSecurity.
-
- - Added a new REQUEST method, getClientAddr(), to determine a clients
- IP address. Address restrictions in the user folder have been changed
- to use this method. By default the value returned by this method is the
- same as the initial value of REQUEST['REMOTE_ADDR']. Zope also has
- support for obtaining a more useful value from other headers if a
- front-end proxy is in use. See doc/ENVIRONMENT.txt for details.
-
- - DateTime module: added support to parse international dateformats. The
- Datetime constructor has a new "datefmt" parameter to enforce the
- parsing of a date as "us" or "international" date. The new field
- descriptor field descriptor "date_international" can be used to
- enforce this behaviour inside the ZPublisher. See also
- doc/ENVIRONMENT.txt to check with the DATETIME_FORMAT
-
- - KeywordIndex, FieldIndex and ZCTextIndex are now able to index more
- than one attribute of an object. This removes the ties between the
- indexes ID and the attribute name to be indexed.
-
- - Integration of reStructuredText (reST) and the ZReST product
- by Richard Jones. See doc/RESTRUCTUREDTEXT.txt for details.
-
- - Objects locked through WebDAV are now marked with a lock icon
- inside the ZMI.
-
- - Collector #741: Applied patch to provide better FTP error messages.
-
- - Made all PluginIndexes and ZCTextIndex use 'safe_callable',
- which is aware of extension classes that fill 'tp_callable'
- but don't define '__call__'.
-
- - Made KeywordIndex be more robust about receiving a value that
- is not a string or an iterable type.
-
- Bugs Fixed
-
- - Collector #954: clear() method of TopicIndex removed all filter sets
- instead of clearing them.
-
- - Collector #939: Fixed typo in TopicIndexes
-
- - Collector #937: UnicodeError exception available within PythonScripts
-
- - Collector #902: recursive Scripts were broken due to shared globals.
-
- - Product initialization would only consult a file named "version.txt"
- to read version information. Now it will check version.txt, VERSION.txt
- and VERSION.TXT.
-
- - Collector #928: DateIndex ignored timezones when indexing and
- querying
-
- - Collector #892: misleading error msg when initializing an OIBTree
- from a dict with a float value. The message claimed that the
- dict's items didn't consist of 2-element tuples, but of course
- they do. The TypeError now says "expected integer value".
-
- - Collector #882: delPropertySheet was broken due to a typo
-
- - Collector #683: WeDAV request without XML preamble
- were not recognized by Zope and raised an exception.
-
- - Index constructors were called without acquisition context of the
- calling object. This caused caller.getPhysicalPath() to fail for
- indexes depending on this information.
-
- - Collector #814: PathIndexes now uses IITreeSet instead of
- IISet. This should result in less memory usage.
-
- - Fixed a whitespace problem in Z2.log (AWStats failed to process
- Zope logfiles)
-
- - Collector #816: dtml-sendmail corrupted header if message was
- left blank.
-
- - Collector #790: WebDAV access is granted by default only
- to Managers and Authenticated users instead to Anonymous users.
- This restricts access to the Control_Panel and especially
- to the Products management to trusted users.
-
- - Rename, Cut & Delete operations on locked objects (WebDAV) are
- no longer permitted and will raise an exception. Copies of
- locked objects are copied without lock.
-
- - Collector #634: Image objects can now be rendered without border
- attribute by calling "image.tag(border='')".
-
- - Collector #695: Object IDs "." and ".." are no longer permitted.
-
- - Collector #771: ZCatalog failed to index DTML Document if the name
- of a catalog metadata was identical with the name of an acquired
- object.
-
- - Collector #686: intSets no longer lose their values.
-
- - Collector #685: Improved documentation explaining how, where and
- why security assertions should be placed in:
- lib/python/Products/PythonScripts/README.txt
- lib/python/Products/PythonScripts/module_access_examples.py
-
- - The ZEO unit tests and wo_pcgi.py didn't run on Windows if the path
- to the python executable included a space.
-
- - Some calls to os.system('chmod') has been replaced with the more
- portable os.chmod() call, to make install work properly on Windows.
-
- - Fixed an isinstance() check in SimpleItem on standard_error_message
- handling that would always break if the first argument was not
- an extension class because the second argument was a type.
-
- - Any write request could be tricked into writing into a version
- be setting a version cookie or by including a version name in
- the request. Now we require the user to globally have
- permission to join or leave versions to run a request in a
- version.
-
- Backward incompatabilities
-
- - We no longer honor local security settings that would allow
- someone to join or leave versions unless the location of the
- settings is a folder directly or indirectly containing the
- user's user folder.
-
- Bugs Fixed
-
- - Collector #956: automatically installing Examples at startup
- could be a security risk. Examples now must be installed
- explicitly by the user (thanks to Jamie Heilman and day0).
-
- - Collector #954: clear() method of TopicIndex removed all filter sets
- instead of clearing them.
-
- - Collector #882: Fixed typo in PropertySheets
-
- - Collector #939: Fixed typo in TopicIndexes
-
- - Collector #937: UnicodeError exception available within PythonScripts
-
- - Collector #902: recursive Scripts were broken due to shared globals.
-
- - Product initialization would only consult a file named "version.txt"
- to read version information. Now it will check version.txt, VERSION.txt
- and VERSION.TXT.
-
- - Make ZCTextIndex much less prone to generating conflict errors.
- Previously *any* concurrent updates would provoke a conflict.
-
- - Fix query performance and scalability bug in ZCTextIndex.
-
- - Collector #928: DateIndex ignored timezones when indexing and
- querying
-
- - Any write request could be tricked into writing into a version
- be setting a version cookie or by including a version name in
- the request. Now we require the user to globally have
- permission to join or leave versions to run a request in a
- version.
-
- - Fixed a problem with potentially mis-acquiring 'func_code' in
- publisher BeforeTraverse hook.
-
- - Fix for issue 683: Image cache manager headers were not sent
- when an image request returned a 304 (in response to an if-mod-since
- request).
-
- - Made all PluginIndexes and ZCTextIndex use 'safe_callable',
- which is aware of extension classes that fill 'tp_callable'
- but don't define '__call__'.
-
- - Made KeywordIndex be more robust about receiving a value that
- is not a string or an iterable type.
-
- - Fixed incorrect docstring in OFSP/Image help.
-
- - Fixed unhelpful signal description.
-
-
- Zope 2.6.2 beta 2
-
- Bugs Fixed
+ - There is now a default favicon.ico.
- - TemporaryStorage (which is used by TemporaryFolder, and thus
- the default sessioning configuration) no longer uses a
- "LowConflictConnection" database connection. This fixes
- a bug in which data structures used for session housekeeping
- data could become desynchronized; the symptom for this was
- KeyErrors being raised from TransientObjectContainer's 'get'
- method. As a result, many more conflicts will be raised under
- high session load, but desynchronization will not occur.
-
- - Fix potential performance bug in PathIndex.
-
- - Scored result sets from catalog (i.e., from text indexes) can now be
- merged and sorted together across queries like unscored results.
-
- - Fixed a memory leak in TALES. If an exception propagated from
- a tal:repeat block, an uncollectable cycle held a reference to
- everything in the TALES context.
-
- - If you're running in development mode, Zope will now
- raise an exception if a product cannot be initialized properly
- instead of silently continuing. This is to prevent a debugging
- frenzy in which you spelunk through one more more half-initialized
- modules wondering why the class you wanted isn't part of the
- module namespace. If not in development mode, the process
- continues silently.
-
- - Though Python 2.2.2 is not officially supported, a potential
- issue was found when running under 2.2.2. Some built-in types
- gained docstrings in the 2.2.2 release, making them
- publishable where they weren't publishable before. A fix has
- been added to the publisher to ensure that the types of
- objects that are publishable do not change between 2.1 and
- 2.2.
-
- Zope 2.6.1 beta 2
-
- Features added
-
- - DateTime objects now have a tzoffset() method that returns the objects
- timezones offset from GMT in seconds.
-
- Bugs Fixed
-
- - Collector #740: DateTime now handles positive numerical timezones correcly.
-
- - Collector #763: There was no error when you had a sendmail-tag
- without specifying a mailhost or smpthost. Also added a missing import.
-
- - Work around potential BTrees key enumeration bugs in Transience
- package by checking explicitly for error cases.
-
- - Collector #736: ZPublisher now allows marshalling tags to contain
- a '-'. This is the first step towards a fix for Collector #737
-
- - Collector #714: CopySupport's manage_clone now calls
- manage_afterClone in the saem way that manage_pasteObjects does.
-
- - Collector #697: Multiple selection properties were incorrectly
- marshalled. note than any non-ascii multiple selection properties
- modified in versions without this fix will have been corrupted in
- the zodb.
-
- - Collector #256: Added a check in _doChangeUser to make sure
- passwords isn't encrypted twice.
-
- - Added a sortKey() method to Shared.DC.ZRDB.TM to silence warnings
- from updated ZODB that DAs dont have that method.
-
- Zope 2.6.1 beta 1
-
- Bugs Fixed
-
- - VirtualHostMonster handles empty Mapping paths properly.
-
- - Deadlock prevention code added.
-
- It was possible for earlier versions of ZODB to deadlock when
- using multiple storages. If multiple transactions committed
- concurrently and both transactions involved two or more shared
- storages, deadlock was possible. This problem has been fixed
- by introducing a sortKey() method to the transaction and
- storage APIs that is used to define an ordering on transaction
- participants. This solution will prevent deadlocks provided
- that all transaction participants that use locks define a
- valid sortKey() method. A warning is raised if a participant
- does not define sortKey(). For backwards compatibility,
- BaseStorage provides a sortKey() that uses __name__.
-
- - Fixed bug in FileStorage related to object uncreation. An
- attempt to load an uncreated object now raises KeyError.
-
- - Fixed a couple bugs in FileStorage recover() that wrote
- incorrect backpointers.
-
- - Fixed data_txn attribute of iterator data records to use
- the transaction id of the previous transaction, even if it
- also has a data_txn field.
-
- - Fixed conflict resolution bug that raised a NameError when a
- class involved in a conflict could not be loaded.
-
- - Fixed C extensions that included standard header files before
- Python.h, which is not allowed.
-
- - Added code to ThreadedAsync/LoopCallback.py to work around a
- bug in asyncore.py: a handled signal can cause unwanted reads
- to happen.
-
- - Collector #651: WebDAV Lock Manager was broken.
-
- - Collector #646: metal:slot was lost during the I18n merge.
-
- - Collector #640: Fix security assertion on ZCTextIndex query method.
-
- - Delayed opening the ZODB until after the "Zope" module has
- been imported, fixing a deadlock issue involving ZEO. The
- "Zope" module now has a "startup()" function.
-
- - Fixed a NameError in the recent change to DateTime.rfc822().
-
- - Made DateTime.rfc822() simpler and independent of local timezone.
-
- - Fixed bug in Transience reported by kedai which caused spurious
- KeyErrors under heavy sessioning usage.
-
- - Fixed bug in the Interface Verify package; base interfaces were not
- included in an interface compliancy test.
-
- - Collector #650: Fixed implicit list marshalling for lists where the
- first two values are tainted.
-
- - Collector #671: HTTP Ranges were broken for files and images whose
- length wasn't exactly divisible by 2**16.
-
- - ModuleSecurityInfo declarations could be lost if further declarations
- were made after the Info object already had been applied. Such
- additional declarations could take place in Python trusted code run
- after Zope strartup or during a Product refresh.
-
- - Collector #699: MailHosts created in 2.5 breaks in 2.6.
-
- - Collector #694: dtml-sendmail mailto specification replaces "To:" header.
- - Collector #702: DateTime.rfc822() fails without daylight saving
-
- - Collector #703: KeyErrors raised when unindexing a PathIndex (and
- TopicIndexes) should be swallowed and logged.
-
- Zope 2.6.0
-
- Bugs Fixed
-
- - Caused many places throughout the code base to use
- calls to user.getId() rather than user.getUserName(). With
- most (all?) user folder implementations today, this will have
- no behavioral change, as getId is always alised to getUserName.
- However, this makes it possible to write user folder
- implementations which make the distinction between the user's
- id and the user's name. These user folders will allow users
- to change names independent of their identity.
-
- - WebDAV Lock Manager actually gives the user a chance to
- specify a starting path **before** searching for locks,
- shortening query times and memory usage in large Zope
- instances.
-
- - PageTemplateFiles were previously owned by whatever object
- contained them. This resulted in very hard bugs if the user who
- owned the container was removed. Since PageTemplateFiles come
- from the filesystem, they are now "unowned", similar to
- DTMLFiles. Security is still applied, but now it is applied
- correctly.
-
- - Collector #411: DateTime.rfc822 is not rfc822 compliant
-
- Zope 2.6.0 beta 2
-
-
- Bugs Fixed
-
- - The ability to add multiple select properties to
- PropertyManagers was broken (issue 612).
-
- - Removed the signal handler hung off USR1 for packing the database.
- This feature proved dangerous as the pack operation would happen in
- the main thread, causing all asyncore operations to stop until it
- was finished.
-
- - Collector #372: tal:attributes failed when combined with tal:replace.
-
- - Don't try to close network connections in the signal handler
- for shutdown. This hosed ZEO clients.
-
- - Collector #292: PythonScript.write() didn't properly refresh bindings.
-
- - Dumb bug in zdaemon fixed in which it would try to kill
- process numbers 1, 2, 3, 10, 12, and 15 when it caught a
- signal related to any of these signal numbers. Instead, it
- actually tries now to kill its child process with the same
- signal.
-
- - Write pidfiles out with trailing newlines.
-
- - Fix setVirtualRoot in the face of unicode paths (such as occur
- during an XML-RPC request.
-
- - Collector #539: Fixed rendering of TAL namespace tags with an
- 'on-error' statement.
-
- - Collector #586: Generated 'start' scripts had a nonsensical
- export of an "INST_HOME" environment variable.
-
- - Collector #580: TALES evaluateBoolean() was squishing 'default'.
-
- - Collector #581: TALES Path traversal should not special-case a blank
- string in the second element position. It now skips directly
- to item access when a path element is blank or has a leading '_'.
-
- - Fixed inconsistent attribute access in TALES Paths.
-
- - Deprecated hasRole alias failed to return result.
-
- - Collector #538: Hybrid path expressions no longer attempt to call
- a value returned by the final, non-path alternate.
-
- - Collector #573: ZTUtils Iterator didn't catch AttributeError.
-
- - Collector #517: The properties page incorrectly rendered properties
- with non-latin1 values if there were no unicode properties defined,
- and incorrectly processed properties with non-ascii names.
-
- - ZTUtils.SimpleTree could not build a tree with a root other than the
- ZODB root object. Also, filter functions didn't work at all, let
- alone in accordance with the documentation in the code.
-
- - Collector #603: ZTUtils.Tree.encodeExpansion encoded depth with '.'
- characters, but decodeExpansion could possibly see an encoded node
- id as an encoded depth when that encoded id started with a '.'.
-
- - Collector #605: ZTUtils.Tree.decodeExpansion set no limits on the
- string to be decoded, allowing for a DoS attack with very large
- strings.
-
- - The fix for issue #144 broke the ability to create an empty Image or
- File object. This functionality is now reenabled again.
-
- - ZTUtils.Zope.TreeSkipMixin allows you to skip unauthorized objects in
- the tree, but the filter wasn't applied when trying to filter candidate
- child nodes through a custom setChildAccess filter.
-
- - Emails sent through MailHost now automatically include a Date header if
- not already present, in compliance with RFC822 and RFC2822.
-
- Features Added
-
- - Add optional 'relative' argument to getURL the method in CatalogBrains.
- This allows it to generate site relative URLs like absolute_url can.
-
- - ZTUtils.Tree.encodeExpansion now will use zlib compression by default,
- allowing for a far larger number of open tree states to be encoded.
- decodeExpansion handles compressed expansion states automatically.
-
- - ZTUtils.Tree.TreeMaker now has additional methods for setting
- various flags and attributes that influence how the tree is built,
- making these aspects accessible to PythonScripts.
-
- - ZTUtils.Tree.TreeMaker has a new method setStateFunction, which
- allows you to set a callback function that can influence the state
- (open, closed, leaf) of each node in the tree.
-
- - Pidfile handling improved. When Zope is started under
- zdaemon, it no longer writes its own pidfile. Instead, it
- passes in the path to Z2.pid to zdaemon as its pidfile name.
- The 'zProcessManager.pid' file is no longer ever written.
- This caused a change to the -Z option of z2.py which should be
- mostly backwards-compatible (unless people were relying on
- zProcessManager.pid to be written). Now the -Z option is a
- boolean. -Z1 means use a daemon. -Z0 means dont. The
- default is -Z1.
-
- Zope 2.6.0 beta 1
-
- Bugs Fixed
-
- - Collector #587: fixed wrong migration to string methods in
- DTMLMethod.py
-
- - Collector #583: Searching for '/' with PathIndexes failed.
-
- - Fixed bug in manage_editProperties which used an incorrect default
- for several types of property when they were not found in the
- REQUEST.
-
- - Collector #574: Fixed write on HEAD requests caused by overzealous
- ETag support.
-
- - Fixed bug in z2.py where it would eat certain socket error exceptions
- at startup.
-
- - Collector #550: Exceptions in XML-RPC requests no longer envoke
- standard_error_message. Plain text error messages are instead added to
- the fault string. In debug mode, a full traceback is also included
- since access to the error log is not a given for XML-RPC developers.
-
- - Collector #512,541: Fixed broken WebDAV compatiblity
- with Cadaver 0.20.X due to a missing Lock-Token header.
-
- - Zope Page Templates set a 'content-type' header even if
- the result of their execution was not rendered to the browser.
- We now check to make sure a content-type header is not
- already set before allowing a page template to set its own.
-
- - The title_or_id attribute of browser id managers and
- session data managers is now accessible publically.
-
- - Collector #510: When Python scripts and other "Script" objects were
- acquired during URL traversal, the __before_publishing_traverse__ code
- did not properly stop traversal at the script and populate
- traverse_subpath with the remaining url path elements.
-
- - Collector #238: Version Save and Discard buttons were too
- close to each other in Version management screens.
-
- - The "Add Browser ID Manager" permission was renamed to
- "Add Browser Id Manager".
-
- - Collector #437: dtml-sqltest now renders 'v not in (b,c)'
- when used as <dtml-sqltest v type=... multiple op=ne>.
- Previously, a sqltest for inequality would render 'v <> b'
- when a single value was submitted, but would render
- 'a in (b,c)' when multiple values were present and the
- 'multiple' switch was set.
-
- - Collector #478: Z Search Interfaces with no parameters are now
- generating correct HTML.
-
- - Collector #448: Z Search Interfaces created as PageTemplates
- have a correct title, not a fragment of dtml.
-
- - Fixed brokenness of session data manager hasSessionData method.
- The old method created a session data object as a result of the
- call; it does not now.
-
- - Collector #458: Fixed broken reindex_all in CatalogAwareness classes.
-
- - The default "start" script now causes the event log to be sent to
- standard output unless the "EVENT_LOG_FILE" or "STUPID_LOG_FILE"
- environment variable is found in the environment.
-
- - The much-hated name "STUPID_LOG_FILE" now has a preferred
- alias: "EVENT_LOG_FILE".
-
- - Collector #454: The "default" session_data transient object
- container was not created if an object named "session_data"
- existed in the root.
-
- - Restored behavior of ZCatalog when arguments with empty string are
- passed in to searchResults. These values are now ignored. If only
- empty string values are passed to searchResults, then it returns all
- results (it is assuming what was passed is essentially an empty
- filter).
-
- - Collector #160: Allow TemporaryStorages to participate
- when a version is active.
-
- - Collector #446: Fixed management security assertions on
- ZCatalogIndexes class.
-
- - The BTree module functions weightedIntersection() and
- weightedUnion() now treat negative weights as documented. It's
- hard to explain what their effects were before this fix, as
- the sign bits were getting confused with an internal
- distinction between whether the result should be a set or a
- mapping.
-
- - New "Transience" (session data storage) implementation.
- More reliable under high load.
-
- - Collector #402: PythonScript recompile utility should only be
- usable by Manager to prevent abuse.
-
- - Collector #433: Fixed broken Splitter backwards compatiblity
- issue caused by code cleanup.
-
- - Collector #151: The Python 2.1 / 2.2 fcntl compatibility hacks
- were bypassed when using medusa directly without importing
- ZServer first (as when using monitor_client.py).
-
- - Collector #72: Start on Windows 95 machines with no network
- devices installed.
-
- - Collector #79: Don't swallow App.FindHomes exceptions.
-
- - The set operation difference(X, None) was returning None
- instead of returning X, contradicting the docs and common
- sense. difference(None, X) continues to return None.
-
- - Fix bug in ISO_8859_1 splitter which corruped storage on
- initialization.
-
- - Collector #421: Storage leak in cAccessControl
-
- - FileLibrary and GuestBook example applications gave anonymous
- users the Manager proxy role when uploading files - a potential
- vulnerability on production servers.
-
- - Exceptions that use untrusted information from a REQUEST object in
- the exception message now html-quote that information.
-
- - Stop leaking FastCGI Authorization header in environment to
- prevent password compromise
-
- - #178: Don't compile PythonScripts in skins directories
-
- - Fixed the help registration system and Zope tutorial to honor
- the environment variables, FORCE_PRODUCT_LOAD, and ZEO_CACHE,
- that affect whether products are installed in the database at
- application startup.
-
- - Collector #547: xmlrpclib SlowParser should also handle CDATA
- sections.
-
- - Collector #525: Don't mask Unautorized exceptions as XML-RPC faults.
- Fix based on patch from Brad Clements.
-
- - Collector #465: Allow XML-RPC requests with no <params /> tag.
-
- - Collector #528: Don't clear REQUEST_METHOD for XML-RPC requests;
- instead check for an XML-RPC Response objetc in
- BaseRequest.traverse.
-
- Features Added
-
- - Browser ids can now be encoded in the URL and Zope can be
- instructed to automatically include the browser id in its
- generated URLs.
-
- - Browser Id Managers now provide a saner way to obtain a
- hidden form element which encodes the browser id name and
- browser id. An interface method named "getHiddenFormField"
- on browser id managers now exists which returns a snippet of
- HTML as a hidden form field that encodes these values.
-
- - A Site Error Log object is now created in the root at Zope
- startup time.
-
- - Added 'url_unquote' and 'url_unquote_plus' modifiers
- to DTML (also fmt=url-unquote and fmt=url-unquote-plus),
- and made the same functions available in the PythonScripts.standard
- module.
-
- - Collector #186: Added urlencode to the standard importables for
- Python scripts.
-
- - <dtml-var name> and &dtml.-name; will now automatically HTML-quote
- unsafe data taken implictly from the REQUEST object. Data taken
- explicitly from the REQUEST object is not affected, as well as any
- other data not originating from REQUEST. This can be disabled (at
- your own risk!) by setting the environment variable
- ZOPE_DTML_REQUEST_AUTOQUOTE to one of 'no', '0', or 'disabled'.
-
- - ZCatalog index management ui is now integrated into ZCatalog rather
- than being a subobject managment screen with different tabs.
+ - Experimental WSGI and Twisted support for http.
+ Zope now has a WSGI interface for integration with other
+ web-servers than ZServer. Most notably Twisted is supported.
+ The WSGI application is ZPublisher.WSGIPublisher.publish_module
- - ZCTextIndexes can now be instantiated without constructing a silly
- "extra" record object if desired.
-
- - SimpleItem class now passes a new argument "error_log_url" to
- the standard_error_message template on error. If the site contains
- an error log object, this will contain the url to the applicable log
- entry for the error.
-
- - The IOBTree module also supports multiunion() now.
-
- - BTrees and TreeSets are complex objects, with parent->child
- pointers, sibling pointers, and multi-level parent->descendant
- pointers. About half the pointers are formally redundant, but
- speed operations. BTrees and TreeSets now support a ._check()
- method, which does a thorough job of examining all these
- pointers for consistency. It raises AssertionError if it finds
- any problems, else returns None. In Zope 2.5, in rare cases a
- key deletion could leave these internal pointers in an
- inconsistent state (what was supposed to be redundant
- information became conflicting information). The most likely
- symptom was that tree.keys() would yield an object that
- disgreed with the tree about how many keys there are.
- tree._check() can be used if you suspect such a problem (and if
- you find one, rebuilding the tree is the best solution for now).
-
- - Added support for the ZOPE_HOME environment variable, which
- points to the Zope root, where the ZServer package and default
- imports may be found.
-
- - Collector #516 -- "title" property on image tags
-
- - Collector #117 -- change External Method DTML to name="id" vs
- unquoted id
-
- - Collector #61 -- now manage_PasteObjects return a list of dictionaries
- containing {'id':original_id,'new_id':newly_pasted_obj_id} when called
- with REQUEST=None
-
- - Changed FORCE_PRODUCT_LOAD so that if it is set, it determines
- whether products are installed regardless of whether ZEO_CACHE is
- set. This means that you can disable product installation by setting
- FORCE_PRODUCT_LOAD to an empty string even if you are not using a
- ZEO persistent cache.
-
- Documented FORCE_PRODUCT_LOAD
-
- - xmlrpclib has been updated to the Python 2.2 version, which includes
- support for the Expat parser for unmarshalling data, which speeds up
- things considerably.
-
- - Binary builds for Linux are now built against glibc 2.1.3 with large
- file support enabled.
-
- - Binary builds for Solaris are now built against Solaris 8 with large
- file support enabled.
-
- - Added i18n support in TAL processing
-
- Zope 2.6.0 alpha 1
-
- Features Added
-
- - The IIBTree module has a new multiunion function. It accepts
- a sequence of sets, treesets, etc, and returns the union of
- the keys of these objects, as an IISet. It's designed
- for peak speed when the input sequence contains many objects.
-
- - Set the default sys checkinterval to a higher value (500) to
- take better advantage of faster processors. Since there is no
- way to scientifically determine a number that works best for
- everyone, this at least should err on the side of better
- performance "out of the box" for higher-end production
- systems.
-
- Note that you can always use the -i argument to z2 to change
- the check interval.
-
- - Added support for gzip content compression for clients that
- support it. See lib/python/ZPublisher/HTTPResponse.py for more
- details.
