You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » 2.11.4 » CHANGES.txt » View Document

Log in




Zope Changes

This file contains change information for the current Zope release. Change information for previous versions of Zope can be found in the file HISTORY.txt.

Zope 2.11.4 (2009/08/06)


  • Moved exception MountedStorageError from ZODB.POSExceptions to Products.TemporaryFolder.mount (now its only client).
  • LP #253362: Moved Zope2-specific module, ZODB/, to Products/TemporaryFolder/ (its only client is Products/TemporaryFolder/
  • Removed spurious import-time dependencies from Products/ZODBMountPoint/

Bugs Fixed

  • Fixed vulnerabilities in the ZEO network protocol affecting ZEO storage servers.

Zope 2.11.3 (2009/05/04)

Features added

  • SiteErrorLog now includes the entry id in the information copied to the event log. This allowes you to correlate a user error report with the event log after a restart, or let's you find the REQUEST information in the SiteErrorLog when looking at a traceback in the event log.


  • Updated to match all new versions from the yet-unreleased Zope 3.4.1 release (` releases/controlled-packages.cfg?rev=99659`).
  • Updated to include all new versions from the final Zope 3.4.0 release (
  • Added InitializeClass alias in App.class_init to ease migration. In Zope 2.12 it will be recommended to import InitializeClass from App.class_init instead of Globals.
  • Moved ApplicationDefaultPermissions from App.class_init to AccessControl.Permissions, in order to break an import cycle in third-party code which avoids imports from Globals. Left the class importable from its old location without deprecation.
  • configure script: setting ZOPE_VERS to 2.11
  • Products.PluginIndexes.PathIndex: backported doc fixes / optimizations from trunk (and ExtendedPathIndex).
  • Updated pytz from 2007f to 2008i.
  • Moved svn:externals for mechanize, ClientPath, and pytz to versions managed outside the Zope3 trunk.
  • Testing.ZopeTestCase: Remove quota argument from DemoStorage calls in preparation for ZODB 3.9.

Bugs Fixed

  • Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
  • ZPublisher response.setBody: don't append Accept-Encoding to Vary header if it is already present - this can make cache configuration difficult. (merged 99493)
  • Launchpad #267834: proper separation of HTTP header fields using CRLF as requested by RFC 2616. (merged 90980, 92625)
  • Launchpad #348223: optimize catalog query by breaking out early from loop over indexes if the result set is already empty.
  • "Permission tab": correct wrong form parameter for the user-permission report
  • Launchpad #290254, DateTime/ added __setstate__ to cope with old pickles missing a _micros attribute; Python's pickling support was creating a new instance, with a _micros attribute, but not clearing that attribute before updating the instance dict with the unpickled state.
  • Launchpad #332168, Shared/DC/RDBMS/ do not expose DB connection strings through exceptions
  • Launchpad #324876: tighened regex for detecting the charset from a meta-equiv header
  • Launchpad #174705: ensure that the error info object exposed to a tal:on_error handler has attributes visible to restricted code.
  • Acquisition wrappers now correctly proxy __iter__.

Zope 2.11.2 (2008/10/24)

Bugs Fixed

  • Ensure that response header values cannot embed CRLF pairs, which violate the HTTP spec (RFC 2616).
  • Launchpad #282677: fixed implementation of guarded_map and provided tests and implementation for guarded_zip (RestrictedPython).
  • updated to ZODB 3.8.1
  • Lauchpad #143736,#271395: fixed AttributeError' on _ltid in TempStorage
  • AccessControl.ZopeGuards.guarded_import mapped some Unauthorized exceptions onto ImportErrors: don't do that! Also, removed mutable defaults from argument list, improved tests.
  • LP #281156: AccessControl.SecurityInfo.secureModule dropped ModuleSecurity for failed imports, obscuring later attempts to import the same broken module.
  • DateTime conversion of datetime objects with non-pytz tzinfo. Timezones() returns a copy of the timezone list (allows tests to run). (Backport of r89373 from trunk).
  • LP #253362: better dealing with malformed HTTP_ACCEPT_CHARSET headers
  • integrated Hotfix-2008-08-12
  • Launchpad #267545: DateTime(DateTime()) now preserves the correct hour
  • Launchpad #262313: respect the Expand macros when editing flag when editing a page template through the ZMI
  • Testing.ZopeTestCase: installPackage was tied to the ZopeLite layer.