-
- - Added ZCTextIndex plug-in index product. A replacement for TextIndex.
-
- - Removed the venerable but senile QuickStart folder from the
- default FileStorage. "Alas, poor Yorick! I knew him, Horatio."
-
- - Signal handling and log rotation
-
- All Zope process will respond to signals in the specified manner:
-
- SIGHUP - close open database connections and sockets, then restart the
- process
-
- SIGTERM - close open database connections and sockets, then shut down.
-
- SIGINT - same as SIGTERM
-
- SIGUSR2 - rotate all Zope log files (z2.log, event log, detailed log)
-
- The common idiom for doing automated logfile rotation will become:
-
- kill -USR2 `cat /path/to/var/z2.pid`
-
- The common idiom for doing "prophylactic" restarts will become:
-
- kill -HUP `cat /path/to/var/z2.pid`
-
- When a process is interrupted via ctrl-C or via a TERM signal
- (INT, TERM), all open database connections and sockets will be closed
- before the process dies. This will speed up restart time for sites
- that use a FileStorage as its index will be written to the filesystem
- before shutdown.
-
- Unspecified signals kill the process without doing cleanup.
-
- - ZCatalog no longer has a hand in managing text index vocabularies.
- The cruft associated with this functionality has been exorcised.
- No default indexes or metadata elements are defined for you when
- you create a new ZCatalog. Since we now have many new kinds of
- plug-in indexes it no longer made sense to do this
- anymore.
-
- - A new permission "Copy or Move" was added. This permission
- may be used respective to an object to prevent objects
- from being copyable or movable while within the management
- interface. The "old" behavior stipulated that users whom
- possessed the "View management screens" permission to an object's
- container could copy or move the object arbitrarily, even if they
- had limited access to the object itself. Once the object was
- moved or copied, the user became the owner of the new object,
- allowing them to see potentially sensitive information in
- the management interface for the object itself. This permission
- is granted to Manager and Anonymous by default, and must be
- revoked on an object-by-object basis if site managers intend
- to provide management screen access to folders which contain
- sensitive subobjects. This patch came as a result of
- Collector #376 (thanks to Chris Deckard).
-
- - Structured Text's "DocumentWithImages" class did not recognize
- image filenames with underscores.
-
- - The getElementsByTagName method of STDOM (used by Structured Text)
- would croak on most documents, especially those containing
- unwrapped text nodes. Fixed.
-
- - FileUpload objects now evaluate false when the have an empty file
- name. Making it easier to check for omitted file upload form fields.
-
- - ZClasses now use a python script as their constructor method
- instead of a DTML method. Also, ZClasses inherit from
- CatalogPathAwareness now instead of CatalogAwareness.
-
- - added browser_default hook to ZPublisher. This allows objects to
- specify the path to the default method that the publisher calls
- when the object is published. The default for objects not defining
- browser_default is still 'index_html' for bw compatibility.
- A ZMI configurable browser_default implementation has been added
- to ObjectManager. You can configure browser_default for OMs via
- a new "settings" management tab.
-
- - added TopicIndexes: a TopicIndex is a container for
- so-called FilteredSet. A FilteredSet consists of an
- expression and a set of internal ZCatalog document
- identifiers that represent a pre-calculated result list for
- performance reasons. Instead of executing the same query on
- a ZCatalog multiple times it is much faster to use a
- TopicIndex instead.
-
- - requestprofiler: added new --daysago option and added
- support for reading gzipped detailed logfiles
-
- - DateTime: new functions JulianDay() and week()
- to perform calculation of the week number based on the
- Julian calendar.
-
- - WebDAV: the new environment variable WEBDAV_SOURCE_PORT_CLIENTS
- enables retrieval of the document source for dedicated WebDAV
- clients (see ENVIRONMENT.txt for usage)
-
- - Collector #272: Optimizations for RESPONSE.write
-
- - Collector #271: New environment variables are now used
- to send the access log into syslog. ZSYSLOG_ACCESS,
- ZSYSLOG_ACCESS_FACILITY, and SYSLOG_ACCESS_SERVER now
- do the same job as the old environment variables without
- _ACCESS in their name. Those old environment variables
- still do the same job of sending the event log to syslog.
-
- - When run as a daemon on Unix, Zope will now redirect
- stdin/stdout/stderr to /dev/null
-
- - Nicer formatting for the increasingly tall permissions
- table.
-
- - TextIndex: Enhanced splitter functionality now allows the
- TextIndex to index numbers, single characters. It is also
- possible to enable case-sensitive indexing. The new
- configuration options are available through the addForm
- of the Vocabulary object.
-
- - ICP server support. For more information see
- http://www.zope.org/Members/htrd/icp/intro
-
- - STXNG: added new env. variable STX_DEFAULT_LEVEL to change
- the default level for <Hx> elements (see doc/ENVIRONMENT.txt)
-
- - Collector #304: several catalog optimisations
-
- - New implementation of ZODB object cache. The new
- implemenation is more likely to keep the size of the object
- cache close to the target size. This change means that memory
- consumption may be reduced. Some users will need to increase
- the default cache size, because a too small setting is more
- likely to hurt performance than it did in the past.
-
- Third-party C extensions that use the persistence API must be
- recompiled, and may need to be updated to work correctly with
- the new cache; see PER_GHOSTIFY().
-
- - The ZODB Connection is now resposible for registering changed
- objects with the current transaction.
-
- - Implementation of RestrictedCreation fishbowl proposal;
- Product registration can now include a function used to
- determine whether that product constructor want to allow
- objects to be created in the specified container object.
-
- - Collector 196: manage_page_style.css is now cacheable.
- Added freshness information to ImageFile, to improve
- cacheability of management interface
-
- - Collector 358: added a new parameter no_push_item to
- dtml-in, to inhibit automatically pushing sequence-item
- onto the namespace stack.
-
- - STXNG: Structured Text now supports images by default
- by using the HTMLWithImages class (has been disabled prior
- to Zope 2.6)
-
- - new option --force-http-connection-close for z2.py to prevent
- clients from maintaing pipelined connections to the Zope server
- (Collector #412)
-
- - Updated the Interface package to be compatible with Zope 3
- Interfaces. This included changing some interface APIs that
- may affect existing products.
-
- - Added a database activity monitoring graph to the control panel,
- making it easier to tune the ZODB cache size.
-
- Bugs Fixed
-
- - External methods didn't properly setup func_defaults and func_code
- when they were first loaded. This meant mapply couldn't properly map
- arguments on the first try.
-
- - Fixed bug #96: Narrower/Wider buttons now work on both CSS and non-CSS
- compliant browsers. This allows better control for browsers that have a
- hard time knowing what 100% means.
-
- - Fix for Collector #319: filtered_manage_options didn't
- correctly filter tabs based on permission.
-
- - Made repr of an HTTPRequest.record eval'able as a dict (Collector
- #89).
-
- - Fixed bug #144: Upload button on dtml, py scripts, images, files and
- pts now raises an error if the file is not specified rather than
- clearing the source.
-
- - Fixed bug #275: setPermissionDefault didn't actually set the
- right permission -> role mappings.
-
- - Fixed bug reported on maillist during EWOULDBLOCK when using FTP server
- (http:// lists.zope.org/pipermail/zope/2002-March/111521.html).
-
- - App/FindHomes.py now computes the "real" path for SOFTWARE_HOME and
- INSTANCE_HOME, resolving any symlinks in any element within paths
- passed in via the INSTANCE_HOME or SOFTWARE_HOME envvars. Paths that
- are computed by "dead reckoning" from os.getcwd and module paths are
- also "realpathed". So for instance, if you use '/home/chrism/Instance'
- as your INSTANCE_HOME, and '/home/chrism' is a symlink to
- '/other/home/chrism', your INSTANCE_HOME will be computed as
- '/other/home/chrism/Instance'. This is necessary to avoid
- weirdnesses while using "dead reckoning" from INSTANCE_HOME and
- SOFTWARE_HOME in other parts of the code. POSIX systems only.
-
- - Fixed PropertyManager/PropertySheets so that you can safely add a
- property named 'ids' without breaking your properties page.
-
- - Removed spurious 'self' from scarecrow interfaces; updated
- method-generation in Interface package to ignore self when
- source is a method (rather than a function).
-
- - Collector #32: Use difflib instead of ndiff
-
- - Fixed long standing bug in PythonScript where get_size returned
- the incorrect length. This broke editing using EMACS via FTP or
- WebDAV. Thanks to John Glavin at South River Technologies for
- help finding the bug.
-
- - Collector #207: fixed problem with inner links in STXNG
-
- - Collector #210: HTML() function of StructuredText produced wrong
- <h0> tags.
-
- - Collector #166: ObjectManger.all_meta_types() implemented only
- an incomplete filter based on interfaces.
-
- - FTP: Downloading files through FTP has been broken since 2.4.0
- because the downloaded file has been stored with a HTTP
- header at the beginning of the file. Fixed!
-
- - FTP: Spaces in usernames inside a FTP file listing are now
- replaced by underscores to avoid confusion with some FTP clients.
-
- - Collector #227: improved handling of unicode string in TextIndex.py
- with unmodified default encoding in site.py.
-
- - Collector #227: z2.py, TextIndex/dtml/manage_vocab.dtml modified
- to display unicode strings in the vocabulary properly (now using
- UTF-8 encoding for display purposes)
-
- - Collector #250: applied several patches for TextIndex for better
- unicode support for the GlobbingLexicon
-
- - Collector #254: return owner object from getOwner wrapped in its
- context
-
- - Collector #259: walkandscrub.py did not delete all .pyc and .pyo
- files during installation. Fixed.
-
- - Collector #231: BTrees ignoring errors from comparison function
-
- - Collector #278: DocumentWithImages could not handle URLs with
- underscores
-
- - Collector #279: changed exception handling for safegmtime() to
- provide a more intuitive traceback for operating systems with a
- limited gmtime() implementations
-
- - Collector #285: Zope changes its working directory
- to the var directory at startup
-
- - WebDAV: removing an non-existing property now returns a HTTP
- 200-OK response instead of 404 (now compliant with RFC 2518)
-
- - Fixed a bug in TM.py that would cause database adapters to hang
- on errors in the second phase of the two-phase commit.
-
- - Collector #291: ZCatalog not unindexing deleted properties
-
- - Collector #266: Retried requests losing track of http request
- headers, causing Connection:Close requests to stall
-
- - Collector #17: Fixed broken links in StandardCacheManagers help
-
- - Collector #1: UNIX security fixes: make starting Zope as 'root'
- secure, stop using 'nobody', warn of insecure umasks
-
- - Collector #303: Properties of type 'long' got truncated
-
- - Collector #325: adding a new TextIndex to an existing Catalog
- cleared the standard Vocabulary.
-
- - Collector #373: content_type property for Image objects
- are no longer deletable to prevent malfunction.
-
- - Collector #343: The ZCatalogs 'Indexes' view showed the
- wrong number of indexed objects for FieldIndexes.
-
- - FTP server: replaced 'System_Process' by 'Sysproc' to
- avoid breaking some FTP clients and the output format
- with overlong usernames.
-
- - Fixed a potential bug with cAccessControl's permission
- role deallocator which would try to decref things which
- may not have been set, due to a change in the initializer
- (which will bail out if it doesnt get called with a tuple
- argument)
-
- - Collector #185, 341: PCGIServer and FCGIServer logs corrected
- and now output extended information like HTTPServer does.
-
- - Propertysheets: Ids like 'values' and 'items' are
- now forbidden as they break WebDAV functionality. Existing
- Propertysheets are not affected
-
- - Collector #348: decapitate() now recognizes both \r\n and \n\n
- to be compliant with the HTTP RFC
-
- - Collector #386: workaround for hanging FTP connections
- with NcFTP
-
- - Collector #419: repaired off-by-1 errors and IndexErrors
- when slicing BTree-based data structures. For example,
- an_IIBTree.items()[0:0] had length 1 (should be empty) if
- the tree wsan't empty.
-
-
- Zope 2.5.1 beta 1
-
- Bugs Fixed
-
- - Fixed failed incref in cAccessControl that caused problems when
- ghosting occured.
-
-
- Zope 2.5.1
-
- New Features
-
- - Added the fsIndex feature. This adds a new BTree variant,
- fsBTree, a module fsIndex.py that uses it, and some changes
- to FileStorage.py to use fsIndex if it exists so that the
- oid-to-offset index (pindex) is a BTree rather than a straight
- dict.
-
- - ZODB changes necessary to support StandaloneZODB were merged
-
- - requestprofiler: added new --daysago option and added
- support for reading gzipped detailed logfiles
-
- - HTTP_TRACEBACK_STYLE environment variable controls the
- appearance of error tracebacks when not in debug
- mode. Recognized values are 'none' (no traceback), 'js'
- (§ that expands into traceback when clicked), and
- 'plain' (plain text). The default is to include the traceback
- in an HTML comment.
-
- Bugs Fixed
-
- - A fix for the issue addressed by Hotfix 2002-04-15 was
- incorporated into the core.
-
- - Fixed table regex parsing bug in ClassicStructuredText
- thanks to Albert Ting via Zope maillist.
-
- - Register CatalogPathAware as a ZClass base class in response
- to Collector #33.
-
- - Fix for Collector #319: filtered_manage_options didn't
- correctly filter tabs based on permission.
-
- - Fix for Collector # 275: setPermissionDefault was not being
- propagated to actual security settings.
-
- - Fixed bug where TTW code that called:
-
- del REQUEST.SESSION['key']
-
- Would fail with a slice error (due to the security machinery).
- Assigning __garded_delitem__ to __delitem__ solves this problem,
- and allows del to be called against a SESSION key value.
-
- - Fixed a bug that could cause spurious AttributeErrors and other
- strange failures when trying to work with methods acquired
- from within the context of a transient object obtained via
- REQUEST.SESSION.
-
- - A last modified attribute has been added to transient objects.
- The conflict resolution method of transient objects now uses the
- last_modified time when deciding which if any of the three states
- to return. Objects with a later last modified time are preferred.
- Thanks to Tres for finding a corner case that identified the
- problem with the "old" conflict resolution machinery and
- suggesting this fix.
-
- - Collector #236: recursive ownership changes could be
- short-circuited prematurely if a user already owned a
- subobject.
-
- - Page templates will now not expand if expand=0 is passed to them.
-
- - ZTUtils.Zope.Batch now has the same default orphan parameter
- as ZTUtils.Batch.Batch. Calculation of previous batches with
- non-zero orphans is fixed.
-
- - Python-based Scripts that need to be recompiled for efficiency
- now emit a single, much more explanatory log entry, per run.
- The recompile() utility function works properly now.
-
- - Caused sqltest implementation to match help system docs
- Expression tags now work. "multiple" attribute now works.
- type="nb" attr now works. (thanks to Christian Theune for
- the patch)
-
- - Fixed cAccessControl to incref __roles__ in imPermissionRole_of
-
- - Fixed long standing bug in PythonScript where get_size returned
- the incorrect length. This broke editing using EMACS via FTP or
- WebDAV. Thanks to John Glavin at South River Technologies for
- help finding the bug.
-
- - Collector #207: fixed problem with inner links in STXNG
+ You can make ZServer use the twisted interface with the
+ "use-wsgi on" keyword in the http-server section in zope.conf.
- - Collector #210: HTML() function of StructuredText produced wrong
- <h0> tags.
-
- - Collector #227: improved handling of unicode string in TextIndex.py
- with unmodified default encoding in site.py.
-
- - Collector #166: ObjectManger.all_meta_types() implemented only
- an incomplete filter based on interfaces.
-
- - FTP: Downloading files through FTP has been broken since 2.4.0
- because the downloaded file has been stored with a HTTP
- header at the beginning of the file. Fixed!
-
- - FTP: Spaces in usernames inside a FTP file listing are now
- replaced by underscores to avoid confusion with some FTP clients.
-
- - Added UnicodeSplitter to Windows build process
-
- - STXNG: underlined text at the end of line has not been recognized
- properly
-
- - Collector #250: applied several patches for TextIndex for better
- unicode support for the GlobbingLexicon
-
- - Fixed compatibility of the Interface package with newer versions
- of Python.
-
- - Collector #259: walkandscrub.py did not delete all .pyc and .pyo
- files during installation. Fixed.
-
- - Collector #254, make getOwner wrap the owner object in its context
-
- - DTML: unicode conversion inside DTML to other character sets
- has been broken (workaround added to z2.py)
-
- - Collector #278: DocumentWithImages could not handle URLs with
- underscores
-
- - WebDAV: removing an non-existing property now returns a HTTP
- 200-OK response instead of 404 (now compliant with RFC 2518)
-
- - Updated to zlib 1.1.4.
-
- - Fixed a bug in TM.py that would cause database adapters to hang
- on errors in the second phase of the two-phase commit.
-
- - Collector #17: Fixed broken links in StandardCacheManagers help
-
- - Collector #303: Properties of type 'long' got truncated
-
- - Collector #325: adding a new TextIndex to an existing Catalog
- cleared the standard Vocabulary.
-
- - Collector #343: The ZCatalogs 'Indexes' view showed the
- wrong number of indexed objects for FieldIndexes.
-
- - FTP server: replaced 'System_Process' by 'Sysproc' to
- avoid breaking some FTP clients and the output format
- with overlong usernames.
-
- - Propertysheets: Ids like 'values','keys' and 'values' are
- now forbidden as they break WebDAV functionality. Existing
- Propertysheets are not affected
-
- - FTP: some passive FTP connections were blocking. Fixed.
-
- - Fix potential segfault with cAccessControl's permission role
- deallocator when the permisson role is constructed with a non-tuple
- argument.
-
- - Collector #185, 341: PCGIServer and FCGIServer logs corrected
- and now output extended information like HTTPServer does.
-
- - Collector #167: superValues() now includes items with duplicate
- IDs
-
-
- Zope 2.5.1 beta 1
-
- Bugs Fixed
-
- - Fixed failed incref in cAccessControl that caused problems when
- ghosting occured.
-
-
- Zope 2.5.0
-
- Bugs Fixed
-
- - Btree module and UnicodeSplitter could potentially
- fail to incref Py_None on return
-
- - Setting proxy roles on DTMLMethods and Documents has been broken
-
- - Collector #99: items(), keys() and values() methods
- of IIBucket objects has been broken when called with
- min/max parameters.
-
- - WebDAV: The long outstanding read-only problem with WinWord
- and .html is finally solved. Zope sends now an additional ETag
- header for DTMLMethods and DTMLDocuments. Many thanks to
- Joachim Schmitz for this hint.
-
- - PathIndex: fixed minor bugs, enhanced testsuite
-
- - DTML-MIME tag: creates now a 'Mime-Version: 1.0' to make
- some fussy email programs happy
-
- - utilities/requestprofiler - fixed bugs in timed mode which could
- show nonsensical results.
-
- Features Added
-
- - TextIndex/Splitters: the constructor of all three splitters
- has now three new optional parameters:
-
- 'maxlen'=(1-256) - to specify the maximum length of
- splitted words
-
- 'singlechar'=(1|0) - allows single characters to be indexed
-
- 'indexnumbers'=(1|0)- allows numbers to be indexed
-
- The default values of all parameters reflect the standard
- behaviour.
-
- - Enhancements to utilites/requestprofiler.py:
-
- Added readstats and writestats features which allow for saves and
- reuse of profile stats between runs of the requestprofiler.
-
- Added urlfocus mode. Urlfocus mode presents a summary of
- activity within a period of time before and after the
- invocation of a particular URL as it was recorded in the big M
- log. This can be useful when trying to track down a problem
- which you believe is related to some series of URL invocations
- as opposed to a single URL invocation.
-
- - added doc/ENVIRONMENT.txt to document all used environment
- variables Zope is using
-
- - Provided a much more robust tool for recovering data from
- damaged FileStorage files:
-
- Allow recovery of data when:
-
- - either transaction or data records are damaged and when
-
- - multiple parts of a file are damaged
-
- The interface has changed to not modify in place.
-
- Other features:
-
- - Progress indicator
-
- - Verbose output
-
- - optional packing
-
- - index creation
-
- - The last entry in the breadcrumb path in the ZMI is now an
- underlined hyperlink.
-
- - Added a new script "utitilies/check_catalog.py" to perform
- some consistency checks on a ZCatalog instance
-
- - Added the following new products related to sessioning:
+ You can run Twisted by installing Twisted (2.1 recommended) and
+ replacing the http-server section with a server section in
+ zope.conf. It is not possible to run a Twisted server together with
+ a ZServer at the same time.
- - browser id manager
-
- - session data manager
-
- - transient object container
-
- - temporary folder
-
- - Zope will create default sessioning objects on startup
-
- - Zope will create an Examples folder on startup. This folder
- contains a collection of simple example applications.
-
- Bugs Fixed
-
- - STXNG: added '+' as allowed character inside URLs
-
- - enhanced the checks for 'Domains' field in the UserFolder
-
- - Webdav: fixed broken MOVE and COPY commands
-
- - Updated DTMLMethod validation support patch with version
- by Steve Alexander
-
- - <dtml-var "..." fmt="structured-text"> did not work
- properly under some acquisition related reaons.
-
- - pre-2.5 installation could not properly migrated to 2.5 because
- of changes in the Splitter API
-
- - ZODB conflict errors were logged at a severity that caused
- tracebacks to be logged to the stupid log file "out of the box".
- Because conflict errors happen under normal operations, and
- their appearance in the log frequently alarms folks, typical conflict
- error logging verbiage has been reduced, and traceback logging
- has been changed to happen only at BLATHER log level, which
- means that conflict tracebacks will only be logged if
- STUPID_LOG_SEVERITY is set to -100 or lower.
-
-
- Zope 2.5 Alpha 2
-
- Bugs Fixed
-
- - New accelerated security management bugfix in App/Manager.py,
- changing calling sequence to positional parameters.
-
- - STXNG: re-enabled inner now work also through DTML
- and not only when using STXNG standalone
-
- - STXNG: generated HTML is now more HTML4/XHTML compliant
- (quoted attributes, inner links)
-
-
- Zope 2.5 Alpha 1
-
- Features Added
-
- - re-enabled inner links for STXNG documents.
-
- - Zope installations upgraded from pre-2.4 installations
- did not show the WebDAV LockManager entry in the control panel.
-
- - "requestprofiler.py" script in utilities now does better analysis,
- including:
-
- "active" in detailed output is now slightly more meaningful.
- It is > 0 only if other requests started after it started
- but before it finished. The greater the active count, the
- more likely it is that something was going on at the time
- in which the request ran that caused a slowdown.
-
- Multiple files may be analyzed at the same time.
-
- Also, script recognizes "U" opcode in big M logs as meaning a restart.
-
- - Added a "preview" field to the edit form for Image
- objects. This provides a preview of the actual image data on
- the form to make it easier to know what you are working
- on. The preview image is scaled if necessary to be useful
- without being obtrusive.
-
- - Added the ability to edit File object content in a
- textarea. If the content of a File is a text type and the size
- is less than 64K (the max size for text area data in some Web
- browsers), then you can edit the content as you would a DTML
- or other text-based object.
-
- - New user management API for user folder objects was implemented.
-
- As of Zope 2.5, manage_addUser, manage_editUser and manage_delUsers
- form the official API for user management. The old grotesque way of
- using manage_users is now deprecated.
-
- The default implementation of these API methods simply call the
- _doXXX versions of the methods that user folder authors have already
- implemented, which means that these APIs will work for current user
- folder implementations without any action on the part of the author.
-
- User folder authors that implement the new manage_XXX API can get
- rid of the old _doXXX versions of the methods, which are no longer
- required (we only use them if the new api is not directly implemented).
-
- API documentation for the User Folder API was also added to
- the help system.
-
- - Python compiler in RestrictedPython brought in sync with
- main distribution. Made to be compatible with Python 2.2.
-
- - Added links in the "debugging information" control panel
- for viewing the contents of the ZODB cache.
-
- - Added user password encryption capability, fulfilling the
- needs described in the proposal at:
- http://dev.zope.org/Wikis/DevSite/Proposals/EncryptedUserfolderPasswords
- There is now a "properties" tab in user folders where you
- can select whether passwords are stored encrypted.
-
- - Locale support in STXNG has been broken (since 2.4.0)
-
- - Added SOFTWARE_HOME, INSTANCE_HOME, and CLIENT_HOME to the
- control panel to make it easer to tell what configuration of
- Zope is running.
-
- - Re-applied Medusa patch to allow proxy-like HTTP requests
- (GET http://hostname:port/ HTTP/1.0)
-
- - Objects indexed by the PathIndex can now provide a hook or an
- attribute with the same name as the index name to provide
- a customized path information other than using getPhysicalPath().
-
- - Selecting "Clear Catalog" from the ZCatalog "Advanced" did not clear
- the vocabulary associated with a TextIndex.
-
- - Added updated and enhanced testsuite for STXNG.
-
- - added getEntryForObject() for PathIndexes. Reworked PathIndex's
- internal inverse index.
-
- - API help topics can now document functions as well as classes.
-
- - Security accelerations in c
-
- - Accelerated C Document Template handling; Document Templates
- can now do additional rendering in C, improving performance.
-
- - Unicode support for ZCatalog:
-
- - added new UnicodeSplitter
-
- - ZCatalog now allows unicode strings as attributes
- of objects to be indexed using a TextIndex
- (see lib/python/ZCatalog/README.txt)
-
-
- Bugs fixed
-
- - WebDAV: Zope escaped nested object properties derived from
- internal dav__* functions in PropertySheets.py although they
- are considered to be safe and do not need any escaping. This
- caused Zope to be completely incomplete with Windows XP. Fixed !
-
- - WebDAV: '(' and ')' are now allowed in Ids for Zope objects.
- This is needed when one tries to duplicate files using cut&paste
- through Microsoft webfolders.
-
- - Collector #2532: ZCatalog.availableSplitters is now protected
- by security mechanism.
-
- - Collector #2412: a read-only FileStorage has not been closed
- properly.
-
- - Collector #2390: Objects of type 'Help Image' were not properly
- re-registered inside registerHelp().
-
- - Fixed broken FTP download for larger files.
-
- - Collector # 2396: StructuredText did not allow URLs containing "%"
-
- - Collector # 2397: StructuredText could not handle underlined text
- properly. Also <dtml-var stxdoc fmt="structured-text"> will no longer
- produce <html>..<body> and </body>..</html>
-
- - Collector #2438: Using a slice operation like [30:] on a
- ZCatalog search result caused a MemoryError because
- the __getslice__ implementation used range() instead
- of xrange().
-
- - Collector #2423: Searching a FieldIndexes for documents
- with a blank string has been broken.
-
- - WebDAV Lockmanager was not working due to a Python 2.1
- incompatibility.
-
- - Collector #2482: A COPY operation through WebDAV on a locked
- resource left the destination resource in a locked state
- so any WebDAV client was unable to unlock the destination
- object. Locks are now cleared from the destination object.
-
- - Error message AttributeError/_v_blocks when a DTMLfile is
- not present or could not be read replaced by a more
- informative message.
-
- - Collector #2497: SERVER_PROTOCOL variable is now compliant
- with the CGI specification and looks like "HTTP/1.1" instead
- of "1.1"
-
- - Creation of a TextIndex ignored the vocabulary setting.
-
- - Fixed broken aquisition of vocabularies from a Catalog
- by a TextIndex.
-
- - Collector #2504: level parameter has not been passed to HTMLClass
- constructor
-
- - default for 'orphan' attribute of <dtml-in> is now 0 instead 3.
-
- - Fixed conflict resolution problem in BTrees (BTreeTemplace/
- _p_resolveConflict)
-
- - Fixed many subtle bugs in the BTrees, including some that
- could silently corrupt the BTree and render some data
- inaccessible.
-
- - Collector #2524: Medusa sent "HTTP/None..." as response header when
- then HTTP version could not be determined from the HTTP request.
- Now sending "HTTP/1.0..."
-
- - queries for the PathIndex can now specified as tuple (path,level).
- the level parameter inside a query overrides the optional
- 'level' parameter for a complete search request.
-
- - Collector #2561: XXBucket.values() returned keys instead of values
-
- - Fixed the API docs for user objects.
-
- - Fixed bad interaction between ZCatalog and dtml-in (submitted by
- Steve Alexander)
-
- - Multiple links in a paragraph with mixed link notation
- (quotation+colon+URL or quotation+comma+whitespace+URL) did not
- work properly (thanks to Alastair Burt for reporting and submitting
- the patch).
-
- - Fixed case where DTMLMethod.py complained when it tried to remove
- the accelerated DTML security validation routine after recursive
- entry.
-
- Zope 2.4
-
- Bugs fixed
-
- - Some of the import shenanigans in ZService.py were still
- trying to load Python 1.5 versions of support dlls for running
- as a service under win32 (meaning you effectively couldn't).
-
- - Collector #2335: older products like GadflyDA that did not
- use registerClass() were registered but their visibility
- flag has not been set to Global. So these products did not
- appear in the ZMF.
-
-
- Zope 2.4 beta 1
-
- Features Added
-
- - Added a new lesson to the Zope tutorial which shows how to
- insert data into a relational database.
-
- - Made the meta-type in the upper-left corner of ZClass instances'
- management interface into a link to the ZClass definition.
-
- - Collector #2316: introduced new environment variable ZSYSLOG_FACILITY
- to override the default syslog facility 'user'
-
- Bugs fixed
-
- - Updated the Zope tutorial a bit. Now it references the Zope
- Book and the online help's DTML reference. Replaced ZopeTime
- examples with DateTime in lesson 9.
-
- - The manage_afterClone hook was called too early for copied objects,
- before the cloned object was reattached to its context. This
- caused problems with CatalogAware objects reindexing themselves
- on copy.
-
- - Fixed a situation that could slow down lazy processing of sorted
- search results.
-
- - Product import ordering has been changed. Now, the total set of
- all Products are initialized in ascending alphabetical order by
- product name, regardless of whether an INSTANCE_HOME exists.
- If two products with the same name exist in both SOFTWARE_HOME
- and INSTANCE_HOME, the order in which they appear in
- Application.Products.__path__ determines whether they
- are loaded first or second.
-
- - Collector #2318: html_quote function re-aliased into
- DT_Util so as not to break existing user code.
-
- - Corrections to the code that adds interface information to the
- meta type registry.
-
- - Collector #2274: fixed typo in Transaction.py. Made Connection.py
- a bit more noisy in case of failure
-
- - Collector #2273: fixed bug in STXNG (unable to handle :img:
- commands with absolute URLs)
-
- - Collector #2272: fixed problem in Transaction.py (Objects
- with id==None could not print themselves)
-
- - fixed Python module import problems causing XML export/import
- too be completely broken
-
- - Collector #2270: fixed import problem when $INSTANCE_HOME
- was set
-
- - Collector #2269: default script for PythonScript is no longer
- compiled during installation
-
- - Updated to zlib 1.1.3.
-
- - fixed parenthesis handling for TextIndex queries
-
- - Collector #2283: PersistentMapping class keys() method now returns
- a *copy* of the cached keys list instead of the cached list of
- keys itself. This prevents mutation of the list.
-
- - DateTime constructor now accepts ISO 8601 compliant dates
-
- - Collector #2254: added hook for webdav/ftp MKCOL
-
- - Collector #2247: put values of properties into CDATA section to
- prevent non XML compliant documents to be sent to a webdav client.
-
- - Collector #2287: fixed missing import of 'render_blocks' in
- SendMailTag.py
-
- - Collector #2289: leading \n\r inside messageText broke
- mail headers
-
- - Collector #2290: better handling of subject header in Mailhost.py
-
- - Collector #2291: fixed cookie path in Zope Version Control
-
- - Collector #2286: Could not create ZClasses. coptimizations.c
- had been corrected erroneously. Fixed.
-
- - It was discovered that the implicit names of certain DTMLMethods
- were ambiguous, making security assertions for them unpredictable.
- Code was added to detect the condition and correct it in the
- Zope core. The affected DTML methods did not pose a security risk.
- Instead, most were overprotective.
-
- - "print" with a trailing comma (to avoid a newline) caused
- spurious errors in Python Scripts. It turned out the compiler
- module was in error. Fixed.
-
- - Collector #2306: Fixed broken glossary of Zope Tutorial
+ <server>
+ address 8080
+ type Zope2-HTTP
+ </server>
- - Collector #2305: A comma inside an optional parameter of the
- parameter string broke the ZScriptHTML_tryParams function of
- PythonScripts.
+ WSGI: http://www.python.org/dev/peps/pep-0333/
+ Twisted: http://twistedmatrix.com/
- - Restored performance of security checks in DTML and
- Scripts (Python) by replacing read guards with function calls to
- guarded_getattr() and guarded_getitem() of ZopeGuards.
+ - The traversal has been refactored to take heed of Zope3s
+ IPublishTraverse adapter interfaces. The ZCML directives
+ five:traversable and five:defaultViewable are therefore no
+ longer needed, as everything now is five:traversable and
+ five:defaultViewable.
- - Restricted the target of PythonScript print statements.
+ There was a bug in earlier versions of Five that allowed you
+ to do custom publishing traversal with ITraversable adapters.
+ This bug has been corrected. Anybody using ITraversable
+ adapters need to convert them to IPublishTraversal adapters.
- - Python 2.1 reopened the old "AttributeError: __call__" bug.
- Checked in a fix that should finally solve it correctly.
+ - Testing.makerequest: Added an 'environ' argument so
+ clients can use mappings other than os.environ.
- Zope 2.4 alpha 1
+ - Updated to Docutils 0.4.0
- Features Added
+ - reStructuredText: The default value for the 'stylesheet'
+ property has been changed from 'default.css' to None because
+ there is no 'default.css' file by default.
- - Zope now requires Python 2.1. See the Zope 2.4 migration
- document for details:
+ - ZReST: rewritten render() method to integrate it smoothly
+ with Docutils 0.4.0. The default value for the 'stylesheet'
+ property has been changed from 'default.css' to None because
+ there is no 'default.css' file by default.
- http://www.zope.org/Products/Zope/2.4.0/Zope24MigrationGuide.html
+ - Added a "clock server" servertype which allows users to
+ configure methods that should be called periodically as if
+ they were being called by a remote user agent on one of Zope's
+ HTTP ports. This is meant to replace wget+cron for some class
+ of periodic callables.
- - The 'Authenticated' role has been added as one of Zope's
- standard roles. A user's possession of this role indicates
- that he or she has been authenticated by the Zope security
- machinery. It is an implicit role, and cannot be provided to
- users within the user management screens or the local roles
- management screens. It is provided to all authenticated users.
- Another way to think of the 'Authenticated' role is that
- it is possessed by all users *except* the Anonymous User.
+ To use, create a "clock-server" directive section anywhere
+ in your zope.conf file, like so:
- - A module 'requestprofiler.py' is now part of the utilities
- directory. When run from the command line, this utility
- allows you to generate profiling information from Zope's
- detailed request log (the "-M" log).
+ <clock-server>
+ method /do_stuff
+ period 60
+ user admin
+ password 123
+ host localhost
+ </clock-server>
- - Restricted code can import AccessControl.getSecurityManager,
- and use 'validate', 'validateValue', 'checkPermission',
- 'getUser', and 'calledByExecutable'.
+ Any number of clock-server sections may be defined within a
+ single zope.conf. Note that you must specify a
+ username/password combination with the appropriate level of
+ access to call the method you've defined. You can omit the
+ username and password if the method is anonymously callable.
+ Obviously the password is stored in the clear in the config
+ file, so you need to protect the config file with filesystem
+ security if the Zope account is privileged and those who have
+ filesystem access should not see the password.
- - Zope's WebDAV support now includes exclusive write locking.
+ Descriptions of the values within the clock-server section
+ follow::
- - Data.fs.in index_html now shows zope_quick_start instead
- of old, inaccurate content.
+ method -- the traversal path (from the Zope root) to an
+ executable Zope method (Python Script, external method,
+ product method, etc). The method must take no arguments or
+ must obtain its arguments from a query string.
- - Changed index_html, standard_html_header, standard_html_footer,
- and standard_error_message in Data.fs.in to use "new" DTML syntax
- (as opposed to SSI-style syntax).
+ period -- the number of seconds between each clock "tick" (and
+ thus each call to the above "method"). The lowest number
+ providable here is typically 30 (this is the asyncore mainloop
+ "timeout" value).
- - Added check for 'FORCE_PRODUCT_LOAD' environ var to bits which
- try to detect whether we're a ZEO client or not in order not to
- skip product-loading tasks. This has the consequence that a ZEO
- client with the "ZEO_CLIENT" env var set will cause product
- loading tasks to occur iff his "FORCE_PRODUCT_LOAD" environment
- var is set as well.
+ user -- a zope username.
- - Further optimizations in the lexicon of the Catalog as well
- as the final merge code integration for Text indexes. This
- should reduce the bloat when things are reindexed.
+ password -- the password for the zope username provided above.
- - StructuredText: old StructuredText replaces by StructuredTextNG.
- Added support for locale settings. Several bugfixes and code
- cleanup.
+ host -- the hostname passed in via the "Host:" header in the
+ faux request. Could be useful if you have virtual host rules
+ set up inside Zope itself.
- - Image and File objects now support the HTTP Range and If-Range
- headers, enabeling partial downloads of such objects. This can be
- used by clients to restart a broken download. Downloads of these
- objects through FTP can also be restarted.
+ To make sure the clock is working, examine your Z2.log file. It
+ should show requests incoming via a "Zope Clock Server"
+ useragent.
- - Update of Medusa tree to latest version
+ - Added a 'conflict-error-log-level' directive to zope.conf, to set
+ the level at which conflict errors (which are normally retried
+ automatically) are logged. The default is 'info'.
- - If an INSTANCE_HOME is defined and has a 'lib/python'
- subdirectory, it will be added to the front of the Python path.
+ - The SiteErrorLog now copies exceptions to the event log by default.
- - DTML-In and DTML-Tree now have optional "prefix" attributes
- that can be used to make friendlier tag variable names.
+ - ObjectManager now has an hasObject method to test presence. This
+ brings it in line with BTreeFolder.
- - Added product reloading capability, formerly provided by
- the "Refresh" product. This enables developers to see the
- effect of changes to their products without restarting Zope.
+ - Improved logging of ConflictErrors. All conflict errors are
+ logged at INFO, with counts of how many occurred and how many
+ were resolved. Tracebacks for all conflicts are logged a DEBUG
+ level, although these won't help anyone much. If a conflict
+ error is unresolved, it will now bubble up to error_log and
+ standard_error_message.
- - Added new 'sequence' module for underscore namespace to provide
- extended sorting functionality for sequence (implements
- ExtendedDTMLSorting proposal)
+ - Use new-style security declarations everywhere possible. This
+ means remove the use of __ac_permissions__, foo__roles__ and
+ default__class_init__. A few corner cases can't be converted
+ because of circular imports.
- - Fixed a long-standing bug in FileStorage that made it so
- versions were only partially committed.
+ - Fixed unclear security declarations. Warn when an attempt is
+ made to have a security declaration on a nonexistent method.
- - Rewrote the complete indexing infrastructure according
- to the DropinIndex proposal
- (see lib/python/Products/PlugginIndexes/README.txt for
- detailed informations).
+ - updated to ZPL 2.1
- - Adopted ZCatalog to new indexing infrastructure.
-
- - added text() method to HTTPRequest object to provide a plain
- text representation of the request (Collector #2264)
-
- Bugs Fixed
+ - interfaces: Added 'Interfaces' tab to basic core objects.
+ This is a Five feature and only available if the classes are made
+ five:traversable. It allows to inspect interfaces and to assign
+ marker interfaces through the ZMI.
- - TextIndexes which called methods expecting an argument failed
- with a TypeError. This was fixed by extending an exception
- handler.
+ - webdav: Added support for the z3 WriteLock interface.
+ It is no longer necessary to have the WriteLockInterface in the
+ __implements__ list of lockable objects. All classes inheriting from
+ LockableItem inherit also the IWriteLock interface. Note that this
+ enables webdav locking for all subclasses by default even if they
+ don't specify the WriteLockInterface explicitly.
- - A security issue having to do with setting permission mappings
- on ZClass methods was fixed (this supersedes Hotfix-2001-05-01)
+ - App ProductContext: Made registerClass aware of z3 interfaces.
+ Z2 and z3 interfaces are registered side by side in the same tuple in
+ Products.meta_types. IFAwareObjectManagers like the ZCatalog work now
+ with z3 interfaces as well.
- - Automatic reloading of Help topics while running in debug mode
- was fixed.
+ - Zope now sends Zope 3 events when objects are added or removed
+ from standard containers. manage_afterAdd, manage_beforeDelete
+ and manage_afterClone are now deprecated. See
+ lib/python/Products/Five/tests/event.txt for details.
- - Fixed problem adding propertynames with spaces (Collector #2206)
+ - Zope now utilizes ZODB 3.6. It had previously used
+ ZODB 3.4. As a result, the DBTab package was removed, as
+ ZODB 3.6 has multidatabase support that makes DBTab
+ unnecessary.
- - Plugged a memory leak in extensions. There are often circular
- references in code generated by Python's "exec" statement but
- with a small change extensions now break those references.
+ - Added a 'product-config' section type to zope.conf, allowing
+ arbitrary key-value mappings. Products can look for such
+ confgiurations to set product-specific options. Products mwy
+ also register their own section types, extending the
+ 'zope.product.base' type. (see the example '<product-config>'
+ section in skel/etc/zope.conf.in for sample usage).
- - Hardened ZMI contents view against subobjects w/ flaky
- 'get_size' (Collector #1900).
+ - Collector #1490: Added a new zope.conf option to control the
+ character set used to encode unicode data that reaches
+ ZPublisher without any specified encoding.
- - Fixed OFS.CopySupport's _verifyObjectPaste to utilize the
- permission stored in the metatype registry, if available
- (Collector #1975)
+ - AccessControl, Acquisition, App, OFS, webdav, PluginIndexes,
+ ZCatalog and ZCTextIndex: Added some Zope 3 style interfaces.
+ This makes the bridged interfaces shipped with Five obsolete.
- - Fixed a long-standing bug in FileStorage that made it so
- versions were only partially committed.
+ - ZConfig extension, address now also accepts symbolic port names
+ from etc/services (unix) or etc\services (win32)
- Zope 2.3.2
+ - ZPublisher.HTTPRequest.FileUpload now supports full file
+ object interface. This means Iterator support was added. (for
+ line in fileobject: ..., as well as fileobject.next() and
+ fileobject.xreadlines() ) Collector #1837
- Bugs accidentally fixed :)
+ - Switched the bundled Zope 3 to release 3.2 and upgraded the
+ Five product to version 1.3 (see Products/Five/CHANGES.txt).
- - Fixed missing html_quote attribute inside some DTML methods
- (Collector #2170)
+ - The PageTemplate implementation now uses Zope 3 message
+ catalogs by default for translation. Old-style translation
+ services such as Localizer or PlacelessTranslationService are
+ still supported as fall-backs. See Products/Five/doc/i18n.txt
+ for more information.
- - Fixed logging output to the compatible with the Common Logfile
- Format specs (Collector #2188)
+ - Switched to the new improved test runner from Zope 3. Run
+ test.py with -h to find out more.
- Zope 2.3.2 beta 2
+ - lib/python/docutils is now a reference to docutils package
+ from the Zope 3 source tree (to get rid of redundant packages)
- Bugs fixed
+ Bugs Fixed
- - Fixed Catalog "object does not support item deletion" bug.
+ - Collector #1447: When editing content on a virtual-hosted zope,
+ AcceleratedHTTPCacheManager now purges the correct URL.
- Zope 2.3.2 beta 1
+ - When you add roles in manage_access, roles are now stripped of
+ any leading or trailing spaces.
- Bugs Fixed
+ - Collector #2062: Fix manage_historyCopy, which was broken, and write
+ tests for it.
- - Catalog field index bug fixed.
+ - Collector #2061: Fix problems where windows line endings are passed
+ to restricted code compilers.
- - Fixed several places where filesystem paths were assembled
- in a non-portable way.
+ - Collector #2051: Applied patch by Yoshinori Okuji to fix some
+ XML export/import problems, including tests for that feature.
- - Fixed some places in SimpleItem that assumed that the object
- was an Acquirer.
+ - Collector #2037: fixed broken ACTUAL_URL for '/'
- - Fixed layout problem in StandardCacheManagers/dtml/propsRCM.dtml
- (Collector #2152)
+ - Missing import of NotFound in webdav.Resource
- - Fix bug in AcceleratedHTTPCacheManager. Sended HTTP headers
- were depending on locale settings (Collector #2142)
-
- - GoLIVE is unable to handle some empty properties send from
- the Zope's WebDAV server. (getlastmodified is no more send
- when they are not available for an object)
- (Collector #2150)
+ - Collector #1819: fixed method signature of
+ MountedObject.SimpleTrailblazer._construct()
- - added globbing support for the FTP server
-
- - added support for fetching recursive listings from the FTP server
- (needed by ncftp)
+ - Collector #2019: removed validateValue() from cAccessControl (already
+ removed in former Zope versions from the AccessControl Python
+ implementation)
- - fixed handling of broken objects in the WebDAV server
-
- - An ambiguous timezone alias (CDT) was removed from DateTime.
+ - Collector #1991: ZPublisher did not deal properly with a trailing
+ %20 in the URL
- - It was not possible to pass 'class=...' to the tag() method
- of Image objects because 'class' is a Python reserved word.
- Image.tag() now accepts an optional 'css_class' argument
- that is turned into a 'class' attribute on the resulting tag
- to work around this.
+ - zope.app.introspector was not included with the source archive
- - Fixed various places where the right tabs were not highlighted
- after form submissions.
+ - Collector #2013: improved XHTML conformance of error messages,
+ some of which did not close '<p>' tags.
- - The code that produces the data for the security settings
- form included a misleading default ('Manager') that could
- make it looks as though Manager had a permission in a
- subobject when that permission had actually been denied
- in a higher level object. This only affected the form
- generated, not the actual security settings in effect.
+ - Collector #2002: fixed broken 'ls -R' functionality (didn't
+ recurse properly subclasses of OFS.Folder)
- - The textarea resizing buttons for DTML objects and scripts
- were not preserving work done in the text area during the
- resize.
+ - Collector #1992: unified the visible hostnames of the FTP and
+ HTTP servers
- - Some changes were made to the implemenation of User.allowed(),
- which will make it less expensive to do local role matching
- and also resolves an issue noted in the
- UserProgrammableSecurityObjects proposal on dev.zope.org.
+ - Collector #1999: fixed broken FTP rename functionality
+ (RNFR now returns 350 as status code instead 250)
- - A problem in the bytecode munging done by Python scripts
- that could cause a core dump was fixed.
+ - HTTPResponse: for XML content the encoding specified within
+ the XML preamble is adjusted to the real encoding of the content
+ as specified through the 'charset' within the content-type
+ property.
- Zope 2.3.1
+ - Collector #1939: When running as a service, Zope could
+ potentially collect too much log output filling the NT Event
+ Log. When that happened, a 'print' during exception handling
+ would cause an IOError in the restart code causing the service
+ not to restart automatically.
- Bugs Fixed
+ Problem is that a service/pythonw.exe process *always* has an
+ invalid sys.stdout. But due to the magic of buffering, small
+ "print" statements would not fail - but once the file actually
+ got written to, the error happened. Never a problem when
+ debugging, as the process has a console, and hence a valid
+ stdout.
- - Fixed catalog length error bug.
+ - For content-type HTTP headers starting with 'text/' or 'application/'
+ the 'charset' field is automatically if not specified by the
+ application. The 'charset' is determined by the content-type header
+ specified by the application (if available) or from the
+ zpublisher_default_encoding value as configured in etc/zope.conf
- - Fixed textindex search queries with parenthesis (which haven't
- worked since at least 2.2.4).
+ - Collector #1976: FTP STOR command would load the file being
+ uploaded in memory. Changed to use a TemporaryFile.
- - Added logic to use the value of 'textindex_operator' as
- passed in the request to determine which query operator to
- use (and, near, andnot, or). Valid values to pass in to
- textindex_operator are 'and', 'or', 'near', and 'andnot'
- (capitalization is ignored). This is a near-term workaround
- for the inability to specify a default text index query
- operator on a per-index basis. It provides the ability to
- override the currently module-defined default 'Or' operator
- for textindexes on a per-search basis.
+ - OFS ObjectManager: Fixed list_imports() to tolerate missing
+ import directories.
- An example of the utility of textindex_operator used with a
- ZCatalog instance:
+ - Collector #1621, 1894: Removed support for use of long-deprecated
+ 'whrandom' module.
- zcatalog.searchResults(atextindex='foo', textindex_operator='and')
+ - OFS PropertySheets / webdav: Fixed dav__resourcetype.
+ __dav_collection__ with a false value was overridden by
+ isAnObjectManager.
- - The import machinery did not correctly find import files located
- in SOFTWARE_HOME/import if SOFTWARE_HOME / INSTANCE_HOME setups
- were in use.
+ - added missing Zope 3 imports: zope.app.intid, zope.app.keyreference,
+ zope.app.session, zope.contentprovider, zope.viewlet
- - The default view for "broken" objects was broken :)
+ Other
- - The FTP server now provides for more informative error handling
- through a setMessage() method on the ftp response object (thanks
- to Richard Jones).
+ - AccessControl.User: Use a better __repr__.
- - The title of HTML help files is now parsed out and used by the
- help engine (thanks to Richard Jones).
+ - ZSQLMethod.manage_main: Moved the error message that warns of a
+ non-existing or closed database connection next to the Connection ID
+ dropdown and present it using red to increase its visibility.
- - Objects wrapped with Explicit acquisition wrappers were not
- correctly handling the __nonzero__ protocol (as well as other
- numeric protocols).
-
- - A bug in the sendmail tag that could cause "len of unsized object"
- errors has been fixed.
-
- - Some bits of DateTime parsing were not raising the same errors
- claimed in the documentation.
-
- - Handling of HTTP "Destination" headers for WebDAV MOVE and COPY
- was not tolerant of complete URLs (including scheme, server, etc.)
-
- - Keyword indexes generated spurious error logs when objects
- without keywords were added.
-
- - Fixed a memory error in the new BTree buckets that surfaced
- during testing on ia64.
-
- - Fixed a multi-arg append() call in the ClassicDocumentClass
- in StructuredText.
-
- Zope 2.3.1 beta 3
-
- Bugs Fixed
-
- - ImageFile objects were not using os.path.join to build
- the local path to an image file, which caused oddities
- on win32.
-
- - Some missing casts in Splitter.c prevented the splitter
- from properly working with some international characters.
-
- - Fixed documentation of dtml-var tag. Improved discussion of
- entity syntax and fmt and url attributes.
-
- - Fixed manage_convertBTrees method of ZCatalogs (this method was
- failing due to a missed copying of the length value, preventing
- Catalogs from showing their "old" items once converted).
-
- - Changed the presentation of last-modified dates in ZMI listings
- to an ISO format that is a bit shorter and a better common format.
-
- - Added a patch to load_site.py to handle entity references.
-
- - Added a patch to load_site.py to use the new dtml syntax when
- adding header and footer lines.
-
- - Handling of the __nonzero__ protocol by Acquisition wrappers
- was fixed.
-
- Zope 2.3.1 beta 2
-
- Bugs Fixed
-
- - Fixed formatting bugs in the DTML reference. Also added a
- note to the dtml-tree tag reference page explaining the
- leaves attribute better.
-
- - Fixed broken Image and File downloads when using an Apache server
- set up to cache such data. In certain circumstances a
- content-length of 0 would be sent, which made Internet Explorer
- not read any more than that, resulting in broken images and
- downloads.
-
- - Fixed a doc string display bug in API help topics. Also
- slightly improved the display of help topics which include
- more than one class.
-
- - Fixed inaccuracies in 'dtml-in' DTML reference help
- topic. (Collector #1972)
-
- - Merged a bug fix that was missed in the logging call when
- an object that is not in a Text Index tries to unindex itself.
-
- - Removed a duplicate list item from the copyright screen.
-
- - Fixed a bug in the docstring of DemoStorage.py
-
- - Added ZPL to ZPublisher/BeforeTraverse.py
-
- - The tabs behaved oddly in the "database management" part of
- the control panel.
-
- - The icon for Python script objects has been updated. Thanks
- to Chris Withers for sending it in.
-
- - Added an entry to doc/FAQ.txt about the "checksum error" that
- some vendor-supplied tar implementations (Solaris) produce due
- to long pathnames in an archive produced by GNU tar.
-
- - Using the 'scale' argument to the 'tag' method of an Image object
- could produce invalid height and width values in the resulting
- HTML tag (floating point values).
-
- - The tab corner .gifs for inactive tabs were not transparent in
- places where they should have been.
-
- - Corrected mistakes in the logic that retries the request when
- a ConflictError occurs. The behavior was a little erratic.
-
- - The problems ('attribute error: commit_sub') that some people
- were having with certain kinds of objects (like database
- connections) not playing correctly with subtransactions have
- been fixed.
-
- - Applied changes from Hotfix_2001-02-23. Some ZClass methods
- weren't protected properly and the ObjectManager,
- PropertyManager, and PropertySheets classes were returning
- mutable objects that could be exploited by restricted code.
-
- - A malformed html option tag made the add list broken for
- Mozilla.
-
- - The permission declaration for 'manage_main' on ZSQLMethod
- objects was missing, making editing effectively only available
- to the Manager role (the Change Database Methods permission had
- no effect).
-
- - A missing '/' at the end of the contents form action url caused
- some clients to behave strangely.
-
- - A long-standing problem with traversal of object names with spaces
- in them from WebDAV tools has been resolved. Part of the DAV
- machinery was in some cases double-url-quoting DAV:href values.
-
- - A long-languishing patch from Dieter Maurer to fix batching info
- in dtml-in has been applied.
-
- - z2.py failed to correctly pass an address:port specification for
- the ZSYSLOG_SERVER environment variable to the medusa syslog logger.
-
- - The value passed for the ZSYSLOG environment variable was not being
- used in the same way by logging machinery in ZServer and the Zope
- core. The file in doc/LOGGING.txt has been updated to reflect that
- the value passed for ZSYSLOG should be the path to the UNIX domain
- socket to log to (usually '/dev/log').
-
- - Using the strftime method of DateTime objects (often via the
- fmt attribute of a dtml tag) produced incorrect results for
- DateTime objects outside of the range of the native C strftime
- implementation. A change has been made so that an exception is
- raised in those situations rather than silently return the
- wrong answer.
-
- - Corrected the aq_inContextOf() method so it always follows
- containment wrappers.
-
- - The headers attribute of FileUpload objects did not have any
- security assertions, which meant that it could not be accessed
- from DTML as advertised.
-
- - A number of Collector patches to fix DateTime issues (mostly
- regarding timezone handling) were applied.
-
- - Key errors were returned from catalog searches due to bugs
- in unindexing objects.
-
- - Objects that should have been included in search results
- were excluded do to bugs in indexing objects.
-
- - The database grew too fast when objects were routinely
- indexed one at a time by the catalog. This was due to
- inefficiencies in the underlying BTree implementation that
- caused too many objects to be changed when indexing
- incrementally. In addition, the set implementation, used for
- keeping track of documents in field indexes, when the number
- of documents per key was large, caused large database updates
- when a document was added or removed, because the entire set
- was stored in a single database record.
-
- A new BTree and set implementation has been
- provided to address these problems.
-
- - The catalog is the most common source of conflict errors due
- to a number of "hot spots" in the implementation and due to
- the large number of objects that are typically updated when
- indexing. The hot spots have now been removed and the
- number of objects modified when indexing has been
- dramatically reduced. In addition, conflicts detected during
- transaction commit can now usually be resolved using new
- conflict-resolution protocols and conflict-resolution
- support added to the catalog. These changes will not avoid
- all conflicts, but will reduce conflicts significantly in
- many cases.
-
- Specific information on how to update existing Catalogs to take
- advantage of the data structures available can be found at:
-
- http://www.zope.org/Members/mcdonc/HowTos/UpgradeToNewCatalog
-
-
- Zope 2.3.1 beta 1
-
- Bugs Fixed
-
- - PUT on NullResource is now a public method that checks
- whether the user can create the type of object returned by
- a PUT_Factory.
-
- - dtml-in sorting using unhashable types (like lists) has been
- fixed.
-
- - A new environment variable "FORCE_PRODUCT_LOAD" when set on
- ZEO clients (clients which also define the "ZEO_CLIENT" env
- var) causes product loading to be "forced" by that ZEO
- client. Formerly, if all ZEO clients had the "ZEO_CLIENT"
- environment variable set, it was impossible to force
- a product load without undefining the "ZEO_CLIENT" env var
- on one of the ZEO clients. Now, if one of the ZEO clients has
- both the ZEO_CLIENT env var and the FORCE_PRODUCT_LOAD env
- var defined, that client will push products into the ZODB. It
- is advisable to only set FORCE_PRODUCT_LOAD on one ZEO client
- if it's set at all.
-
- - A typo in CopySupport caused the wrong http error to be
- raised in manage_renameObjects (500 Server Error instead
- of Bad Request).
-
- - A bit of PermissionMapping logic was calling manage_access
- with too many arguments, causing an error when trying to
- make changes on the Security tab of ZClasses.
-
- - The Catalog no longers throws an AttributeError if you
- pass it a 'sort_on' parameter that isn't useful. Instead,
- it throws a ValueError with an instructional string.
-
- - An error in the edit form for Permission objects made it
- impossible to edit Permission objects in Products through
- the Web.
-
- - The script source in Python scripts was not being html
- quoted on the Web edit form.
-
- - Fixed a bug in Mount.py that made it difficult to see the
- reason connections failed.
-
- - Fixed a bug which made it impossible to cut and paste ZCatalog
- instances.
-
- - Processes spawned from a Zope process could have a bad effect
- if one tried to kill the Zope process while a spawned process
- was still active. Because the spawned process had inherited
- the listening sockets of the servers across the fork(), it
- was not possible to restart the Zope instance until the spawned
- process had died and release the server sockets :(
-
- - Added a "tempfile.py" module to lib/python. This tempfile module
- is r1.27 from the Python CVS MAIN branch. It fixes two race
- condition bugs that could appear under heavy load. This module
- will be used by Zope instead of the tempfile.py that ships with
- the Python source or with a Zope binary distribution. It is
- probably unnecessary under Python 2.0+, but won't hurt.
-
- - Removed lib/python/App/manage.dtml, which wasn't removed when
- dtml files were moved to a separate directory.
-
- - Fixed two mistakes in the RAM cache cleanup code.
-
- - Added code to handle a failed BeforeTraverse hook gracefully.
-
- - Added help system docs for Script (Python) instance management
- screens.
-
- - Checked in Stephen Purcell's PyUnit 1.3, replacing PyUnit 1.2.
-
- - Hardened ZMI contents view against subobjects w/ flaky
- 'get_size' (Collector #1900).
-
- - Corrected a bug that could leave a cacheable object associated
- with the wrong cache manager after switching cache managers.
-
- - Changed the html title tag in the manage frameset to use BASE0
- instead of SERVER_NAME, providing more useful info for virtual
- hosted sites (patch from Chris Withers).
-
- - The highlighted active tab wasn't correct for some security
- views.
-
- - Changed undo error message wording in FileStorage, DemoStorage,
- and POSException. Confusing error reports that claim a
- transaction could not be undone because the transaction was
- "undoable" now claim that the transaction was "non-undoable".
-
- - Some conflict errors failed to properly quote object ids,
- making the ids unreadable and introducting binary text into
- output.
-
- - Changed Product init/list code to accept all of "VERSION.TXT",
- "VERSION.txt", and "version.txt" as the version.txt file for
- the Product. Additionally accept any of "README.txt",
- "README.TXT", or "readme.txt" as the readme filename.
-
- - When the root index_html was missing, an inappropriate error
- was displayed to a visitor when viewing an object that didn't
- have its own index_html. (Collector 1954, thanks to Chris
- Withers for the bugreport).
-
- - A bug prevented unchecking the "cache anonymous connections
- only" checkbox for Accelerated HTTP Cache Managers.
-
- - Some code that tried to workaround a DAV client bug dealing
- with ports in Host headers caused problems for virtual hosting
- setups. That code has been disabled until we decide that we
- care enough about the buggy client to work around it in a
- better way.
-
- - The isCurrent(Month|Day|Hour|Minute) methods of DateTime objects
- returned incorrect answers. Thanks to Casey Duncan for the patch.
-
- - The "help" links did not work if javascript was disabled in the
- client.
-
- - ZCatalog getobject now uses unrestrictedTraverse during
- getobject instead of restrictedTraverse. This emulates Zope
- 2.2 behavior.
-
- - A bug in the HelpTopic implementation for STX help topics caused
- them to be inaccessible unless Anonymous Users had the View
- permission.
-
- - Structured Text did not correctly recognize CRLFs generated by
- windows editors as paragraph dividers.
-
- - A bit of code that ran after an import where ZClass objects
- were added was removed. It was designed to fixup the ZClass
- registry after import to resolve ZClass dependencies that
- could get broken if a system were moved in separate imports.
- It turned out to be expensive under ZEO, and the benefit is
- not that compelling (if a failed dependency does get
- introduced, it will be spotted at the next startup).
-
- - The month name recorded in Z2.log was affected by the current
- locale setting, which caused problems for various logfile
- analysis tools.
-
- - Product object in the control panel had a useless View tab
- by an accident of inheritance.
-
- - Manual restarts and shutdowns weren't logged.
-
- - Unix: If processes were restarted too frequently, the daemon
- process incorrectly inferer a startup problem and shut
- itself down.
-
- - Unix: On restart, the watcher daemon restarted as well, causing
- the watchers process id to change.
-
- - The method for enabling modules for use with Python scripts was
- not documented and a bit harder than it needed to be. A helper
- function has been added in a Utility.py in the PythonScripts
- product to make this easier and the process is documented in
- the README.txt in the PythonScripts package.
-
- - Fixed OFS.CopySupport's _verifyObjectPaste to utilize the
- permission stored in the metatype registry, if available
- (Collector #1975).
-
- - In certain situations using restrictedTraverse failed with the
- wrong error if called on the application object with the name
- of a nonexistent object.
-
- - Subtransactions couldn't be used if some data managers
- didn't support subtransactions. This was especially painful
- when using RDBMS user authentication in combination with
- large image or file uploads or catalog rebuilding, which use
- subtransactions.
-
- Now allow subtransaction commit (but not abort) even when some
- participating data managers don't understand subtransactions.
-
- New Features
-
- - The API for cataloging objects changed slightly:
-
- o If the object being cataloged has a 'getPhysicalPath'
- method, as Zope objects typically (always) do, then it is
- no longer necessary to pass a unique ID to the catalog
- when catalling the 'catalog_object' method. It is
- recommended to not pass a unique id and let the catalog
- figure out the unique id on it's own.
-
- o If a unique id is passed to the catalog 'catalog_object'
- method, it **must** be a string.
-
- Zope 2.3.0
-
- Bugs Fixed
-
- - The authentication machinery now correctly returns a 400
- (Bad Request) if an invalid authentication token (bad
- base64 encoding) is sent by a client.
-
- - ZClasses with very minimal base classes could end up without
- a '_setId' method, which createInObjectManager expects.
-
- - Fixed a bug that caused the ExtensionClass __call_method__
- hook to fail when used with unbound C methods.
-
- - Fixed a bug in the management interface which caused
- the "Paste" button to not show up after a copy or cut
- operation on the first showing of manage_main.
-
- - Final lexicon optimizations that provide additional
- performance over previous releases. In addition, the number
- of objects that have to be updated is frequently reduced.
-
- - Merge code for Catalog Text indexes has been integrated.
- This will now merge the changes in, rather than replacing
- them. This should reduce the number of objects that has
- to be updated. In addition, when nothing has changed, the
- object's indexes won't be touched, saving enormous amounts
- of space for some applications.
-
- - Flow of the Catalog management screens cleaned up so that
- pages are refreshed correctly. Buttons on the Advanced
- tab refresh to the Advanced tab now.
-
- - Further management interface cleanup of the Lexicon to
- bring in line with the normal ZMI.
-
- Zope 2.3.0 beta 3
-
- Bugs Fixed
-
- - The import / export button did not show up if a folder was
- empty.
-
- - A problem in acquisition wrapping of users obtained though
- the SecurityManager caused certain ownership operations to
- fail (this manifested itself as a report about broken DAV
- MOVE operations).
-
- - The Zope management screens no longer try to set a default
- charset with the content-type.
-
- - Certain security related operations were failing due to
- argument mismatch errors (too many arguments).
-
- - Passing unicode data to html_quote could cause problems
- since html_quote was trying to screen out two characters
- that many browsers are willing to accept as html special
- characters (to prevent "cross-site scripting" attacks).
- This has been moved out of html_quote and into the RESPONSE
- object, where the chars will be quoted only if no charset
- is defined for the content-type or the charset is an alias
- for Latin-1.
-
- - Rename via FTP was not supported.
-
- - Changed index_html, standard_html_header, standard_html_footer,
- and standard_error_message in Data.fs.in to use "new" DTML syntax
- (as opposed to SSI-style syntax).
-
- - meta_type of all DTML Methods in Data.fs.in object manager
- "_objects" lists is now "DTML Method". It had been "Document",
- which caused inaccurate superValues results if 'spec'
- was used.
-
- - Make ZClasses navigable to FTP/WebDAV; implement 'PUT_factory'
- hook to create PythonScripts (for MIMEtype 'text/x-python')
- and DTMLMethods (for other 'text' MIMEtypes) (Collector #998).
-
- - Calling manage_addProperty with a list value and a type of 'lines'
- caused a string representation of the list to be stored.
-
- - Submitting the proxy roles form without selecting any roles to
- be used as proxy roles caused objects with proxy role support to
- silently become unexecutable (have effectively empty proxy roles)
- rather than raising an error. The proxy role api now requires that
- at least one role be passed in or an error will be raised.
-
- - Mechanisms in the underbelly of the Catalog and Globbing
- Lexicon (which is the default for all new Catalogs) has been
- overhauled given substantial performance increases. On
- simple queries, performance should double (or more) in many
- situations, whereas with globbed queries it may increase by
- substantially more.
-
- - A method in SQLMethod objects had been removed but the reference
- to it in __ac_permissions__ had not, which caused failure on
- attempting to set permissions on SQLMethods.
-
- - A bit of exception handing in the dtml-in tag implementation was
- too general and could hide subsequent rendering exceptions (thanks
- to Richard Jones for the patch).
-
- - Cacheability was not fully enabled for DTML Documents.
-
- Zope 2.3.0 beta 2
-
- Bugs Fixed
-
- - Changed management style sheet to explicitly set the http
- content-type to avoid a rendering problem on resize in
- NS browsers.
-
- - Data.fs.in index_html now shows zope_quick_start instead
- of old, inaccurate content.
-
- - Changed index_html, standard_html_header, standard_html_footer,
- and standard_error_message in Data.fs.in to use "new" DTML syntax
- (as opposed to SSI-style syntax).
-
- - The way that the default management tree view imposed sorting
- in its tree tag dtml made it hard for custom objects to provide
- a sorting that would be more appropriate for the custom object.
- The management tree view now preserves whatever ordering is
- returned from tpValues. The default tpValues implementation in
- the ObjectManager class sorts by id by default.
-
- - Disallowed object IDs that start with "aq_".
-
- - Changed the default support for "domain authentication mode"
- in UserFolder to be disabled by default. Domain auth mode
- was implemented for a very specific case long ago and causes
- a lot of overhead for anonymous accesses that are needless
- for the 99% case. People who actually want domain auth mode
- turned on may call a new 'setDomainAuthenticationMode' method
- to enable it if they wish.
-
- - Changed the implementation of emergency_user to be backward
- compatible with the expectations of third-party user folders.
- Third party user folders should now work with Zope 2.3 without
- modification.
-
- - A bug in the search interface generation for ZCatalogs was
- fixed.
-
- - An integrity check for the global product registry has been
- added at startup to mitigate registry consistency problems
- caused by things like missing base classes that cannot be
- detected by Zope (like removing a Product that another
- Product depends upon). If a problem is detected, the global
- registry is automatically rebuilt and the action is logged.
-
- - A bug in the rendering of 'record' type form variables when
- rendering a request object was fixed.
-
- - A bug that cause setting of proxy roles for Python Scripts
- to fail was fixed.
-
- Zope 2.3.0 beta 1
-
- Features Added
-
- - Added a hook that allows user folders to provide a logout
- action.
-
- - Added a browser preferences screen to allow people to
- tweak the management UI to their liking. For the folks who
- complained that they didn't like the new top frame, they
- can (among other things) turn it off from the browser
- preferences screen.
-
- - Added Michel's new QuickStart material. I haven't quite
- decided whether the old QuickStart should go away or
- stay around as a source of examples.
-
- - The logout function has been implemented in a fairly minimal
- way. We may try to make this nicer by final if we get time.
-
- - The ZCatalog interface is now cleaned up and matches the new
- interface look and feel better. In addition some logical
- reorganization was made to move things onto an Advanced tab.
-
- - Result sets from the Catalog are now much Lazier, and will
- do concatenation with eachother in a lazy fashion. This was
- suggested by Casey Duncan in Collector #1712.
-
- Bugs Fixed
-
- - Added a deprecated alias to UnrestrictedUser, Super, for use
- by user folder products that depend on the old class name.
-
- - Fixed path for management interface files used for
- CatalogPathAwareness and Aqueduct.
-
- - Fixed a NameError in HTTPRequest.
-
- - Made manage_page_style.css correctly available to all.
-
- - ZCatalog objects now show up in the Add List in the same
- naming convention that was used for all other Z* objects.
- This does *not* affect the meta_type that is actually used
- for the object itself.
-
- - (Collector #1835, 1820, 1826) Eliminated errors in both
- Field and Keyword indexes where old keys might show up in
- 'uniqueValuesFor()' because of the way the data structures
- were kept around.
-
- - (Collector #1823)Eliminated situation where if the Catalog
- did not have a metadata record for 'meta_type' the Cataloged
- Objects view would be incorrect and list everything as a
- 'ZCatalog'. Now it simply lists it as 'Unknown'.
-
- - (Collector #1844) On the brains returned from ZCatalog
- queries, 'getObject()' now tries to resolve URLs as well as
- paths. This should catch more cases.
-
- - Tags generated for ImageFile objects attempted to use
- title_or_id(), which is not defined for those objects.
-
- - Mounting now fails gracefully in when getId() is not
- available in the mounted object.
-
- Zope 2.3.0 alpha 2
-
- Features Added
-
- - The install machinery for source release has been modified
- to allow Zope to build out of the box for Python 2.0. Note
- however, that Python 2.0 is still not officially supported.
- You may see quite a few warnings from the extension builder
- when compiling for Python 2.
-
- - A new module, AccessControl.Permissions has been added to
- make it easier to use the new security assertion spelling.
- The new module provides consistent symbolic constants for
- the standard Zope permissions.
-
- - Cache manager support added. This allows site administrators
- to ease the burden on their site in a very configurable
- way. It also provides an API for developers to follow when
- experimenting with caching strategies.
-
- - The ZPublisher 'method' form variable type has been
- deprecated in favor of 'action'. The behavior is the
- same, only the official (and documented in the Zope
- book) name has changed. The 'method' name is still
- supported for backward compatibility.
-
- - The 'objectIds' and 'objectValues' methods of ObjectManager
- derived objects are no longer directly Web-accessible. This
- is a topic that has come up over and over on the lists. Some
- (xml-rpc, mostly) users may depend on this behavior - applications
- that need access to this information remotely should be modified
- so that a Python Script or DTML Method can explicitly pass
- the data.
-
- - The Image.tag() and ZopeAttributionButton methods now return an
- image tag that is XHTML compatible; a space and a slash have been
- added.
-
- - SQLMethods can now be edited via FTP and WebDAV tools. Thanks to
- Anthony Baxter for his FTP support patches.
-
- - The Catalog has been slightly overhauled to manage object
- paths instead of URLs in its tables. This should not cause
- any backward compatability concern, but everyone upgrading
- should read the web pages on the zope.org site at:
- http://dev.zope.org/Wikis/DevSite/Projects/ZCatalogVirtualHostFix/UpgradeFAQ
- this will provide information about how to upgrade and new
- features on the result sets, like getObject and
- getPath. These are very important.
-
- - SiteAccess 2.0 has been added, to enable virtual hosting.
-
- - The StandardCacheManagers product has been added as a primary
- product, making it easier to get started with caching.
-
- - The class DTMLFile has been added alongside of HTMLFile.
- It supports name bindings, ignores positional parameters,
- and puts the container on top of the namespace by default.
- Most HTMLFiles should work the same (or more securely) if
- converted to a DTMLFile. Most management interface methods
- should be converted by the final release of 2.3.
-
- - Added a variable called PUBLISHED to REQUEST. From now on,
- this variable should be used instead of PARENTS for user
- validation.
-
- - The inituser file is now read even when one user has been
- created. This provides a way to reset the password after
- a new user installs Zope but ignores the generated password.
-
- - ZCatalogs have a reduced number of management interface tabs.
-
- - ZCatalog keyword and field indexes have been modified to use
- a merge strategy when existing indexes are updated. When an
- existing object is indexed, the contents of field and
- keyword indexes are merged with the changes detected between
- the existing contents of the index and the new content.
-
- - CatalogPathAware class added. This will eventually replace
- CatalogAware.
-
- - The ManagementInterfaceQuickFix project was merged in. The
- Zope management interface has been tweaked in various ways
- to improve productivity and consistency and is now at least
- slightly less ugly :)
-
- Bugs Fixed
-
- - A misspelled function name which prevented the addition of
- properties was corrected.
-
- - Caused PropertySheets to restrict IDs the same way
- ObjectManager does.
-
- - (Collector #1586) Fixed situation where the Catalog would
- attempt to loop over a bucket as if it were a list, which
- won't work. This was reported by Steve Alexander with a
- patch.
-
- - Corrected local role computation (Hotfix 2000-12-15)
-
- - The basic user folder implementation in User.py was changed
- to use the Zope security policy machinery. see
- http://dev.zope.org/Wikis/DevSite/Proposals/
- ChangeUserFoldersToUseSecurityPolicyAPI for details.
-
- - Trying to cut or copy with no items selected now returns a
- nicer error message.
-
- - A roles keyword argument was added to ZopeSecurityPolicy.validate
- to enable callers to pass in roles as opposed to allowing the
- machinery to figure it out for itself.
-
- - Some product context initialization related to setting roles
- was updated.
-
- Zope 2.3.0 alpha 1
-
- Features Added
-
- - Python Scripts are now part of the Zope core. Big whopping
- kudos to Evan Simpson for all of the work he has put into
- this! Having Python Scripts in the core will allow people
- to much more easily separate logic and presentation (and
- get that logic out of DTML!) More information and prototype
- documentation for Python Scripts can be found in the
- dev.zope.org project:
-
- http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods
-
- - Added the __replaceable__ property support to ObjectManager.
- This is currently documented only in the Wiki.
-
- - Added unit tests for the DateTime module.
-
- - Added new BASEPATHn and URLPATHn variables in the REQUEST
- object, and changed Zope core DTML files to use BASEPATH1
- instead of SCRIPT_NAME.
-
- - Added new getId() method to SimpleItem.Item. This should
- now be used instead of referencing 'object.id' directly,
- as it is guaranteed to always be a method and to always
- return the right thing regardless of how the id of the
- object is stored internally.
-
- - Improved Ownership controls. Now you simply choose whether
- or not to take ownership of sub-objects when taking
- ownership. There is no need to control implicit/explicit
- ownership.
-
- - Changed the Zope installation procedure so it is only
- necessary to create one user account and that user is
- stored in the ZODB. The user created at startup now is
- simply a normal intial "Manager", not the "superuser".
- It is no longer necessary to login, create an initial
- manager, logout and log back in! Woohoo!
-
- - Implemented the "emergency user" concept, which is the new
- name for what was called the superuser. The emergency user
- doesnt even exist now until you explicitly create it.
-
- - Added new "WebDAV source view" HTTP handler, enabled by new
- '-W' (note uppercase) switch to z2.py. This handler is *not*
- enabled by default.
-
- - Implemented "hookable PUT creation" (allows containers to
- override webdav.NullResource's guess at the type of object
- to create when PUT is done to an unknown ID).
-
- - Added testrunner.py to the utilities directory. The testrunner
- is a basic utility for running PyUnit based unit tests. It can
- be used to run all tests found in the Zope tree, all test suites
- in a given directory or in specific files. The testrunner will
- be used to ensure that all checked in tests pass before releases
- are made. For more information, see the docstring of the actual
- testrunner.py module.
-
- - The Interface scarecrow package has been checked in - more work
- will likely be done on it before it goes into wide use. See
- Michel's "Zope Interfaces" project on dev.zope.org for details:
-
- http://www.zope.org/Wikis/Interfaces/FrontPage
-
- - PyUnit has been checked into the core. Along with the testrunner,
- this provides enough infrastructure for us to incrementally begin
- accumulating (and running!) test suites for various parts of the
- Zope core.
-
- - The new security assertion support has been checked in. For
- more information and an updated version of the "Zope security
- for developers" guide see the project on dev.zope.org:
-
- http://dev.zope.org/Wikis/DevSite/Projects/DeclarativeSecurity
-
-
- Bugs Fixed
-
- - Removed some cruft in OFS/content_types.py (an old data
- structure was being constructed but was going unused in
- favor of a newer structure used in conjunction with the
- mimetypes module).
-
- - (Collector #1650)Where the underlying object does not define
- its own '__cmp__()', comparisons of acquisition-wrapped
- objects fall back to comparing the identities *of the
- wrappers* . Fixed to unwrap the object (both, if needed)
- before comparing identities.
-
- - (Collector #1687 Products which register base classes
- for ZClasses typically defer creating them until product
- registration; the derived ZClass needs them to be available
- immediately after import. Deprecated
- 'ProductContext.registerZClass' and
- 'ProductContext.registerBaseClass' in favor of a new function,
- 'ZClasses.createZClassForBase' (because none of the machinery
- needed a ProductContext instance anyway).
-
- - (Collector #1355) Fixed overlapping HTTP POST requests in
- ZServer which could have been corrupted. Thanks to Jeff
- Ragsdale.
-
- - Undid a bug fix that caused the DateTime unit tests to fail.
-
- - Removed the requirement that an "access" file exist.
- "access" is now only needed to create an emergency user
- account.
-
- - Disabled the monitor port by default because, initially,
- there is no emergency user, and thus no password that
- can be used to protect the port.
-
- - Secured the hole that was patched by Hotfix_2000-12-08.
-
- - Disallowed object IDs that end with two underscores.
-
- - Caused PropertyManager to restrict id's the same way
- ObjectManager does.
-
- Zope 2.2.5
-
- Bugs fixed
-
- - Corrected a mounted database connection leak. The reference
- to the sub-connection was occasionally being garbage collected,
- meaning the sub-connection never get closed and Zope eventually
- used up all connections from the pool.
-
- Zope 2.2.5 beta 1
-
- Bugs fixed
-
- - Secured the hole that was patched by Hotfix_2000-12-08.
-
- - A bug in ZServer caused concurrent POST requests to overwrite
- each others incoming data, leading to 'AttributeError: data'
- errors.
-
- - The ZSQLMethods code to handle query caching had a bug
- that could cause a KeyError in certain cicumstances.
-
- - A dumb algorithm in the basic user folder interface caused a
- reverse dns lookup to be done for each user in a user folder
- if domain-based matching was being used. This could cause a
- real lag for sites with large user folders doing domain
- matching.
-
- - The "View" management page for Image objects generated an
- incorrect link to the image object (though it often happened
- to work thanks to acquisition).
-
- - Import only looked for files in INSTANCE_HOME/import. Now,
- if the file is not found there it looks in SOFTWARE_HOME/import.
-
- - Fixed situation where the Catalog would attempt to loop over
- a bucket as if it were a list, which won't work. This was
- reported by Steve Alexander with a patch (#1586).
-
- - It was not possible to access the 'manage_access' screen for
- a custom propertysheet on an instance. Thanks to Steve
- Alexander for this one as well.
-
- - The checkboxes on the "Add ZClass" form were being reset after
- every base class addition.
-
- - A WebDAV support bug that caused authentication to fail for
- MOVE and COPY (and possibly other) requests was fixed.
-
- - The WebDAV support was setting an extra HTTP 'Connection'
- header when Zope was running under ZSever, because ZServer
- didn't handle that correctly back when the DAV code was written.
-
- - Several other DAV-related fixes were made to address bugs
- discovered in the course of using Zope with several DAV
- clients. The DAV support now generates a faux creation
- date property to make Adobe GoLive happy.
-
- - A bug in state diffing in the Tree tag when a tuple was passed
- in instead of a list was fixed.
-
- - Corrected local role computation (Hotfix 2000-12-15).
-
- - Fixed protection of the update_data method of File / Image
- objects (Hotfix 2000-12-18).
-
- - The content_type argument passed to manage_addImage or
- manage_addFile was ineffective.
-
- - The Image.tag() and ZopeAttributionButton methods now return an
- image tag that is XHTML compatible; a space and a slash have been
- added.
-
- - Long running processes spawned via os.system() from Zope code
- could hang the request that spawned them due to inheritance of
- open file descriptors. Thanks to Dieter Maurer for a fix for
- ZServer to set the close-on-exec flag on ZServer sockets.
-
- - Some of ZServer's medusa underpinnings were outputting various
- 'WARNING' messages that should have been ignorable and caused
- confusion for new Zope users. The startup messages have been
- fixed to avoid spewing things that scare newbies unnecessarily.
-
- - SQLAlias objects were leaking when a database column was
- accessed via an aliased name. This was tracked down to a
- subtle bug in ExtensionClass.
-
- - A packing bug could, on rare occasions, cause corruption of
- transactions committed while the database was being
- packed. This corruption wouldn't show up until the database
- was scanned, either on startup without an index, or on
- subsequent packs. The actual data records were correct in
- most cases, but contained invalid file pointers to their
- transaction or other record data. The problem could be
- corrected using the FileStorage recovery tool, fsrecover.py.
-
- Zope 2.2.4
-
- Bugs fixed
-
- - There was a mistyped permission in HelpSys.py ("Add Documents,
- Files, and Images" should be "Add Documents, Images, and Files").
-
- - The caching code added for ImageFile objects had a dumb cut-n-paste
- error (fixed for 2.2.4 final). ImageFile caching was verified
- after the fix with the Cacheability Engine at:
- http://www.web-caching.com/cacheability.html
-
- - Fixed and tested a problem in the way that headers are extracted
- from the message text in the dtml-sendmail tag. Windows text
- editors could introduce ^M characters that threw off the rfc822
- message parser if they were not cleaned off before parsing.
-
- Zope 2.2.4 beta 1
-
- Bugs fixed
-
- - Zope 2.2.4 includes all of the 2.2.3 changes plus a fix
- for a bug introduced while fixing another bug that caused
- acquisition of permissions to fail (whew!).
-
- - Fixed a bug in computation of object roles (from
- permissions) that could cause roles to come from
- non-containment context.
-
- - ImageFile objects (e.g. icons in the mgmt interface) did
- not set or recognize HTTP caching headers, which caused
- some browsers to never cache them.
-
- - The function rfc1123_date was mis-formatting http dates.
-
- - The registerHelp() method of ProductContext objects would
- blow up if a product did not have a help directory.
-
- Zope 2.2.3
-
- Bugs fixed
-
- - Resolved known condition in the Catalog where objects are
- not guaranteed to be unindexed before indexing happens
- again. Now objects are guaranteed to be unindexed correctly
- first. This should resolve all outstanding KeyErrors with
- Catalog, although currently broken Catalogs will require a
- reindex to resolve them.
-
- - Fixed a race condition and a possible memory leak in mounted
- databases.
-
- - Added the DTML Reference to the online help system.
-
- - Applied Toby Dickenson's patch that fixes aq_inContextOf.
- Now it is more thorough in discerning whether an object is in
- the context of another object.
-
- - Fixed keyword args for aq_acquire.
-
- - Plugged a memory leak that occurred when objects wrapped
- through acquisition but which do not have a "__call__"
- method are invoked. The arguments passed to the call
- would be leaked.
-
- - DateTime did not recognize timezone strings like '+0200'.
-
- - Security for Images and Files could not be changed due to
- an old name left in the permissions structure (__call__).
-
- - Removed some ancient references to Principia from the ZGadflyDA
- user interface.
-
- - Fixed bug in Client.py which opened filesystem file without
- using read-binary mode, which caused file corruption
- when uploading binary files using ZPublisher.Client
- from Windows NT.
-
- - The '_getOb' method of ObjectManagers did not correctly
- restrict access to private attributes (beginning with an
- '_').
-
- - The XML import/export machinery was fixed to properly deal
- with 'long' datatypes.
-
- - Uploading new contents for a File or Image object without a
- content-type header caused the old (possibly now incorrect)
- content_type attribute to be retained.
-
- - There was an extra slash in the rewrite rule for using PCGI
- in single-threaded mode in WEBSERVERS.txt
-
- - The PARENTS list passed to the validate method of User Folders
- did not include the published object, which could lead to
- incorrect security handling in certain cases (this was the
- 2000-10-02 Hotfix).
-
- - (Collector #1687) Products which register base classes
- for ZClasses typically defer creating them until product
- registration; the derived ZClass needs them to be available
- immediately after import. Deprecated
- 'ProductContext.registerZClass' and
- 'ProductContext.registerBaseClass' in favor of a new function,
- 'ZClasses.createZClassForBase' (because none of the machinery
- needed a ProductContext instance anyway). Update OFSP and
- ZCatalog products to use this machinery, instead of
- 'registerBaseClass'.
-
- - The manage_edit of the Connection base class used by database
- connection tried to coerce the connection string to an actual
- string. This was problematic because some DAs (Sybase apparently)
- store the connection string as an HTTPRequest.record object.
-
- - BASE tags generated by Zope were not XHTML compliant.
-
- - Part of the PropertyManager interface incorrectly assumed a
- wrapped object.
-
- - HTTP date headers were generated by strftime in medusa; this
- meant that using a different locale caused medusa to generate
- invalide Date headers re: the RFC. The date header generation
- has been changed to use english even if a different locale is
- in effect.
-
- - Dates generated by WebDAV code also used strftime and were
- therefore made invalid when a non-english locale was in use.
-
- - Headings generated in HTML by StructuredText did not generate
- a closing paragraph tag.
-
- - StructuredText did not recognize URLs with ampersands in them.
-
- - A bit of the SecurityManagement code expected threads to be
- available, which broke the "single-threaded-mode" that some
- folks use with pcgi.
-
- - DateTime arithmetic was broken if you tried to subtract a
- DateTime from another DateTime where one of them was on
- daylight savings time and the other was not.
-
- - The infamous "__call__" bug that could surface in situations
- where documents called other documents has been stamped out.
- And there was much rejoicing.
-
- - The redirect target after adding a ZSQLMethod had too many
- path elements in it.
-
- Zope 2.2.2
-
- Bugs Fixed
-
- - Applied Dieter Maurers patch to prevent log entries from
- being dropped when clients disconnect prematurely.
-
- - The manage_test method of database connection objects were
- not checking for RDB-format results, which caused the test
- queries to fail from the test tab of some older DAs.
-
- - Z2.py did not allow passing numeric UIDs for the -u option.
-
- - Fixed a bug in the dtml-var tag handling of the 'null'
- attribute. Before null would only work correctly if there was
- also a 'fmt' attribute. Now null correctly works with non-zero
- false values when there isn't a 'fmt' option.
-
- - Corrected a factory bug that prevented creation of ZClass
- instances within objects owned by users defined in a
- different user folder than the root acl_users.
-
- - Made ZopeAttributionButton method of Application object
- public.
-
- - Factory dispatchers inappropriately acquired ownership in
- certain cases, causing problems creating objects for users
- not defined in the root user folder.
-
- - The DestinationURL method of FactoryDispatchers did not work
- correctly if the dispatcher was obtained through the
- unrestrictedTraverse method.
-
- - Several calls to socket.bind() were fixed for Python 1.6/2.0
- compatibility in PCGI and Gadfly.
-
- - The sqlvar tag could fail on the trailing 'L' of the string
- representation of longs when coercing to int or float.
-
- - Under some circumstances, versions were only partially
- committed (or aborted) in FileStorages causing objects to be
- left locked in a version with no way to unlock them.
-
- - FileStorages opened read-only incorrectly truncated data
- files when incomplete transactions were discovered.
-
- - Read transactions were aborted due to conflict errors.
- This was an attempt to catch write conflicts early, but was
- far too pessimistic.
-
- - The document_src method of DTML objects required a REQUEST
- and RESPONSE argument, making it difficult to use from
- Python code. They are now optional.
-
- - The "test" tab of SQL Methods did not include the rendered
- query in the error message if the test failed due to a
- database-level error (such as a malformed query).
-
- - A signed/unsigned buglet in the code for Splitter objects
- caused recognition of national characters to fail on some
- platforms (FreeBSD/x86).
-
- - A bug in ZODB database objects could cause ZEO clients to
- fail to start without deleting the ZEO client cache.
-
- - The 'lock' keyword argument to RESPONSE.redirect was not
- in the API documentation.
-
- - Some missing SCRIPT_NAME variables were added to the IMG
- SRC paths for the navigator pane.
-
- Zope 2.2.1
-
- Bugs Fixed
-
- - Correction of ZClass-in-ZClass bugfix which prevented import of
- .zexp's containing Factories.
-
- - Made acquisition in the URL and XML-RPC work together.
-
- - A bug in FTP downloading was fixed.
-
- - A bug in the "views" screen for ZClasses could cause strange
- IndexErrors depending upon whether help topics were created.
-
- - Improved behavior when non-persistent objects are added to an
- ObjectManager.
-
- - Fixed an obscure bug that could cause Zope to crash when
- there were errors in computed attributes that depended on
- acquisition.
-
- - Fixed very obscure bug in database invalidation when
- committing from one version to another. This could cause
- source version data to fail to get updated.
-
- - Fixed a condition that prevented error messages from
- being displayed when performing a redirect. This means
- that standard_error_message documents that redirect now
- need to add a "lock=1" argument to the redirect call.
-
- - A bug in the stupid file logger consumed exception info
- for certain types of errors (such as failed product import).
-
- - A bug in integration with the new security machinery caused
- copy / paste operations to fail in certain cases.
-
- - Changed permission assignments for 'manage_editForm', 'manage',
- 'manage_main', 'manage_uploadForm', 'manage_historyCopy',
- 'manage_beforeHistoryCopy' and 'manage_afterHistoryCopy' to
- 'Change DTML Documents' (for DTML Documents) and 'Change
- DTML Methods' (for DTML Methods) which is more correct and
- makes view filtering work properly.
-
- - The medusa code that produced the server log file was writing
- the formatting the date in GMT but adding a local timezone
- identifier (+0100, etc.) It has been fixed to format the date
- using localtime.
-
- - The DTML "tree" tag did not understand the common shorthand
- spellings for name= and expr=.
-
- - The HTML4 formatting method on DateTime objects did not return
- the datetime in UTC as it was supposed to.
-
- - A bug in cgi.py caused an entire extra copy of large file
- uploads and input data to be kept in memory, defeating the
- work the module does to avoid doing exactly that ;^)
-
- - A bug in the cgi module could cause memory to spike on large
- inputs, as it kept a complete copy of the input in memory
- that was never used :(
-
- - A packing bug could cause data written by saved versions
- to be inaccessible. This is actually a bug that was fixed
- in Zope 2.1, but the fix never got applied to the main code
- tree. :(
-
- - The behavior of the tag and __str__ methods of images has
- changed slightly; if no 'alt' argument is given, it will use
- the title of the image (if defined) for the alt attribute.
- Otherwise it will generate 'alt=""'. Also, it now generates
- 'border="0"' unless a different value for border is given as
- a keyword argument.
-
- - The database control screen in the control panel did not
- work with storages that returned string "sizes". Some
- storages return strings to indicate units other than bytes.
-
- - Fixed the broken Product Help icon.
-
- - Fixed ZClass view help setting, thanks to Jeff Sasmor.
-
- Zope 2.2.1 beta 1
-
- Bugs Fixed
-
- - FileStorage-based databases became corrupted when their
- size grew beyond 2GB.
-
- - FileStorage-based databases could be corrupted if
- transaction descriptions or transaction extended meta-data
- exceeded 64KB in size.
-
- - Some relational database adapters use an older version of
- a results class in Shared.DC.ZRDB. The RDB-format based
- results class was missing a needed security assertion to
- allow access to result data.
-
- - Missing security assertions in the ZDOM module caused
- unauthorized errors for things trying to use ZDOM (such
- as XMLDocument).
-
- - A bug in the registration of help content caused unnecessary
- transactions to be written at startup.
-
- - The machinery for guessing content types ignored default
- values passed in explicitly.
-
- - A problem in the Find machinery removed the acquisition
- context from subobjects, causing permission checking to
- fail.
-
- - There was a hard-coded unix path separator in the logic
- for initializing special dtml objects from files.
-
- - The ordering of tabs on some management screens was changed
- inadvertantly during the 2.2 development cycle. The ordering
- has been tweaked to conform more closely to earlier releases.
-
- - The strftime() method of DateTime objects was changed so that
- it formats based on the current timezone representation of a
- given DateTime object. This is now also the case when formatting
- DateTimes from DTML using the fmt="..." construct (which uses
- the strftime method under the hood). Previously, strftime
- converted to GMT, which was inconsistent with other formatting
- methods and caused problems for people. Those who actually do
- want the date to be formatted in GMT can use: myDate.toZone('GMT')
- to get a version of the object represented in GMT and then call
- the formatting methods on that object.
-
- - Permissions were not properly defined for the new history
- vew in DTMLMethods and DTMLDocuments. This caused many
- useful features to be available only to managers and others
- to be available only to those with undo priveledges. A new
- permission, "View History" has been added for viewing
- historical changes and you can copy historical versions to
- the present if yo can edit DTMLDocuments or DTMLMethods.
-
- - The new traversal method, restrictedTraverse was private,
- but should have been public. It also didn't check access to
- the root object when an absolute path was used.
-
- - The roles (and only the roles) "Manager" and "Anonymous"
- had the "Access contents information" permission on the root
- application object regardless of permission settings made
- through the management interface.
-
- - A ZCatalog bug which was symptomized by a "KeyError" during a
- searchResults query was squished by changing some exception
- handling in the cataloging machinery.
-
- - Version's chose their names based on absolute_url, which depends
- on access method, rather than physical path.
-
- - A fix for socket.connect() calls in preparation for Python 2.0 was
- accidentally applied to a wrong part of Client.py in ZPublisher.
-
- - The "distribution" tab for ZClass-based products has been changed
- to allow creation of redistributable products.
-
- - DAV property sheets were not correctly associated with permissions,
- which cause Unauthorized errors when iterating over propertysheets
- under the new security model.
-
- - Some patches to PCGI added in the 2.2 development cycle to support
- things like syslog connectivity were backed out due to problems
- on certain platforms. The patches may make it back in the future
- after the issues are resolved and broader platform testing can
- be done.
-
- - The new security machinery did not allow REQUEST to be accessed
- when it was acquired. This didn't prevent access to REQUEST, but
- made the access eccessively expensive.
-
- - Fixed the display order of the Zope tutorial topics.
-
- - Fixed the help system menu frame to not use standard html
- header and footer.
-
- - Products that have not been updated to define an 'initialize'
- method to do product initialization were not filtered correctly
- by permission in the filtered object add list.
-
- - Exception logging was added to catalog to catch "shouldnt happen"
- sorts of events.
-
- - Text indexes did not recognize boolean connectives (and, not)
- if they were mixed-case.
-
- - Fixed Tutorial bug that caused win98 to crash with adding a
- tutorial.
-
- - Fixed ZService.py to avoid overwriting existing service start
- parameters at install time on win32.
-
- - The deprecated alias getSize() was added back to Image and DTML
- objects (existing products still depend on it).
-
- - Cleaned up a DocumentTemplate namespace issue. Fixed QuickStart.
-
- - Removed old validation code in cDocumentTemplate.
-
- - In ZCatalog, it was possible for stemming on single-word search
- queries to be handled incorrectly and produce no results.
-
- - A problem in the url traversal machinery caused strange errors
- in cases where the root of the site was requested but had no
- index_html instead of the expected Not Found error.
-
- - ZCatalog objects did not implement the searchable object
- interface correctly.
-
- - XML (database) import sometimes failed, especially with
- ZClass instances.
-
- - XML (database) export didn't properly handle strings that contained
- the string "\n".
-
- - The <base> tag insertion machinery failed if the request result
- had content-type with a charset attribute (thanks to Dieter
- Maurer).
-
- - A long-standing bug that caused a "resource not found" error when
- trying to instantiate a ZClass inside of another ZClass was
- fixed. Hooray for Chris McDonough :^)
-
- - In certain circumstances it was possible for the manage_afterAdd
- and other manage_after* methods to get into an infinite loop by
- essentially acquiring themselves in cases where subobjects did
- not implement those protocols.
-
- - The sqlvar tag produced misleading error messages when an
- expression caused an exception during rendering.
-
- - RFC1123 dates were not formatted correctly in the webdav.client
- implementation.
-
- - Made the ObjectManager class inherit from Traversable (which
- exposes unrestrictedTraverse). ObjectManager-type items which
- didn't inherit from SimpleItem.Item had problems with
- Management.Tabs producing the right views for manage_options
- before this was in there.
-
- - FileStorage-based databases got into an unusable state if
- available disk space was exceeded. This problem could
- lead to database corruption.
-
- Zope 2.2.0
-
- Bugs Fixed
-
- - The add form for MailHost objects described fields that are
- no longer needed (descriptions have been removed).
-
- - User databases did not correctly handle situations where a
- browser sends an authentication token naming a user that
- can't be found while accessing a publicly available resource.
-
- - Minor bug in ZCatalog which prevented deletion of indexes fixed.
-
- - XML-RPC requests could not be completed via https.
-
- - Several uses of multi-argument append() calls (that will be
- illegal in Python 2.0) were fixed.
-
- - The UNLOCK method for DAV support was missing some needed
- argument declarations.
-
- - Corrected some error handling in the database connection code.
-
- - Fixed support for strftime day-of-week formatting in DateTime.
-
- - Fixed Image content-type detection to also use the binary
- "nonces" in the file to determine the real content-type. This
- should catch GIF/JPEG/PNGs that are uploaded without the correct
- information associated with them.
-
- - Added missing permission declarations to make the methods of
- PropertySheets objects accessible.
-
- Zope 2.2.0 beta 4
-
- Bugs Fixed
-
- - The History tab is now protected by the 'Undo changes' permission,
- and setting this permission actually has effect now.
-
- - A bug in validation in filtered_manage_tabs made tabs misbehave
- in some cases.
-
- - Fix an AttributeError bug in the Lexicon objects used by ZCatalog.
-
- - FileUpload objects did not have the required security assertion
- to allow access to attributes such as filename and headers.
-
- - Broken objects weren't deletable due to a recent change in the
- object deletion logic added to support mountable databases.
-
- - Some formatting bugs in the status method of the ZServer HTTP
- server were fixed (thanks to Jeff Rush).
-
- - The _read_data method of Image and File objects didn't correctly
- handle being passed an actual file object.
-
- - A new behavior in 2.2 is that after calling REQUEST.redirect the
- HTTP status can no longer be changed. This caused problems for
- some people who were calling redirect() and then trying to set
- the HTTP status to 301 Moved Permanantly instead of the default
- 302 Moved Temporarily status. To make this possible, a new
- optional 'status' argument is now recognized by the redirect
- method so that RESPONSE.redirect('/foo', status=301) can be
- used
-
- - Corrected the text of some kinds of 'unauthorized' error messages.
-
- - Fixed a bug that caused dtml-try to throw a KeyError. Related to
- the recent changes made to DT_Util.namespace().
-
- - Packing to a time earlier that a previous pack could
- lead to serious data lossage.
-
- - Attempts to install product information into the Zope database
- on startup made no sense and could cause problems for ZEO
- clients. Product adtabase updates are suppressed when the
- ZEO_CLIENT environment variable is set.
-
- - A missing security assertion made DTML code that tried to create
- instances using manage_addProduct['foo'] constructs fail.
-
- - Fixed a couple typos in the Tutorial thanks to Alastair
- Burt.
-
- - Fixed a Javascript error in the Tutorial thanks to Luke
- Tymowski.
-
- - Revised online help content quite a bit.
-
- - Revised API docs quite a bit.
-
- - Fixed a bug in Logging docs thanks to Andy McKay.
-
- - Added code that will reveal bugs in calls to DT_Util.namespace().
-
- - The way that the values of selection and multiple selection
- properties were looked up on the properties form was changed so
- that the values can now be either properties on the same object
- or found through the DTML '_' namespace to support situations
- where the selection value is acquired or otherwise not findable
- in the object's properties.
-
- - The If-Modified-Since handling in Image and File objects did not
- gracefully handle malformed date strings in that header (which
- seem to be sent by certain proxy servers). Malformed date strings
- are now ignored as if the header was not present rather than
- raising an error.
-
- - Corrected a recent problem with boolean properties.
-
- - Permissions were not being set properly on factory methods
- (constructors) loaded from Python (disk) products. This bug
- existed in 2.1, but was not very visible until recent fixes
- were made to the security machinery.
-
- - The ownership management code incorrectly was willing to delete
- ownership information in the class rather than only in object
- instances.
-
- - A bug that made packing always complain that you were trying to
- pack to an earlier time than a previous pack was fixed.
-
- - The security context stack wasn't handled correctly for
- DTMLDocuments.
-
- - DateTime objects did not support GMT(+/-)xx30 timezones.
-
- Zope 2.2.0 beta 3
-
- Bugs Fixed
-
- - Handling of "broken" products was, er, broken :) This is why
- some folks reported seeing objects "spontaneously change into
- Folders". In reality, the Broken objects that should have been
- created in place of objects whose Product was missing or broken
- weren't behaving correctly due to an interaction with the new
- overridable __getattr__ support in cPersistence.
-
- - FTP support was broken for Folders containing Broken objects.
-
- - ZServer returned None as the HTTP version if no version was given
- in the HTTP request.
-
- - It was possible to rename or move Versions, which was plain bad.
-
- - A bug that caused SQLMethods to have problems unpickling was fixed.
- This bug also made it impossible to add Zope Tutorial instances.
-
- - A bug in the lookup order for Product extensions was fixed.
-
- - Fixed the tutorial to ensure that a gadfly directory has been
- created before attempting to import the tutorial info.
-
- Zope 2.2.0 beta 2
-
- Bugs Fixed
-
- - Fixed Tutorial bug that caused win98 to crash with adding a
- tutorial.
-
- - Fixed ZService.py to avoid overwriting existing service start
- parameters at install time on win32.
-
- - The deprecated alias getSize() was added back to Image and DTML
- objects (existing products still depend on it).
-
- - The "Host" headers sent by ZPublisher/Client.py did not include
- the port number if given.
-
- - Cleaned up a DocumentTemplate namespace issue. Fixed QuickStart.
-
- - Removed old validation code in cDocumentTemplate.
-
- - Added checks to only allow legal Python name characters in ZClass
- ids.
-
- - Selection and multiple selection properties were displayed
- incorrectly on ZClass propertysheet forms.
-
- - getPropertyType was not supported for PropertySheet objects. It
- appeared to work but always returned None because it was being
- acquired :)
-
- - The 'send' method of MailHost objects was broken if explicit
- to, from or subject arguments were given.
-
- - The constructor for MailHost objects was changed to have a non-
- backward compatible signature in the alpha period. The 'localhost'
- and 'timeout' arguments were added back to the MailHost constructor
- for backward code compatibility for 2.2 beta 2 (though these args
- are now effectively ignored).
-
- - An insufficiently protected method deep in DocumentTemplate was
- fixed to prevent a security issue that could allow unauthorized
- changes to the sources of DTML objects.
-
- - Insertion of the BASE tag in responses violated the HTML 4 spec,
- which states that BASE must come first in the <head> element of
- a document so that relative references thereafter will work. It
- now conforms to the spec.
-
- - A bug in the SendMail tag if an existing mailhost was named has
- been fixed.
-
- - New and improved content has been added to the help system.
-
- - Some problems with certain management screens having wrong help
- or no help have been fixed.
-
- - A bug in PropertyManager allowed properties defined in products
- as read-only to be changed.
-
- - Added an entry in the content_types registry for RealAudio file
- extensions.
-
- - At some point z2.py stopped accepting "-P 0" as a valid option.
- That has been fixed.
-
- - Fixed a bug that caused instances of ZClasses which use
- DTMLMethod as a base class to have an ID of "<string>".
- Unfortunately, existing instances will still have the wrong
- ID. The effect is it's not possible to use the clipboard on
- them. They will need to be re-created.
-
- - Fixed a bug in PermissionMapping that could in a certain case
- cause determination of whether an object is a ZClass instance
- method to throw an exception.
-
- - A few tweaks were needed to the way that SQLMethods made use of
- the new security machinery. This fixes the authorization problems
- some users were seeing when calling SQLMethods from inside of
- other SQLMethods.
-
- - Medusa did not handle absolute URLs given in HTTP commands quite
- correctly. It turns out that WebTV (and possibly others) send
- such commands, and the HTTP spec allows them, so we now support
- it.
-
- Zope 2.2.0 beta 1
-
- Features Changed
-
- - Split the old CHANGES.txt into two files. CHANGES.txt will
- now contain only change information for the current Zope
- release. Change information for older versions is now in
- the file HISTORY.txt.
-
- - Added basic internal support for mountable databases. A separate
- product will still be required to make use of this ability.
-
- - Added a new "history" tab to selected objects (DTML methods and
- documents for now) that provides access to previous versions
- through the web.
-
- - The property management screens now include the types for
- existing properties.
-
- - Added support at Python level for user-defined
- __get/set/delattr__ methods on persistent objects. These
- have essentially the same semantics as for Python, except
- that overridden __set/delattr__ methods must explicitly
- signal changes that should be persistent.
-
- - Better error messages and syslog capabilities were added to
- pcgi-wrapper (thanks to Jeff Rush).
-
- - Calls to the ZLogger system were added to the user authentication
- process to help sys admins diagnose login problems (thanks again
- to Jeff Rush).
-
- - The Undo view shows *only* transactions performed in the
- place where undo was performed. (As before, it also
- shows only transactions performed by users defined in the
- place where the undo user is defined.)
-
- - The way that transaction logging is done was changed to make
- transaction logs based on "physical" object and user
- paths. This was necessary to make undo work properly in the
- presense of virtual hosts.
-
- - A number of hooks have been added and changes made to
- support products that implement virtual hosts. Keep an eye on
- http://www.zope.org/Members/michel/Projects/Interfaces/ImplementingVirtualHosts
-
- - The distributions now have an Extensions directory by default.
-
- Bugs Fixed
-
- - Added type checking to the constructor and edit methods of
- builtin Zope object types to prevent inappropriate passing
- of acquisition-wrapped objects for standard attributes (like
- title, etc.). A similar restriction was added to prevent the
- adding of wrapped objects as properties.
-
- - Fixed a naming bug in MailHost that caused simple_send to
- fail.
-
- - Fixed a buglet in the rename form that caused the form to submit
- to the old manage_renameObject if the user just hit the enter
- key in the browser on a single item rename.
-
- - A bug that caused the tabs to disappear after performing cache
- management operations was fixed.
-
- - A problem that prevented multiple Zope instances from running
- at the same time on win32 was fixed.
-
- - An algorithm in medusa's max_sockets.py code was updated to
- improve startup time on certain platforms.
-
- - The behavior of manage_editProperties on PropertyManagers and
- PropertySheets has been fixed so that existing properties that
- are not found in the update request are not reset to empty
- values.
-
- - A problem that disallowed access to the individual records in
- a result set from a SQL method was fixed.
-
- - A problem that caused the query template for an SQL method to
- be rendered twice when used from the "test" tab has been fixed.
-
- - Fix for bug #1270: Netscape Image Problems. Added casts to long
- to avoid an overflow error caused when trying to convert dates
- sent by certain versions of Netscape in the If-Modified-Since
- header.
-
- - Corrected DateTime.py to recognize years specified as 00 through
- 69 as 2000 through 2069.
-
- - A bug that made objects named in dtml namespaces always fail
- security validation was fixed. This was noticed by folks trying
- to use manage_tabs from ZClasses who hit the bug because the
- manage_tags document uses a namespace:
- <dtml-with "_(manage_options=...">
-
- - A change to pcgi_publisher was made to support FreeBSD, where
- send() will send only 8192 bytes at a time.
-
- - A bug that broke import in the alpha was fixed.
-
- - A bug in the transaction handling logic could cause infinite
- loops if objects were registered incorrectly.
-
- - A bug in the transaction machinery could cause objects to
- be aborted multiple times if errors occurred.
-
- - Logging via syslog now correctly captures the process id.
-
- - Adding User Folders and MailHosts from the management screens
- didn't redirect to the correct URL after adding the object.
-
- - A form problem that prevented joining or leaving versions
- has been fixed.
-
- - A more reasonable default content type is now used for HEAD
- requests on DTML objects if the object does not have a
- content_type attribute or a file-extension-like id that can
- be used to determine content type.
-
- - HTTP HEAD handling was inconsistent for collections, depending
- on whether the "default document" (index_html) was acquired or
- not.
-
- Zope 2.2.0 alpha 1
-
- Features Changed
-
- - Added a new security policy architecture and object ownership
- to address the server side trojan issue. The new architecture
- cleaned up various places where Zope code did authorization
- checks. A side effect of the new policy is that it is a bit
- more strict than it used to be - objects without explicit
- protection to which access was previously allowed will now
- be denied. There is a new declarative method for providing
- access to such objects, which has been applied to certain
- previously unprotected Zope objects that DTML writers are
- accustomed to having access to. See the SecurityPolicy
- wiki pages on Zope.org for further information.
-
- - Added a new online help system. Help is now available for
- standard Zope objects. Zope developers can add help for their
- Python Products and Control Panel Products. See HELPSYS.txt
-
- - Added logic to increase the Python interpreter "check interval"
- that should provide at least a 20% performance improvement for
- most Zope sites. Also added a new -i option to z2.py so that
- Zope users can pass in alternate values (the default is 120)
- for the check interval. This lets users experiment and tune
- the interval for the best results in their particular system
- environments.
-
- - The message returned when an empty result set is returned
- from a ZSQL Method has been clarified.
-
- - In the load_site utility:
-
- o Added logic to try and figure out a path to ZPublisher if
- one was not provided.
-
- o Added an option, -I, to automatically add an index_html
- method that redirects to index.html or index.htm.
-
- - Record objects returned by ':record' form-marshalling tag have
- been enhanced to act like mapping objects.
-
- - The ZServer startup script, z2.py, now allows all servers to be
- disabled with a single option,
-
- - The ZServer startup script, z2.py, now allows all multiple
- HTTP, FTP, or monitor servers to be run.
-
- - The ZServer startup script, z2.py, now allows separate IP
- addresses to be specified for each HTTP, FTP, or monitor
- server.
-
- - Added 'urlparam' attribute to tree tag to allow propagation
- of extra parameters through tree URL's (Collector #1045).
-
- - When renaming objects, the old id is provided as the
- default value for the new id.
-
- - Allow non-sliceable keys in PersistentMappings (Collector #1064).
-
- - Use smtplib in implementing MailHost/sendmail (Collector #1005).
-
- - Allow call to get() w/o explicit default in PersistentMapping
- (Collector #1182).
-
- - Allow rename of multiple items (Collector #1065).
-
- - Allow expr syntax in <dtml-mime/boundary> for type, disposition,
- encode, name, filename; add skip_expr (Collector #892).
-
- Bugs Fixed
-
- - Fixed problem with extra PermissionMapping objects being in
- the aq_parents hierarchy during traversal when a method was
- being accessed a ZClass defined instance method.
-
- - Fixed ZCatalog 'Find to ZCatalog' with expressions problem.
-
- - Fixed broken links in ZCatalog 'Cataloged objects' view.
-
- - FTP directory listings were not sorted.
-
- - Improved FCGI support in ZServer.
-
- - Improved ZServer streaming, including fixing chunking and
- keep-alive support. Chunking is now done by default with
- HTTP 1.1 clients. Fixed possible problems with large responses.
- Thanks to Toby Dickenson.
-
- - ZServer's FTP server no longer binds to all interfaces.
-
- - Fixed a bug which caused File objects of type 'text/html' be
- have the wrong Content-Length set.
-
- - A bug in SQL methods could caused results to be returned without
- an acquisition context. This could cause methods provided
- via ZClass brains to be inaccessable due to the dependence of
- ZClass method security on a correct acquisition environment.
-
- - Fixed tree tag so that expand_all and branches_expr play nice
- (Collector #919).
-
- - Suppressed "private" names from catalog indexes/meta-data
- (Collector #1076).
-
- - Allowed strings with linebreaks as data in Gadfly queries
- (Collector #972).
-
- - Added note to WEBSERVER.txt pointing out security issues with
- REMOTE_USER mode (Collector #733).
-
- - Fixed colspan counting in tree tag (Collector #913).
-
- - Logging enabled with the -D option to the z2.py script did
- not include traceback information and was not performed
- during Zope startup. This made finding startup errors
- difficult.
-
- - The logic for reparsing the dtml files used for the Zope management
- screens while in development mode was broken - it was reparsing
- system dtml files on every request.
-
- - Correct DateTime docstring to remove spurious 'negative offset'
- language (Collector #1074).
-
- - Clean up pointer cast to suppress compiler warning in zlib.c
- (Collector #1190).
-
- - Guarantee null-terminated buffer in Record_init() so
- Record_compare() doesn't UMR (Collector #1012).
-
- - Clean up use of PData for large images (Collector #1061).
-
- - Fix overflow exception in statistics of <dtml-in> (Collector #1089).
-
- - Check for invalid characters in whole id, not just first character
- (Collector #1131).
-
- - Prevent unintentional exceptions from blocking manage_beforeDelete;
- added OFS.ObjectManager.BeforeDeleteException to allow an object
- to veto its deletion (Collector #1183).
-
-
- Zope 2.1.6
-
- Bugs Fixed
-
- - Some bits from the 2.2 line inadvertantly got into the ZRDB
- package during the SQL Methods update which caused errors
- for certain database adapters.
-
- - A fix to the logic in Acquisition for aq_acquire caused a bug
- in the handling of inner ZClasses.
-
-
- Zope 2.1.5
-
- Bugs Fixed
-
- - Fixed a problem with the permission declarations for the Image
- and File classes. The problem made it impossible to change the
- 'View' permission for File objects.
-
- - Added logic to setgid() to the user's primary group if z2.py
- is run by root.
-
- - Fixed a bug in TimeStamp objects that produced a wrong
- date/time representation for bobobase_modification_time.
-
- - Changed _checkId in ObjectManager to disallow REQUEST as an
- object id.
-
- - Fixed a bug that could allow someone with a lot of Zope zen
- to change the apparent AUTHENTICATED_USER to access things
- that they shouldn't.
-
- - Fixed a bug in ZServer that could cause server hangs under
- certain heavy load conditions.
-
- - Fixed a remaining '.' form target that we missed in the Zope
- rename form. This caused rename to fail for Zope installations
- running behind Netscape servers.
-
- - Fixed a potential buffer bug in PCGI reported by Larry Luther.
-
- - In the load_site utility, binary files were misshandled on
- windows.
-
- - Fixed manage_renameObject to be willing to get the REQUEST
- via acquisition, making it easier to use from DTML.
-
- - Changed the expireCookie method of FTPResponse to fail
- gracefully when attempting to delete a cookie that does
- not exist.
-
- - Fixed a bug that caused a traceback when all members of a
- multiple select property were deselected.
-
- - The _validTime method of DateTime objects rejected time values
- with fractional seconds between 59 and 60 (which caused problems
- with some database date conversions).
-
- - Changed id checking logic to disallow '/' in an object id.
-
- - Structured Text had problems with '~' characters in URLs.
-
- - Fixed a potential security hole that could allow users with
- permission to add Folders and edit DTML (and a who have a
- lot of Zope zen) to get access to things that they shouldn't.
-
- - The internal templates used by SQL methods weren't correctly
- applying the same access control constraints as standard DTML
- objects.
-
- - Fixed ZopeAttributionButton to open in the top-level of the
- web browser.
-
- - Fixed a problem with using the "scale" arguments to the tag
- method of Image objects.
-
- - Fixed a problem in the Acquisition module that could cause
- objects accessed via aq_acquire to not be wrapped correctly.
-
- - Fixed If-Modified-Since header handling for Images and Files.
-
-
- Zope 2.1.4
-
- Bugs Fixed
-
- - Removed the "feature" that allowed the REQUEST object to be
- traversed through the web. While useful for debugging, this
- could be a security issue.
-
-
- Zope 2.1.3
-
- Bugs Fixed
-
- - A race condition in the logic for managing Zope database
- connections caused Zope to hang on very busy sites.
-
- - A bug in the packing code that caused records to be
- nreadable after:
-
- o someone did work in a version
-
- o Someone did an (unrelated) undo
-
- o the version was committed
-
- and the database was packed to a time before the work was done
- in the version.
-
- - Fixed a bug that caused packing to raise an
- error in the following situation:
-
- o someone modifies and then deletes an object
- in a version.
-
- o they commit the version
-
- o the database is packed between the time the
- object is deleted and the time the version
- is committed.
-
- - Fixed a bug that caused Zope to sometimes hang instead of
- shutting down or restarting when accessed over a fast network.
-
- - It wasn't possible to use a ZClass instance as a method of a
- ZClass.
-
-
- Zope 2.1.2
-
- Bugs Fixed
-
- - Thanks to Kevin Littlejohn's sleuthing, a sizable problem in
- the security machinery in DTML has been brought to our
- attention and resolved. The problem is most acute in
- situations where untrusted people can edit DTML documents or
- methods.
-
-
- Zope 2.1.1
-
- Bugs Fixed
-
- - Conflict errors (multiple threads trying to modify the same
- object) were not handled correctly for requests with
- bodies (e.g. POST requests).
-
- - ZODB FileStorage index files could become out of date after
- an undo. This could lead to strange results and apparent
- database corruption if Zope was shut down ungracefully and
- restarted. Now index files are removed when undoing
- records.
-
- - Saving or discarding versions failed if a transaction that
- added a new object in the version was undone.
-
- - There was circumstantial evidence that a failure of an OS to
- correctly delay writing to data to disk after Zope had
- written it led to a corrupted database. Zope now makes an
- 'fsync' system call (where available on Unix systems) to
- force data to be written to phusical storage when
- transactions are committed.
-
- - Some applicataions were writing empty transactions. The
- FileStorage now checks for and avoids writing empty
- transactions in this case.
-
- - Multiple-selection properties didn't work in regular
- property views, even though they did work in ZClass property
- sheets.
-
- - The Win32 WISE installer did not create a default Zope.cgi
- PCGI resource file.
-
- - The Win32 WISE installer script is now included in the /inst
- directory of win32 installations by popular demand.
-
- - An import problem caused the name "BTree" to be incorrectly
- overwritten in TextIndex.py and UnTextIndex.py in the
- SearchIndex package, which caused problems for some third-
- party product authors.
-
- - There were a number of problems with the load-site utility
- (utilities/load_site.py):
-
- o A recent change caused HTML files to have their headers and
- footers replaced with var tags for standard headers and
- footers. While this is sometimes very useful, it is
- sometimes disastrous. This feature is now enabled with the
- -D option.
-
- o Handling of files with a '.dtml' extension was broken. These
- are now handled correctly. Files with '.dtml' suffixes now
- get uploaded as methods.
-
- o A workaround for old sites that had a bug in Document (aka
- DTMLMethod) upload has been disabled. This workaround is now
- enabled when the -9 option is used.
-
- The following bug fixes were accidentially excluded from 2.1.0:
-
- - Redefining the "views" on a ZClass could incorrectly affect
- the views available on instances of base classes of the ZClass.
-
- - The new 'url' option to DTML 'var' tags did not work properly
- for DTML and other callable objects.
-
-
- Zope 2.1.0
-
- Features Changed
-
- - Enabled preliminary support for FastCGI to ZServer. This
- allows Zope to communicate with web servers that support
- FastCGI. Use z2.py's -F switch to configure FastCGI support
- in ZServer. See WEBSERVER.txt for more information.
-
- Bugs Fixed
-
- - Redefining the "views" on a ZClass could incorrectly affect
- the views available on instances of base classes of the ZClass.
-
- - The new 'url' option to DTML 'var' tags did not work properly
- for DTML and other callable objects.
-
-
- Zope 2.1.0 beta 2
-
- Features Added
-
- - Added Oleg Broytmann's patches to utilities/load_site.py
- that provide automatic parsing of title and property
- information and inclusion of std headers and footers.
-
- - Added Martijn Pieters' patches to DT_Try.py to implement
- try/except/else and try/finally constructs.
-
- - Virtual Hosting and SiteObjects. Virtual Hosting allows a
- server that can multi-host, like Apache, to serve different
- hosts from different Zope folders. 'SiteObjects' act as a
- placeholder for a virtualhost.
-
- Bugs Fixed
-
- - Some problems with the product distribution machinery that
- prevented product distributions from installing correctly
- have been fixed.
-
- - Description lines on the Undo screen were not HTML quoted,
- which could cause problems rendering the Undo log if any
- of the descriptions contained stray HTML tags.
-
- - Bugs in the way that ZClass instances were pickled have
- been fixed.
-
- - Some long-standing indentation problems with the tree tag
- have been fixed.
-
- - The Zope database lock file was not properly closed.
-
- - Linux and Solaris binary distributions did not contain the
- python _locale module required for locale support.
-
-
- Zope 2.1.0 beta 1
-
- Features Added
-
- - The ZCatalog now supports relevance ranking. Instead of
- search results being returned in an essentially random
- order, results are now sorted by 'score'. For text indexes,
- the score is the number of occurrences of the search term in
- a document. The score can be accessed by an attribute on
- Catalog results 'data_record_score_' and
- 'data_record_normalized_score_' contain the score and
- normalized score for the result object.
-
- - Added Keyword Indexes to the Catalog. Keyword indexes allow
- you to index a sequence of 'keywords' as an atomic property
- of an object. This is useful for buiding catagorical
- hierarchies.
-
- - Z SQL Methods arguments list is now a TEXTAREA widget to
- ease editing long aruments lists.
-
- - SQL Database Adapters now have a 'test' tab where arbitrary
- SQL may be entered and executed immediately through the
- connection object. DTML is not supported in this tab.
-
- - SQL Methods now support an option 'op' parameter on the DTML
- method <dtml-sqltest> which allows you to choose the
- operator used for comparison.
-
- - WebDAV support has been modified to support MS Office 2000
- applications. The changes _emulate_ aspects of DAV level 2
- locking but do _not_ provide actual locking support at the
- present time.
-
- - Files and Images now can be served without loading themselves
- into memory. This is automatically done for large Files and
- Images. As a by product, RESPONSE.write now works better in
- ZServer.
-
- - Most if not all of the default DTML generated by Zope and its
- built-in products is now generated in the new <dtml-var ...>
- syntax. The DTML sources for Zope's built-in management
- interfaces have also been converted to the new syntax.
-
- - DTML entity references can now include dot-separated
- var tag *options*, as in: '&dtml.url_quote-foo;'
-
- - There is a new 'url' option on the DTML var tag that causes
- absolute_url to be called on the displayed value. This
- allows entity references like: '&dtml.url-foo;'
-
- - There is a new 'url_quote_plus' option on the DTML var tag that
- acts like the standard url_quote option but uses '+' to encode
- blank spaces.
-
- - There is a new 'missing' option in the DTML var tag that
- allows you to provide a value to be used if the variable is
- missing, rather than raising a KeyError. This will work in
- the entity reference syntax as well. If it is used without
- an argument, it will provide an empty string.
-
- - The DTML built-in function, getattr, now accepts an additional
- argument providing a default value.
-
- - The tag() method of Image objects now support optional 'scale',
- 'xscale' and 'yscale' arguments that will automatically scale
- the output height and width tag attributes.
-
- - The Products folder in the Control Panel now has an 'Import/Export'
- tab to allow easier importing and exporting of Control Panel
- Products.
-
- Features Changed
-
- - ZCatalog uses subtransactions to keep memory consuption low
- at the expense of indexing speed. Subtransactions can now
- be disabled through the management interface for use with
- non subtransactions compatible objects like ZSQL Methods (or
- for raw speed if you have lots of RAM).
-
- - Added a coptimizations module. The first optimization is
- to provide an implementation of persistent_id in C. This
- routine, which is called extremely often while pickling was
- found to be a significant bottleneck.
-
- - More flexible cache management methods were added to ZODB
- Connection objects so that apps that want to move objects
- out of memory can force aggressive cache behavior.
-
- - Added the beginnings of internationalization support to Zope.
- The Zope startup script (z2.py) now supports a "-L" option
- that can be used to pass a locale name (such as "en" or "de")
- to Zope at startup. If specified, Zope will attempt to set the
- locale using the locale module if it is available. This change
- will allow Zope to better handle international characters in
- a number of places such as searching and indexing.
-
- - Logging from ZServer modified to produce Common Log Format
- in a Combined format, where user-agent and referer are also
- logged.
-
- - xmlrpclib was updated to relect the current version (0.9.8)
- from Pythonware.
-
- - Add button returned to the management interface, although
- the Javascript auto-select is still in place. This resolves
- some problems with browsers on certain platforms.
-
- - Added small explanation on Image/File add form that if the
- 'id' is not provided, it will be autogenerated based on the
- file name.
-
- Bugs Fixed
-
- - The build procedure for source checkouts now sets the
- directory structure permissions to something (775) readable
- by anyone, including, e.g., the web server running under a
- different user id and group than the installer...
-
- - A bug in the DTML tree tag that prevented expand_all from
- working correctly has been fixed.
-
- - ZCatalog now actually saves memory when using
- subtransactions. Plugged a couple memory leaks doing this.
-
- - Added ALT text fixed nested anchor tags produced by the Tree
- tag to ensure that valid HTML is produced, and fixed the
- reverse option to the Tree tag.
-
- - A bug in FTP cookie authentication was fixed.
-
- - Fixed a bug that caused External Methods to be reloaded every
- time they were used in development mode.
-
- - Fixed a permission typo in ZCatalog and a sort_on bug.
-
- - Fix for missing REQUEST in a method signature in the
- CatalogAwareness module.
-
- - Changed to propagate errors raised by _begin for thunked
- database adapters. Also changed completion code to check
- registered status and avoid completion logic if not registered,
- which would be the case if _begin failed.
-
- - A memory leak in cPersistence has been fixed, and a bug in
- object deactivation that prevented deactivation of BTrees
- was fixed.
-
- - A problem in BTrees that caused unintended db writes on
- Catalog searches was fixed.
-
- - Some unnecessary debug mode overhead eliminated - external
- methods are now automatically reloaded only when the .py
- files are changed.
-
- - A thread-safety problem with PCGI handling was fixed.
-
- - A bug that caused installation of through-the-web product
- distributions to fail.
-
- - A bug in the handling of long int properties was fixed.
-
- - Some bugs in the generation and verification of CRYPT based
- passwords was fixed.
-
- - A bug in the earliestTime method of DateTime objects was fixed.
-
- - A bug in determination of the ZServer version string was fixed.
-
- - Height and width detection for some PNG images did not work
- properly.
-
- - A bug that caused proxy role machinery to ignore local roles
- was fixed.
-
- - Added a fix for PCGI to make sure binary IO is used on win32.
-
- - A javascript fix for IE5 was made for the folder add list.
-
- - A bug in sequence multiplication in DTML was fixed.
-
- - A ZServer bug that prevented running multiple Zope2 installations
- on non-posix systems was fixed.
-
- - An External Method error handling bug was fixed.
-
- - The local 'Owner' role could be overwritten when an object
- was copied, moved or renamed.
-
- - Documented and fixed the creation of 'selection' and 'multiple
- selection' properties.
-
- - SECURITY: Fixed bug that allowed users with local roles gain
- priviledges on acquired objects. getRolesInContext did not
- used the correct context, as defined by the inner-most object
- wrapping.
-
- - SECURITY: The permissions for Find support methods were not
- being properly initialized.
-
- - SECURITY: Viewing existing user no long displays current password,
- only space for putting in the new password. This will be more
- critical as we move toward fully encrypted passwords.
-
- - SECURITY: A bug that prevented setting permissions on External
- Methods in ZClasses was fixed.
-
-
- Zope 2.0.1
-
- Bugs Fixed
-
- - Fixed a bug which allowed unauthorized options to be displayed
- when adding a Folder. Now you only see options to add an
- index_document and/or a user folder if you have adequate
- permissions.
-
-
- Zope 2.0
-
- Features Added
-
- - Database conflict errors are now logged. Although conflict
- errors are normally handled by retrying requests, frequent
- conflict errors can degrade performance and should be dealt
- with by redesigning applications.
-
- Features Changed
-
- - The process id displayed in the control panel now inclused
- the thread id, in parentheses.
-
- - Upload of image or file data *always* used
- sub-transactions. Unfortunately, database adapters don't
- support subtransactions. Images and files now use
- subtransactions only of the image or file is greater than
- 128K bytes in size. Also, subtransactions are not used if
- data are uploaded as a string by using the ':string'
- ZPublisher type in the upload form.
-
- More advanced DA's could, and probably should support
- sub-transactions.
-
- Bugs Fixed
-
- - Attempting to cut an object then paste it into itself or
- one of its subobjects would cause a recursion problem.
-
- - Certain ZCatalog reindex operations could fail due to an
- unintended transaction abort.
-
- - Database connections were leaked when database conflict
- errors occurred and handled by reexecuting requests. When 7
- connections leaked, the site would accept no more web
- requests.
-
- - The transaction-integration for relational databases didn't
- work properly. Aborting Zope transactions didn't abort
- relational database transactions. What's worse, transactions
- were not committed after a Zope transaction using a
- relational database was aborted. This explains the reported
- problems with Gadfly databases and transactions.
-
- - Fixed a bug which prevented ZPublisher.Client from uploading
- files to ZServer.
-
- - Added some logic to the win32 binary installer to fix some
- dll loading problems people were getting on international
- versions of NT.
-
- - Fixed a bug in cDocumentTemplate that could cause AttributeError
- instances to be leaked in certain situations.
-
- - 'reverse' option for the 'in' tag as well as the 'tree' tag
- has been changed to deal with a copy of the data, rather
- than the original. The database was being modified in
- place. The side effect is that in large list situations
- (with ZCatalog for example), sizable memory usage may
- result.
-
- - Missing values (as returned from SQL methods) were output as
- empty strings by the DTML var tag, even when a numeric
- format (e.g. "%5.3f") is used. Using a numeric format with
- a missing value should generate an error, unless the null
- attribute is used. Also, the null attribute had no effect
- when outputing missing values.
-
- - It was impossible to map some permissions to themselves, or
- to other inherited, but not registered permissions in
- products and in class methods. When this failed, a silly
- error message ("Waaa" ;) was output.
-
- - SQL methods had an unused method, getFindContent allowed
- anonymous users to read SQL method source. This method was
- renamed to PrincipiaSearchSource, and protected with a
- permission.
-
- - SQL methods could not be found with the find mechanism by
- searching their source.
-
- - The PrincipiaSearchSource method of DTML documents and
- methods was not protected, so anonymous users could read
- their source.
-
- - Fixed a bug in ZOM which caused getElementsByTagName to fail
- when using XML Document. Thanks to Andrew Kuchling.
-
- - It was possible to hijak 'self' arguments for DTML and
- External methods with request variables. This was especially
- problematic for XML-RPC, which uses positional arguments.
-
- - It was difficult or impossible to call External methods with
- 'self' arguments from XML-RPC.
-
-
- Zope 2.0 beta 6
-
- Features Added
-
- - The control panel process id display now also includes the
- thread id.
-
- - The Zope start script, 'start', is now written in a
- location-independent manner, making it a little easier to
- move Zope sites around after installation.
-
- Features Changed
-
- Zope 2.0 introduces a new HTML DTML syntax that, among other
- things, allows simple 'var' tags to be entered using the
- entity-reference syntax, as in::
-
- <input name=spam value="&dtml-spam;">
-
- The entity reference syntax is mainly intended for use
- when a var tag is used to insert text into an HTML tag. In
- these cases, the text needs to be html-quoted. For this
- reason, use of the entity reference syntax now implies html
- quoting. For example, the DTML snippet above is equivalent to::
-
- <input name=spam value="<dtml-var spam html_quote>">
-
- (Note that when inserting text to be used in a URL, as in an A
- tag HREF attribute, we need to url-quote the text. Zope 2.1
- will provide a means to do this with the entity-reference
- syntax.)
-
- Bugs Fixed
-
- - Missing values were not formatted correctly with numeric
- formats and did not work properly with the 'null' attribute of
- the DTML 'var' tag.
-
- - It wasn't possible to map some permissions of objects in
- Products. For example, it wasn't possible to enable a
- permission by mapping it to itself. Attempts to do so lead
- to a rather silly uninformative error message.
-
- - When providing default values for input fields, few of the
- built-in DTML methods used html quoting. This lead to
- incorrect behavior when default values included markup or
- quotes.
-
- - View filtering failed to show tabs for views in some cases
- where it should.
-
- - Single-character variable names were'nt allowed in the
- entity-reference DTML syntax.
-
- - DTML batch processing didn't work properly.
-
- - The DTML functions, '_.getattr', and '_.hasattr' incorrectly
- acquired attributes even when explicit acquisition was used.
-
- - Image dimensions were not autodetected for PNG 1.2 files.
-
- - The "View" view didn't display correctly for images with ids
- with characters that had special meaning in URLs.
-
- - The 'optional' attribute in the 'sqltest' tag had no effect.
-
- - With browsers (like lynx) that correctly implement RFC 1867
- for file-upload support, non-file fields in file-upload
- requests were treated as file fields.
-
-
- Zope 2.0 beta 5
-
- Features Removed
-
- - The help system, which was primarily geared to DTML
- programmers was removed.
-
- Bugs fixed
-
- - Database packing failed in certain cases where the data set
- contained many version commits.
-
- - Database packing generated spurious error logs indicating
- that there were bad references for objects created in
- ncommitted versions.
-
- - A memory leak due to errors in managing request data.
-
- - Zope sites became unresponsive (a.k.a. "Hung") due to an
- error in managing ZODB 3 database connections.
-
- - Only the top-level folder's standard_error_message was used.
-
- - There were thread-safety and resouce consumption problems
- in the implementation of thread-safe regex objects.
-
- - Fixed bug where ZCatalog's not in the root folder did not
- recognize the proper URL of objects using the 'Find'
- machinery. This caused all the objects to mysteriously
- disapear when you updated the catalog (because their paths
- were wrong). The Catalog now works correctly anywhere in
- the object hierarchy.
-
- - Fixed a bug that caused error messages to be formatted
- incorrectly if the standard_html_header did not begin
- with an HTML tag.
-
- - The undo form was accessible even to people who couldn't do
- undo. This made it look like we were allowing undo in cases
- where we were'nt supposed to.
-
- - The undo form did not restrict undoable transactions to
- just those transactions performed by users that were
- authenticated at the same level. This made the new undo
- less restrictive than the Zope 1 undo. Undo should probably
- be *more* restrictive, but that will have to wait for 2.1
- or later.
-
- - Zope crashed under load for applications using ZCatalog due
- to an ancient bug in handling loading of empty BTrees from
- the database. This bug has only become effective with
- ZCatalog.
-
-
- Zope 2.0 beta 4
-
- Features Removed
-
- - Draft objects are no longer supported.
-
- Features added
-
- - The source release install script now checks to make sure that
- the Python used has thread support.
-
- - FileStorages can now habe quotas.
-
- Bugs fixed
-
- - This release fixes a socket listen-queue depth problem on
- Win32 systems that caused poor performance and connection
- refusals in ZServer.
-
- - Fixes to the win32 installation were made to prevent a
- potential conflict on systems that have an existing
- installation of the Python win32 extensions.
-
- - Some of the management views, including the
- security/permission mapping views were not visible for
- ExternalMethods.
-
- - New SQL methods could bot be created.
-
- - New mailhost objects could not be created.
-
- - New Draft objects could be created.
-
- - Draft objects could not be deleted.
-
- - ZClasses could not be added as methods.
-
- - Disk full errors could leave the object system
- in an inconsistent state. The handling of this error
- was made more robust. Also, when serious errors like this
- occur late in the transaction commit process, the
- transaction system switches to read-only mode.
-
- The File-storage recovery process needs to change to make
- disk full errors detectable earlier in the two-phase commit
- process so that the system can recover without switching to
- read-only mode. This change, which is expected in 2.1 will
- also provide better write performance.
-
- - Errors during commit of sub-transactions were not handled
- correctly, leading to inconsistent object data.
-
- - Packing not not mark all transactions performed before the
- pack time as "packed". Undoing these transactions lead to a
- broken database.
-
- - On win9x systems, random data seems to be added to the end
- of the file on system crashes, causing apparent file
- corruption. Code has been added to check for this case and
- recover by truncating the file with a log message.
-
- - The Zope version was not shown in the control panel.
-
- - The binary release had the PCGI wrapper program in the wrong
- directory so PCGI installations were not successful.
-
-
- Zope 2.0 beta 3
-
- Features added
-
- - Added a 'getobject' method to ZCatalog. This allows you to more
- easily get at a cataloged object from 'searchResults'. For
- example::
-
- <!--#in searchResults-->
- <!--#var "getobject(data_record_id_).title_or_id()"--><br>
- <!--#/in-->
-
- Bugs fixed
-
- - This release fixes a bug in acquisition that caused creation of
- ZClass instances to fail under some (common) circumstances.
-
- - Copy and Paste validation machinary now takes local roles into
- account.
-
- - ZDOM now adheres more closely to the DOM spec with respect to
- Document and DOMImplementation nodes.
-
- - The main management screen will no longer show the 'Delete' or
- 'Export' buttons if the user doesn't have adequate permissions
- to delete or export objects respectively.
-
-
- Zope 2.0 beta 2
-
- Features added
-
- - Added a '-r' switch to z2.py for ZServer read-only mode.
-
- - The 'null' attribute in the DTML 'var' tag is now used when
- the value being output if the Python value 'None'. Some
- people considered this to be a bug.
-
- - Permission objects are automatically created for new ZClass
- objects as part of the ZClass wizard.
-
- - For Python programmers, there is a new convenience function for
- debugging in the Zope package.
-
- For example, to debug method spam in the Zope debugger::
-
- python
- import Zope
- Zope.debug('spam', d=1)
-
- Bugs fixed
-
- - Changed the logic used to detect binary content types to
- only look for control characters. The previous version
- incorrectly considered certain Latin-1 characters as
- binary.
-
- - The ZService.py used to implement Zope as a Win32 service
- on NT has been updated to handle a difference in the way
- .dll files are found on internationalized versions of NT.
-
- - The configure.in file used to build PCGI has been updated.
-
- - Several fixes to DateTime were added to provide better
- behavior on machines with unrecognized time zone names.
-
- - Conflict errors, which occur when simultaneous writes occur
- to the same object in multiple database connections, are now
- handled correctly by re-executing (up to three times)
- the requests that lost the race condition.
-
- - Error formatting with standard_error_message has been moved
- to the object publisher via a new published module hook,
- 'zpublisher_exception_hook'. In addition to enabling
- conflict error handling, this fixed two other bugs:
-
- - Error handling in ExternalMethods and in DTML methods or
- documents called from other DTML documents or methods
- caused errors to be propagated in ways that defeated use of
- the try tag and other forms of error handling.
-
- - Errors raised before or after calling published objects
- were not formatted.
-
- - Errors in processing form variables, such as missing or
- miss-typed values resulted in server errors, rather than in
- formatted error reports.
-
- - Database browsing didn't work for ZGadflyDA database adapters.
-
- - Transaction meta data were not captured correctly by
- ZPublisher, which made the undo log look odd wrt the user
- who performed the transaction.
-
- - Permissions for version operations were not set correctly. This
- made it hard to delegate work to be done in versions and to
- separate version participation from version finalization.
- To fix this, it was necessary to split the "Join/Leave" view
- into separate "Join/Leave" and "Save/Discard" views.
-
- - No remark could be entered when discarding versions.
-
- - Fixed a ZServer kill_zombies bug which kept ZServer from killing
- hung connections.
-
- - Improved ZServer's handling of slightly broken HTTP requests.
-
- - Fixed a properties setting permission bug.
-
- - Fixed a product permissions registration bug that allowed
- product permission data to get lost.
-
- - Updated the MailHost product to use the new product initialization
- procedure. This fixed a MailHost adding permissions bug.
-
- - Made Z Class icons visible to everyone. This way you can view a
- Z Class icon without having and permissions on the Z Class.
-
- - Objects were sometimes incorrectly acquired do a bug in
- detecting attribute errors during acquisition. This led to
- errors getting covered up or obscured.
-
- - There was a memory leak in acquisition.
-
- - Some thread-safety problems were fixed.
-
- - DTML entity references (e.g. '&dtml-spam;') with missing
- semicolons (e.g. '&dtml-spam') caused infinite loops.
-
- - Extra spaces around expressions in DTML caused syntax errors.
-
- - Broken objects, which are used as surrogates for objects
- that can no longer be instantiated due to missing product
- installations, no longer use HTML markup in their text
- representation, as this caused odd effects in HTML titles.
-
- - A number of fixes were made to the new DOM support.
-
- - Versions could be deleted by users working in the deleted
- versions. This led to strange paradoxical effects. Attempts
- to delete a version or an object containing a version by
- someone working in a version now lead to errors.
-
- - ZGadflyDA has been updated to use the current (as of this
- release) version of Gadfly. (Note that this had been
- incorrectly reported as a 2.0 beta 1 feature.)
-
- - Using an sql method in a version sometimes caused the method
- to be locked, making it unusable by non-version users. This
- was due to the way that column meta-data was managed. Now
- column meta-data, used by report creation wizards, is only
- safed when sql methods are tested.
-
- - In StructuredText, list items could not directly introduce
- example code.
-
- - Undoing transactions that discarded versions did not cause
- versions to appear non-empty.
-
- - Temporary files were created for file storages that were
- opened in read-only mode.
-
- - A bug in FileStorage and DemoStorage didn't show you more
- than the first 20 previous transactions in the Undo log.
-
- - An incorrect contents view was returned after adding a File
- object.
-
- - On the cache parameters page, the number of bytes, rather
- than the number of objects in the database was shown.
-
- Note:
-
- The section for Zope 2.0 alpha 4 did not mention that ZCatalog
- is now shipped with the Zope core.
-
-
- Zope 2.0 beta 1
-
- Backward incompatibility
-
- - ZODB 2 is no longer supported or included!
-
- - The utility script bbb.py, no longer supports
- xml output.
-
- Known problems
-
- - Handling of conflict errors hasn't been implemented. When
- two threads try to update the same object, one will get a
- conflict error. By beta release 2, requests that get conflict
- errors will be retried until they succeed (or fail without a
- conflict error) or until a maximum number of retries is
- exceeded.
-
- Features added
-
- - The default ports used by ZServer have been changed. The
- new default ports are: 8080 for HTTP, 8021 for FTP and
- 8099 for the monitor server.
-
- - ZServer now uses the zLOG logging mechanism for informational and
- warning messages.
-
- - ZServer now includes a fairly stable NT service ZService.py
-
- - 'access' file now can use SHA-1 hashing, and now does by
- default
-
- - 'zpasswd.py' added to top directory to manage this
- new 'access' file
-
- - A number of changes have been made to enhance security
- control in through-the-web-developed products:
-
- - There are new "Permission" objects that can be added to
- Products. Permission objects provide a mechanism for
- defining new permissions. These new permissions show up in
- folder security screens.
-
- - Factory objects can have permission settings. This affects
- whether items show up in add lists and who can use factories.
-
- - Objects in products now have permission mapping rather
- than direct permission settings just like ZClass methods.
-
- - New permissions cannot be defined in ZClasses any longer.
- Rather, ZClasses can select from global permissions,
- including permissions defined with permission objects.
-
- Here's a sample scenario:
-
- 1. Add a ZClass, "Container" with the option to create a
- factory and constructor methods.
-
- 2. Add a permission object with the permission "Manage
- Containers".
-
- 3. Change the permission of the factory created in step 1
- to "Manage Containers".
-
- 4. Visit the ZClass created in step 1, view the "Define
- Permissions" view and map the "Create class instances"
- permission to "Manage Containers".
-
- 5. Visit the constructor DTML Methods created in step 1,
- view the "Define Permissions" view and map the "View"
- permission to "Manage Containers".
-
- In this scenario, we created a ZClass and made it addable
- only by users (roles) that have the "Manage Containers" permission.
-
- - There is a new module, Shared.DC.THUNK
- (lib/python/Shared/DC/THUNK.py) that provides a mix-in class
- that implements ZODB 3 transaction protocols and that
- provides course-grained locking logic that should allow many
- non-thread-safe database adapters to be usable in
- multi-threaded Zope applications. The Gadfly database
- adapter has been updated to use this mix-in class.
-
- - The transaction management mix-in classes (Shared.DC.TM.TM
- and Shared.DC.THUNK.THUNKED_TM) now provide a lower-level
- transaction management protocol. Database adapters that mix
- these in should:
-
- - Call 'self._register()' when performing database
- queries, and
-
- - If necessary, override methods:
-
- _begin() -- Which is called to begin a transaction,
-
- _finish() -- Which is called to finish a transaction,
- and save changes, or
-
- _abort() -- Which is called to abort (rollback) a transaction,
- and discard changes, or
-
- - Object export now provides an XML export option and import
- files may be in Zope export format or XML format.
-
- - Zope objects that support the Zope management framework now
- support the DOM 1.0 read interfaces. This allows DOM read
- methods and attributes to be usable with Zope objects and
- Python DOM tools, like FourThought's 4XSL to work with Zope
- objects.
-
- Note that DOM-defined attributes are defined with "get"
- methods. For example, to get the DOM-defined "parentNode"
- attribute, use: 'object.getParentNode()'.
-
- - The pyexpat extension module for using James Clark's
- expat library for parsing XML is included in the
- distribution as Shared.DC.pyexpat.
-
- Bugs Fixed
-
- - You can no longer cd to an acquired directory in ZServer FTP.
-
- - A number of changes were made for thread safety. This was not as
- hard as it sounds, since persistent objects are always
- thread-safe. (Well, only one thread accesses any particular
- copy of a persistent object.) The biggest issue here is
- mutable global variables, mutable objects stored in classes,
- mutable default Python function arguments, and global
- variables in extensions.
-
-
- Zope 2.0 alpha 4
-
- Backward incompatibility
-
- - The old ZopeHTTPServer is no longer supported or included.
- Use ZServer.
-
- Features added
-
- - The let and return tags were added to DTML.
-
- - Several new input form types were added:
-
- :default -- allows you to specify default values
-
- :record -- allows you to combine multiple form variables
- into a single input variable.
-
- For example::
-
- <input name="date.year:record:int">
- <input name="date.month:record:int">
- <input name="date.day:record:int">
-
- will result in a single variable, 'date', with
- attributes 'year', 'month', and 'day'.
-
- :records -- allows you to input a list of records (ie a
- table)
-
- :ignore-empty -- If the field if the value is an empty
- string.
-
- For more information, see the section on "Form variable
- types" in http://www.zope.org/Documentation/Reference/Trinkets.
-
- - In the startup script, z2.py:
-
- - The startup script, z2.py, has additional documentation on
- providing empty strings as arguments.
-
- - Added a -P option to the startup script, z2.py, to specify a
- base port for the various servers. For example::
-
- python z2.py -P8000
-
- is equivalent to:
-
- python z2.py -w8080 -f8021 -m8099
-
- This is a convenient short-hand for systems with many zserver
- instances running.
-
- - Added an -l option to the startup script, z2.py, to specify
- the location of the ZServer hit log. If the location is a
- relative path, then it is assumed to be rooted in the 'var'
- directory.
-
- - A progress indicator was added to the database conversion
- utility, utilities/bbb.py.
-
- - The PCGI installer now writes the PCGI info file to use ZODB 3
- rather than ZODB 2.
-
- - The default content is provided in both ZODB 2 and ZODB 3
- format.
-
- - There is a new logging framework for reporting errors from
- Python-level code. See the module zLOG.py for details.
-
- For the time being, to turn on logging, set the environment
- variable STUPID_LOG_FILE to a file name or to an empty
- string to log to standard error. We will eventually provide
- a more formal and functional logging configuration
- interface.
-
- - The hooks used by objects that modify their environment were
- changed. The new hooks are:
-
- manage_addHook -- called after an object has been added
-
- manage_beforeDelete -- called before an object is deleted
-
- manage_afterClone -- called after an object has been
- copied. This should only be used by object that
- capture their identity is some way other than their
- id attribute or persistent id. (It's really for
- ZClasses, which have global ids.)
-
- - Pack is now supported for ZODB3 File Storages.
-
- - The header output by manage_tabs now shows whether the
- current object has been modified or locked by a version and
- shows the version if the version isn't the current working
- version.
-
- - The locked-in-version decoration in the object management
- contents view shows the locking version if the version isn't
- the current working version.
-
- - Several demonstration ZODB Storage implementations have been
- added. See lib/python/ZODB/DemoStorage.py and
- lib/python/ZODB/dbmStorage.py.
-
- - Subtransactions have been added (instead of temporary
- versions). If a true argument is given in a transaction commit
- or abort call (e.g. 'transaction.commit(1)'), then
- the commit or abort applies to a subtransaction of the
- current transaction. This is useful in a number of ways,
- including:
-
- o Subtransaction commits on requests that work with lots
- of data can reduce memory usage because data can be
- removed from memory after changes are saved in a
- subtransaction,
-
- o You can rollback changes due to a local error without
- rolling back *all* of the changes made in a long
- transaction.
-
- - There is an advanced interface for specifying alternate
- storages for Zope. Zope will try to import the module
- 'custom_zodb' from INSTANCE_HOME and use it's Storage
- attribute.
-
- For example, to use a Demo storage based on the standard
- File storage, you might define a 'custom_zodb' module with::
-
- import Globals, ZODB.FileStorage, ZODB.DemoStorage
-
- name='%s/Data.fs' % Globals.data_dir
-
- base=ZODB.FileStorage.FileStorage(name, read_only=1)
- Storage=ZODB.DemoStorage.DemoStorage("Demo (%s)" % name, base)
-
- - Find can now search text of SQL methods.
-
- - DTML tree tags now have a reverse option.
-
- - ZClasses now have class ids. These class ids are registered
- in a central registry and are used when unpicking instances.
-
- - Database connections now have a sync method for
- synchronizing the connection with saved data. This is
- useful for interactive connections to see database changes
- made by other threads.
-
- - Errors encountered when trying to unpickle object state are
- now logged, if logging is enabled.
-
- - Added an extra checkpoint to ZODB 3 FileStorage Transaction
- commit to better handle system crashes.
-
- - ZPublisher request objects now have a BODYFILE key to get
- the request body as a file for non-form non-GET requests.
-
- - Cookie support was added to the ZServer FTP server to make
- FTP access compatible with cookie-based authentication.
-
- - ZServer now includes a NT Service, 'ZServer.py' This service
- requires the Python win32 extensions. It is not yet complete
- and not yet integrated with the Zope installer. It does however
- include a large doc string.
-
- - ZServer is officially using the z2.py start script now. The old
- start.py and zinit.py were removed. Note: z2.py will call zdaemon.py
- for you, if you want to use ZServer in daemon mode on Unix.
-
- - Added a 'has_permission' method to user objects. This facilitates
- finding out if a user has access to a given object. For example::
-
- <!--#if "AUTHENTICATED_USER.has_permissions('View',someObject)"-->
-
- - The product add list is now filtered. This should keep
- objects out of the product add list for which the user does
- not have adequate permissions. This is implemented with a
- new method, 'filtered_meta_types' which returns all the
- meta_types for which a given user has permissions. Note:
- Right now ZClasses do not associate permissions with
- Products. Thus all Control Panel Products appear in the
- product add list, no matter what roles the user has.
-
- - HTTP REQUEST objects now use HTML in their string representation.
-
- - The REQUEST keys of the form BASEx and URLx, where x is
- an integer now allow x to be greater than 9.
-
- - index_html is not longer used automatically for XML-RPC
- requests.
-
- - ZPublisher debugger, 'ZPublisher.test' now accepts a 'extra'
- keyword argument with a dictionary giving extra variables to
- be added to the request. This is handy for testing methods
- that require large amounts of input data, such as file uploads.
-
- - The load_site utility ('utilities/load_site.py') now accepts
- a '-9' switch to make it work with Zope (and Principia)
- sites at revisions 1.9 and lower.
-
- Bugs fixed
-
- - Got rid of some DOS line-endings in xmlrpclib.py that caused
- install-time module compilation to fail.
-
- - Fixed DOS line-endings in medusa/max_sockets.py
-
- - Fixed a NameError (missing TupleType) definition in
- the export/import (copy/paste) machinery.
-
- - The startup script failed on Windows because it imported the
- posix module without checking the os.
-
- - ZServer crashed when the number of simultaneous connections
- exceeded a system limit, especially on Windows. ZServer now
- stops accepting new connections when the number of active
- connections exceeds a threshold.
-
- - Accessing cached results of items() (or values() or keys())
- calls on BTrees caused core dumps if affected elements were
- deleted. For example::
-
- for k in abtree.keys():
- del abtree[k]
-
- Note that this code is still incorrect due to the fact that
- the objects returned from abtree.items() (or values() or
- keys()) have reference, rather than copy semantics.
-
- - Compiling Acquisition.c caused (bogus) compiler errors on
- SGI.
-
- - zdeemun wus mispeled
-
- - Local roles were not handled correctly when filtering
- management views.
-
- - Copying and pasting ZClass instances copied and pasted their
- ZClasses too, effectively disconnecting them from their
- managed ZClasses. The same thing happened when ZClass
- instances were exported and imported.
-
- - The Database area in the control panel was broken.
-
- - Copy and paste of multiple objects was broken.
-
- - Copy and paste of ZClass methods was broken.
-
- - Copy and paste of ZClass properysheets was enabled and
- broken. It is now disabled.
-
- - Accidental import of BoboPOS in processes using ZODB (3)
- caused strange errors.
-
- - A bug in batch processing caused batch processing to hang or
- give incorrect results.
-
- - DocumentTemplate-based classes, like DTMLDocument and
- DTMLMethod could not be subclassed correctly.
-
- - There was a memeory leak in the DTML try tag.
-
- - When adding folders with user databases, no check was made
- to make sure the user was permitted to add a user database.
-
- - Broken objects weren't created for objects whose class could
- not be found when using ZODB 3.
-
- - The 'self' argument wasn't properly passed to external
- methods used in ZClasses.
-
- - The Setup file in the SearchIndex package had an unneeded -I
- option that caused compilation errors on some platforms.
-
- - ZGadflyDA transactions were not committed.
-
- - ZClasses didn't provide an interface to edit their titles.
-
- - Propertysheets were broken for ZClasses that inherited from
- built-in classes, like Folder and DTMLDocument.
-
- - Propertysheets were disabled for instances by default. Now,
- propertysheets have the "manage properties" permission by
- default.
-
- - The navigation pane wasn't updated when classes were added.
-
- - Changes in ZClasses were not properly propagated to all
- database connections using ZODB3.
-
- - Database connections were not closed correctly under heavy
- load when the number of application threads exceeded the
- number of database connections in the connection pool. This
- lead to Zope locking up under load if the application thread
- count was increased using the z2.py -t option.
-
- - undo in ZODB 3 didn't properly refresh objects.
-
- - export and import was broken for ZODB 3.
-
- - Fixed ZServer HTTP zombie killing. Now hung connections are
- successfully closed.
-
- - A bug in handling the case when a file was created on open
- without the create flag caused weird errors on windows.
-
- - The REQUEST BASE1 key was not computed correctly when
- SCRIPT_NAME was an empty string.
-
- - It was impossible to return an empty list or dictionary to
- an XML-RPC request.
-
- - The database conversion script fails when the first record
- in the input file lacked properly-formatted transaction
- data. The conversion script also didn't work on some
- systems due to an incorrect 'flush' call on the *input*
- file.
-
- - Factories that were also ZClass methods didn't get
- unregistered properly when they were deleted.
-
-
- Zope 2.0 alpha 3
-
- Features added
-
- - XML-RPC support
-
- All Zope objects are now XML-RPC servers.
-
- - ZODB 2 (aka BoboPOS) to ZODB 3 FileStorage database conversion
-
- An option has been added to the bbb.py script in the
- utilities directory to convert ZODB 2 database files to ZODB
- 3 format. The bbb.py script now accepts an '-f' option that
- takes an argument specifying an output file name. For
- example, to convert the ZODB 2 data file, Data.bbb, in the
- var directory, to ZODB 3 FileStorage format::
-
- python utilities/bbb.py -f var/Data.fs var/Data.bbb
-
- Note that version data are not converted.
-
- - In Z Classes, Methods and Property Sheets now have a "Define
- Permissions" management tab to map permissions. This tab used
- to be labeled "Security".
-
- - ZServer's FTP server now attempts to display an object's owner
- as defined in local roles.
-
- Bugs fixed
-
- - The cache management screens were broken
-
- - Local roles on DTML Methods and Documents were not persistent.
-
- - ZServer's select trigger has been updated and now shouldn't give
- errors when running ZServer as another users.
-
- - The tree tag used persistent object ids in ways that were
- not compatible with ZODB 3. This caused strange behavior
- like weird content-types and invalid state messages.
-
- - The DTML In tag no longer handled batch processing correctly,
- and sometimes got into infinite loops. This was due to a very
- old bug that was made effective by Python 1.5.2.
-
- - Objects that could not be loaded because their implementing modules
- (or packages) had been removed were not handled properly as
- broken objects when ZODB 3 was used.
-
- - The DTML Python string format did not allow expressions for
- simple variable insertion. Expression insertion is now
- allowed if the var tag name if the var tag name is supplied,
- as in::
-
- %(var expr="x+1")s
-
- Note that, because of this change, the var tag name must
- also be supplied when a variable named 'var' is inserted, as
- in::
-
- %(var var)s
-
-
- Zope 2.0 alpha 2
-
- Features added
-
- - There is a new optional EXPERIMENTAL HTML DTML syntax. As
- an alternative to SSI syntax, you can now use ordinary HTML
- syntax, as in:
-
- <dtml-in objectIds>
- <dtml-var sequence-item>
- </dtml-in>
-
- You can also use an entity-reference syntax for the var tag
- as an alternative to the tag syntax. For example::
-
- &dtml-foo;
-
- is equivalent to::
-
- <dtml-var foo>
-
- and is especially handy in attributes::
-
- <a href="&dtml-foo;">
-
- Both the new syntax and the SSI syntax are allowed in the
- same document. In fact, if you were really twisted, you
- could:
-
- <dtml-in objectIds>
- <dtml-var sequence-item>
- <!--#/in-->
-
- IMPORTANT
-
- This feature really is EXPERIMENTAL. It could disappear
- someday, depending on how people like it. We'd really like
- to get feedback on how useful this feature is.
-
- - reverse options were added to the in and tree tags.
-
- - The startup script, z2.py, has a -D option to turn on
- debugging mode.
-
- - Made environment variable settings work with the http
- server. So now you can do things like ./z2.py -w 8888
- SCRIPT_NAME=Zope and actually have the specified SCRIPT_NAME
- override the normal SCRIPT_NAME. This is Useful for using ZServer
- behind a proxy.
-
- - Added support for the Medusa monitor server.
-
- - There's a first cut at a ZServer NT service. This is Zope on
- NT's answer to zdeamon.py
-
- It actually seems to work, though there's still a fair
- amount missing.
-
- - The error messages for missing or miss-formatted access
- files was improved.
-
- - A new debugging method, manage_debug, has been added to
- Control_Panel to monitor the Zope process for possible
- memory leaks.
-
- - The name, 'this', has been added to the namespace available
- to construction methods to provide a function for computing
- the destination object. The name, 'this' is essentially
- equivalent to 'Destination' and 'Destination' will be
- deprecated eventually.
-
- - The title of the main Zope management interface now includes
- a full URL.
-
- - Folders that have (or acquire) index_html methods now have
- view tabs for viewing index_html.
-
- - On browsers that support Java Script, the "Add" button is
- omitted and the add form is visited as soon as a selection
- is made from the select list.
-
- - The python-pickle format used to export data from ZODB 2 was
- updated to handle string data differently.
-
- - Update syslog clients to try for SOCK_DGRAM first, since newer
- syslogd won't accept SOCK_STREAM connections (Collector #888).
-
- Bugs fixed
-
- - A number of bugs and features were left out of the
- release notes for Zope 2.0 alpha 1. The notes for
- Zope 2.0 alpha 1 have been updated substantially.
-
- - There was a serious memory leak introduced when a security
- bug was fixed in 1.10.0.
-
- - There was a memory leak in ZODB 3 persistent objects, which
- now manage object IDs as persistent objects.
-
- - The Python 1.5.2 cgi module didn't work with Zope.
- Zope now includes its own fixed version of the module.
-
- This bug caused FTP, Netscape Publishing and WebDAV to fail.
-
- - A bug in transaction management caused Gadfly requests to
- fail. Other database adapters need to be updated.
-
- - Running ZServer as nobody failed due to the order in which
- the log file was opened.
-
- - Added fix contributed by Brian Hooper for HTTP Clients which
- don't always spell their HTTP headers correctly.
-
- - A number of classes didn't get there reference-counts
- reduced when instances were destroyed. This confused the
- new memory allocation monitoring tool.
-
- - New user folders had no effect because they did not get
- properly registered in their containing folders.
-
- - Changes made to factory objects were lost when a process was
- restarted.
-
- - Clicking on the 'Help' caused the help information to be
- displayed in the current frame, rather than in a new
- window.
-
- - Shutting down Zope attempted to save the database index even
- when Zope was run in read-only mode.
-
- - A number of fixes were made in the Date-Time support.
-
- - Batch processing in the in tag sometimes failed.
-
- - Sites with custom roles in the top-level application
- object did not pick up the new 'Owner' role.
-
- - Content-type detection had problems in DTML documents and
- methods.
-
- - Some cookie expiration dates used 2-digit years.
-
- - Error values for errors raised by ExternalMethods were lost.
-
- - Values returned by absolute_url were not URL quoted.
-
- - Extra newlines were prepended to documents when they were
- edited.
-
- - Objects ids were not properly quoted in a number of places,
- because id quoting was unnecessary until recent relaxation
- of the rules for ids.
-
- - ExternalMethods are now automatically reloaded when running
- in debug mode.
-
- - Search interfaces generated by the search interface wizard
- no longer include a "Cancel" button.
-
- - Errors were masked by a bug in handling ZODB3 transaction
- aborts.
-
- - The ZODB 3 cache manager deactivated objects too quickly,
- causing performance to degrade.
-
- - BASEx request variables were not computed correctly when
- SCRIPT_NAME was not empty.
-
- - The URLx variables couldn't be computed in some cases when
- using ZServer.
-
-
- Zope 2.0 alpha 1
-
- BACKWARD INCOMPATIBILITY
-
- - A change was made to the way ZClasses are constructed.
-
- Previously, the __call__ method was an alias for the
- index_html method which took took an id and a request
- and created a new instance and added the instance to
- the destination.
-
- Now, the __call__ method simply calls the underlying
- managed class with the supplied arguments to create and
- return an instance. The instance is not added to a
- folder.
-
- The index_html method is now an alias for the
- createInObjectManager method, which does what the
- index_html method did before.
-
- There is a new method, fromRequest, that takes an id
- and a request and creates a new instance. It does not
- at the instance to a destination.
-
- Features Added
-
- - Integration of ZODB 3
-
- - The ZClass construction interface has been cleaned up to
- make construction of ZClasses a little easier from Python.
-
- - When adding ZClasses, there is now an option to
- automatically create construction methods and a factory.
-
- - "Management" screens now *only* show tabs a user permitted
- to see. Used in combination with carefully selected roles,
- this change provides an adaptable management interface.
-
- - Instance homes can now have local Products directories.
-
- - There is a new ZServer start up script that can be used without
- modification and that integrates process management. This
- script replaces the ZServer 'start.py' and 'zinit.py' scripts.
-
- - When the new startup script is used, then the control panel
- shows a "Restart" button which causes the Zope process to
- exit and be restarted and a "Shutdown" button that causes Zope
- to exit and not be restarted.
-
- - There is a *very* rough cut at a centralized version manager
- in the control panel. This is only functional when the
- ZODB3 database is used. This feature will mature
- significantly before the final 2.0 release.
-
- - A new Zope icon was added, and the "powered by Zope" icon
- has been updated.
-
- - Made DTMLDocuments, DTMLMethods, Images, Files and Folders
- subclassable by ZClasses.
-
- - ZClass property sheets can now have read and modify
- permissions.
-
- - An "add list" name can be specified when creating a ZClass.
- If specified, then construction methods and a factory are
- created. This makes the class immediately instantiatable and
- provides construction method examples.
-
- - The ZClass basic property sheet now shows base classes.
-
- - Changed the string representation of HTTPRequest so that
- <!--#var REQUEST--> is a lot friendlier.
-
- - Added a Zope debugging short cut.
-
- Now::
-
- import ZPublisher
- ZPublisher.Zope(path)
-
- is a shortcut for::
-
- import ZPublisher
- ZPublisher.test('Zope', path)
-
- Bugs Fixed
-
- - ZClass permission setting interfaces didn't show inherited
- permissions.
-
- - A number of bugs arising from attempts to set
- caching headers were fixed.
-
- - Some default permissions were not set correctly.
-
- - The unused non-functioning resource-consuming Scheduler has
- been removed.
-
- - Access was given to objects without roles even if access
- would be denied to the container.
-
- - Fix submitted by Martijn Pieters:
-
- Any property type int or long, set to 0, showed up in the
- Properties Management tab as blank. This resulted in errors
- when trying to change values of other properties, etc.
-
- - Version names were computed incorrectly.
-
- - Delete and rename were broken for ZClasses.
-
- - It wasn't possible to override inherited attributes with
- methods in ZClasses.
-
- - Property values were not removed from ZClasses when property
- sheets were deleted. This made it impossible to re-add a
- property from a deleted property sheet.
-
- - Generated property view and edit forms for ZClass property
- sheets had a number of problems.
-
- - The propertysheets property sheet should only allow addition of
- property sheets.
-
-
- Zope 1.11.0 pr1, which should have been named Zope 2.0.0 alpha 0.
-
- Lots has changed in this release. The major news is ZClasses and WebDAV.
-
- Features Added
-
- - Added WebDAV support. See http://webdav.zope.org/ for details.
-
- - Added Z Classes. Documentation is forthcoming.
-
- ZClasses might be viewed as somewhat experimental, although
- we're using them aggressively for internal projects.
-
- - Added Property Sheets. Documentation is forthcoming.
-
- - ZServer now included in distribution.
-
- - Added new product registration interface. Documentation is
- forthcoming.
-
- - Added local roles which allow for permission settings for
- users on individual objects. This allows for 'ownership' of Zope
- objects. Added 'Owner' role to default roles, and automatic
- setting of the 'Owner' role on a created object to the user who
- created it.
-
- - Added hooks for XML-RPC support to ZPublisher. See the source
- for details. XML-RPC support is not yet finished.
-
- - Added automatic height/width detection for JPEG images.
-
- - Revised Zope error messages.
-
- - A new DTML 'try' tag added based on work by Jordan B. Baker.
- See the source for details. Documentation is forthcoming.
-
- - A new DTML 'mime' tag has been added. See the MIMETools README.txt
- for more information.
-
- - A new 'range' function added the the '_' DTML variable.
-
- - A new 'utilities' directory is included in the distribution.
-
- - A new flag attribute, 'only', of the DTML 'with' tag
- prunes the DTML namespace to only the namespace created
- with the with tag.
-
- - Added contributed support for encoding options in the SendMail
- tag and MailHost send method.
-
- - Management tabs are now prettier and allow status messages with
- the manage_tabs_message variable.
-
- - Added a method of notifying users of changes without using a
- MessageDialog. This makes editing DTML Documents and Methods
- easier.
-
- - Added more documentation to Product add screens.
-
- - New icons for many Zope objects.
-
- - Sessions are now known as Versions.
-
- - Changed from using 'manage_main' as default management method to use
- 'manage_workspace' which is a reserved method that dispatches to the
- default management interface which is the first interface defined
- in manage_options
-
- - Permission settings are now inherited by Products from their base
- classes. This means when you build a Product you only need to specify
- its particular permission settings.
-
- - Changed ZPublisher.publish_module's interface so that instead of
- providing a stdin, stdout, and stderr, you can provide a Request and
- a Response object. ZServer makes extensive use of this feature.
-
- - Added methods to HTTPRequest to allow access to ZPublishers object
- traversal. HTTPRequest.clone and HTTPRequest.resolve_url. See the
- source for more details.
-
- - Added a new "builtin" function reorder to DTML.
-
- reorder(s, [with, without]])
-
- Reorder the items in s according to the order given in with
- and with items mentioned in without removed. Items from s
- not mentioned in with are removed.
-
- s, with, and without are all either sequences if strings
- or sequences of key-value tuples, with ordering done on the
- keys.
-
- This function is useful for constructing ordered select lists.
-
- Bugs Fixed
-
- - Added small fixes to ZopeHTTPServer in anticipation of DAV.
-
- - Construction, upload, and edit methods did not consistently
- support either string or file data. This caused really weird
- behavior when file upload was used with out including the
- ':string' suffix in the argument name when doing a file upload.
-
- This bug was previously (and incorrectly) reported as a
- ZPublisher.Client problem.
-
- - Errors in ExternalMethods were masked by bugs in error
- reporting logic. The bugs were made far more effective
- by Python 1.5.1.
-
- - Databases (or export files) created in binary distributions
- were not usable in source distributions due to cPickle
- limitations in stock Python 1.5.1. We now link/copy the
- cPickle extension to BoboPOS to make sure that it uses the
- latest version.
-
- - Fixed registration of MailHost settings and incorrect default
- quoted-printable encoding of message bodies.
-
- - Added contributed patch that fixes bug in copied-object id
- generation.
-
- - DTML Documents and Methods now attempt to determine their
- content-type rather than assuming they are text/html.
-
- - Fixed PUT bug in determining content-type of binary files.
-
- - Added changes that allow the top level userfolder to be replaced by a
- UserDB or other userfolder-like object.
-
- - Fixed an FTP support bug that sometimes kept simple items from
- producing FTP listings.
-
- - Added URL1 instead of "." as the form target for the workspace forms --
- using "." causes NS servers to intercept the request and report an
- error, making Zope effectively unusable.
-
- - Added ZPL 1.0 and credits to copyright link in management screen.
-
- - Fixed a bug that prevented validate() from working if the top-level
- object were accessed and no default object (index_html) existed.
-
- - Fixed a logic bug in security validation that allowed access to
- unacquired objects that didn't have __roles__ even if the
- containing object was protected.
-
-
- Zope 1.10.2
-
- Bugs Fixed
-
- - Fixed a permission problem with DTMLMethod objects that caused
- errors when attempting to commit permission changes.
-
- - Factories could not determine the available methods
- when they were being edited, making them uneditable.
-
-
- Zope 1.10.1
-
- This is a Python 1.5.2 beta 2 compatibility release.
-
- A Python C API change in Python 1.5.2 beta 2 broke
- Zope. This release contains a fix.
-
- Zope should work correctly with Python 1.5, 1.5.1 and
- beta versions of 1.5.2.
-
-
- Zope 1.10.0
-
- New Features
-
- - Added Import/Export interfaces to Folders.
-
- Bugs Fixed
-
- - Fixed a bug in ZopeHTTPServer which caused it to fail on POST
- requests without content-type headers.
-
- - PUT and file uploads would fail if the content-type could
- not be determined. Now objects created via PUT and file
- upload will default to either 'application/octet-stream'
- for binary files or 'text/plain' for non-binary files if
- no content-type can be determined from headers or filename
- extensions.
-
- - Fixed a permission bug left from a change to the Find support.
-
- - Fixed misc typos in docstrings and docs.
-
- - Fixed a bug that kept objects from being freed from the cache!
- Basically, there was never a check for inactive objects.
-
- - MailHost objects didn't do appropriate CRLF conversion or
- recognize 4xx server responses.
-
-
- Zope 1.10.0 pr1
-
- New Features
-
- - Documents generated by the search interface wizard
- no longer use tab characters.
-
- - Added a -s option to ZopeHTTPServer. This is useful
- for emulating older sites when generating screen shots
- for creating or updating documentation.
-
- - Default bobobase now includes a Zope button along with a link
- to the Zope site. This satisfies the ZPL attribution requirement.
- The button is created by a new builtin method
- 'ZopeAttributionButton'. Also, both the source and the binary
- distributions now have the same default bobobase.
-
- - Made the logic for getting SOFTWARE_HOME a bit more robust, so that
- it handles relative paths and paths starting with '.' and '..'.
- This is useful when simply importing Main from the Python
- prompt in the lib/python directory.
-
- - The ThreadLock module has been changed to reflect changes
- in the Python API in Python 1.5.2.
-
- - The '_' variable in DTML now has the random module
- as an attribute and DateTime.DateTime as the attribute DateTime.
-
- - Added keys() and items() methods to the REQUEST object.
-
- - Added get_header() method to the REQUEST object for retrieving
- HTTP headers.
-
- - New SearchIndex package and BTree component have been added to
- the distribution, providing low-level support for products with
- built-in searching such as Tabula and Confera.
-
- - Documents have now been split into two distinct object types:
- DTML Documents and DTML Methods. DTML Methods behave exactly
- as Document objects did. DTML Documents are similar except that
- the "client" or "self" of a DTML Document is the DTML Document
- itself rather than its parent, and DTML Documents can have
- properties.
-
- - DTML Documents, Image and File objects can now have properties.
-
- - A new PropertyManager mixin class allows developers to easily
- add properties and property management to non-Folder objects.
-
- - Added a new absolute_url method which can generate an absolute
- url for the object on which the method is called.
-
- - GIF and PNG Images now figure out their own dimensions when
- uploaded. Image height and width properties are now editable.
-
- - Images now generate themselves as html IMG tags, using an absolute
- url and correct height and width tags if possible.
-
- - There is a new form input type, boolean, for inputing boolean
- data.
-
- - Added a read_only option to the SimpleDB.MultipleRevision and
- PickleDictionary constructors to open a database in read_only
- mode.
-
- - Added an environment variable, ZOPE_READ_ONLY, used by the
- Zope framework. If this variable is set, then the database
- is opened in read only mode. If this variable is set to a
- string parsable by DateTime.DateTime, then the database is
- opened read-only as of the time given. Note that changes
- made by another process after the database has been opened
- are not visible.
-
- - Added a database_quota option to the SimpleDB.MultipleRevision and
- PickleDictionary constructors and a
- SimpleDB.MultipleRevision.set_quota method to set a database
- quota. The quota is given as either an integer number of
- bytes, or a function taking an integer number of bytes
- argument and returning whether the quota has been exceeded.
-
- - Added an environment variable, ZOPE_DATABASE_QUOTA, used by the
- Zope framework. If this variable is set, it should be set to
- an integer number of bytes. Additions to the database are
- not allowed if the database size exceeds the quota.
-
- - Added size and last modification time to DTML Method and DTML
- Document edit interface.
-
- - Added a new module, BoboPOS.winlock, that provides file
- locking on windows. This should prevent many cases of data
- corruption.
-
- - Added FTP support to Documents, Files, Images, and Folders.
- FTP interface is detailed in OFS/FTPInterface.py though it may
- change. Basic FTP support was also added to SimpleItem to make
- it easier for Zope objects to support FTP.
-
- Bugs Fixed
-
- - Permissions for manage_clone method were wrong, meaning that
- essentially only managers could use it.
-
- - File paths that showed up in tracebacks reflected the paths the
- files had when they were compiled (at distribution build-time).
- The compiled-in paths have been changed to be relative to the
- Zope installation directory.
-
- - Fixed a bug in ZPublisher's special handling the "cancel"
- submit buttons. The test for the cancel button was case
- sensitive. I changed it so it would accept any case, as
- well as extra spaces.
-
- Cancel buttons should probably be handled using the new
- :method form type, but this would require the presense of an
- appropriate redirect method. Perhaps there should be
- a :redirect form type.
-
- - Date strings with years < 31 were not accepted, even
- through the documentation says they should be.
-
- - If Zope crashed or was unable to completely write a database
- record, then on restart, a data corruption error was reported.
- Now, truncated records are removed if necessary on start up.
- If necessary, other records are removed as well to avoid
- partially-written transactions.
-
- - Lack of sys.argv in the win32 service version of Zope caused
- it to raise errors under certain conditions.
-
- - Several HTTP PUT related bugs were fixed.
-
- - Simple items did not have an objectValues method, which caused
- odd behavior in certain tree tags since the method would be
- acquired from the parent of the simple item.
-
- - The Find form in the management interface depended on javascript
- to function properly.
-
- - Added a fix to compensate for the fact that Apache servers may
- rename the entire cgi environment when mod_rewrite rules are
- used in .htaccess files.
-
- - If system clocks were changed, so that database records
- had records in the "future", then database corruption could
- either occur or be incorrectly reported. Now this situation
- results in an informative error message and corruption does
- not occur.
-
-
- Zope 1.9.0
-
- New Features
-
- - Zope now provides better information about products. If a
- Product has a README.txt, then it will be readable through
- the product management interface.
-
- If a product encounters an error during startup, the
- traceback is available through the product management
- interface.
-
- - Cache statistics are displayed in minutes, rather than
- seconds.
-
- - Products can define the attribute '__module_aliases__' in
- their '__init__' modules that specifies aliases for modules
- used in the product. This is useful if module names have
- changed and the database contains pickles refering to the
- old modules. The attribute should be a sequence of
- tuples. Each tuple has a (dotted) module name and a module.
-
- Bugs Fixed
-
- - Development on ZopeHTTPServer has been frozen in anticipation
- of the switch to Medusa. Therefor ZopeHTTPServer still does
- support PUT. Sorry.
-
- - ZPublisher.Client used the obsolete rand module.
-
- - Errors occuring during product import caused Zope to fail to come
- up.
-
- - Product version information was not displayed correctly.
-
- - ZGadflyDA cached table meta-data which lead to missleading
- information when browsing databases.
-
-
- Zope 1.9 beta 3
-
- New Features
-
- - Z SQL Methods (FKA Aqueduct) and the Z Gadfly Database Adapter
- are now included.
-
- - The argument handling for ZopeHTTPServer has been changed to
- be a bit more flexible wrt the order of argumements.
- While options must still come first, environment settings
- can be given in any order. This makes startup scripts loke
- serve.py quite a bit simpler.
-
- - ZopeHTTPServer now sports preliminary support for PUT publishing.
-
- - ZopeHTTPServer now serves from port 9673 by default, not 8080.
-
- Bugs fixed
-
- - The start.bat file used to start ZopeHTTPServer on win32 was
- misnamed and didn't correctly pass command-line arguments.
-
- - Win32 machines without an existing Python installation had problems
- due to PYTHONPATH bootstrapping.
-
- - The included ZopeHTTPServer was failing to start correctly on
- win32 machines that were not connected to the network.
-
-
- Zope 1.9 beta 2
-
- In addition to various documentation updates, this release includes:
-
- New Features
-
- - Changed serve.py to accept ZopeHTTPServer command-line options.
-
- - Added a -P option to the ZopeHTTPServer to specify a file
- to contain the process ID. This allows a script to stop
- the process on Unix.
-
- - Added support for the environment variables, Z_REALM and
- Z_DEBUG_MODE to set an authentication realm and to
- enable debug mode.
-
- Bugs fixed
-
- - External methods were broken due to differences in
- Python 1.4 and Python 1.5 comparison semantics.
-
- - ZopeHTTPServer command-line environment settings
- were not available in os.environ.
-
- - Some class references were wrong in examples in the ExtensionClass
- documentation.
-
- - INSTANCE_HOME was not set correctly when the debugger was run
- with a relative path to the published module.
-
- - The #! line in the ZopeHTTPServer was hidden by the copyright
- statement and didn't have the right path.
-
- - A bug in pcgi_publisher.py caused file uploads larger than 1 MB
- to fail.
-
-
- Zope 1.9 beta 1
-
- Bugs fixed:
-
- - pcgi did not build correctly on Solaris 2.6
-
- - links in headers were broken when Zope was reached with
- /, as is the case when the ZopeHTTPServer is used.
-
- - Python sources used tabs and spaces for indentation, which
- made some people unhappy.
-
- - Copyright statements were missing or out of date.
-
- - Added better instructions for building and running Zope.
-
- - Added new Zope License and attribution information.
-
- - Merged BoboHTTPServer updates with ZopeHTTPServer. Including
- socket changes to allow easier stopping and starting.
-
- - Shutting down the ZopeHTTPServer from the application
- caused an empty document to be returned.
-
- - The install scripts failed if run more than once when attempting
- to create a var directory.
-
- Features
-
- - Added (and old version of) the zlib module to make
- installation simpler.
-
- - Zope requires an access file. The install scripts now create
- one.
-
-
- Zope 1.9 alpha 1
-
- This was the inital Zope test release.
+ - The ImageFile module has finally been deprecated for good and
+ will be removed in Zope 2.11. Use App.ImageFile instead.
More information about the Zope-Checkins
mailing list