Zope 2.11.1 (2008/07/17)

Bugs Fixed

  • Suppressed DeprecationWarning during import of ZPublisher.Iterators: that module needs to use Z2-style interfaces in 2.11, for BBB, but the Interface module itself issues the warning on import.
  • Launchpad #246748: added immediate option to sendXXX() methods for sending a mail immediately by-passing the zope.sendmail delivery mechanism
  • Launchpad #246290: fixed backward compatibility issue
  • zope.testing : updated to 3.5.3
  • Launchpad #245649: the Products package is now a proper "namespace package" under the rules specified by setuptools.
  • zope.viewlets: updated to 3.4.2
  • zope.sendmail: updated to 3.5.0 (fixing Launchpad #230831)
  • Launchpad #239636: Ensure that HEAD requests lock an empty body for NotFound errors.
  • fixed outdated transaction.commit(1) call in ZODBMountPoint.SimpleTrailblazer

Zope 2.11.0 (2008/06/15)


  • Noted long-standing but silent deprecation of Zope2-style interfaces (on import of the Interface package). That package is already gone on the trunk.

Bugs Fixed

  • Launchpad #229549: Don't ignore debug flag when rendering page templates (thanks to Eric Steele for the patch).
  • Fixed against-the-rules zope.conf option fast_listen to read fast-listen (dash, not underscore).

Zope 2.11 rc 1 (2008/05/08)

Bugs Fixed

  • Launchpad #142350: Display description for properties as row title, if present.
  • Launchpad #200007: DateTime(anotherDateTime) now preserves the timezone.
  • Launchpad #213311: Handle "unsubscriptable object" errors during publishing traversal.
  • Products.Five: Fixed vocabulary lookup broken in 2.11 beta 1. ZopeVocabularyRegistry wasn't hooked up on startup.
  • Launchpad #143813: zopectl now exits non-zero when child processes fail.
  • Products.Five: Resynced browser.adding with This fixes some minor bugs and removes deprecated code.
  • Launchpad #173658: Removed dead code in OFS.Traversable's unrestrictedTraverse (apparent NameError).
  • Launchpad #198274: "empty" ZopePageTemplates could not be unpickled.

Zope 2.11 beta 1 (2007/12/29)


  • Turned deprecation warnings for manage_afterAdd, manage_beforeDelete and manage_afterClone methods into discouraged warnings. These methods will not be removed in Zope 2.11, but stay for the foreseeable future. Using events is still highly encouraged.
  • Moved two implements declarations from Five into the proper classes.
  • Document.sequence: replaced by zope.sequencesort
  • All Products folders as well as the zope and folders are declared as setuptools namespace packages now. See for more information about namespace packages.
  • ZPT: removed display of ZPT warnings since warnings were removed from the zope.pagetemplate implementation
  • Ship Zope with a standard docutils 0.4 distribution, instead of a patched one. Both trusted and untrusted code are still protected against unwanted file inclusion.
  • Removed ZGadflyDA (deprecated since Zope 2.9). The code is still available from
  • Removed OFS.content_types (deprecated since Zope 2.9)
  • Undeprecated zLOG, which will remain a backward-compatibility shim for the Python logging module.
  • Indexes: Removed unused parameters from _apply_index methods.
  • Removed deprecated support for product initialization based on __ac_permissions__ and meta_types attributes.
  • reStructuredText/ZReST: setting raw_enabled to 0 for security reasons
  • OFS Image: Image and File updated to use isinstance(data, str) and raises TypeError upon encountering unicode objects.
  • OFS Application: Updated deprecation warnings. Support for __ac_permissions__ and meta_types will be removed in Zope 2.11, methods support might remain longer.

Features added

  • Zope2 startup: Zope will now sends DatabaseOpened and ProcessStarting events during startup
  • Testing.ZopeTestCase: Introduced a "ZopeLite" test layer, making it possible to mix ZTC and non-ZTC tests much more freely.
  • Testing/ added support use a different storage other than DemoStorage. A dedicated FileStorage can be mount by setting the $TEST_FILESTORAGE environment variable to a custom Data.fs file. A ZEO server can be configured using the $TEST_ZEO_HOST and $TEST_ZEO_PORT environment variables. This new functionality allows us to use the standard Zope testrunner for writing and running tests against existing Zope installations.
  • The ZPublisher HTTP request has now both the debug and locale attributes available, like its Zope 3 counterpart. The debug attribute was so far limited to code from the zope.* namespace in order to make the Zope 3 ZPT engine work. The locale attribute provides access to an zope.i18n.interfaces.locales.ILocale object with access to locale related information like date / time formatting or translated language and country names. Form variables of both debug and locale will shadow these two attributes and their use is therefor discouraged.
  • MailHost: now uses zope.sendmail for delivering the mail. With this change MailHost integrates with the Zope transaction system (avoids sending dupe emails in case of conflict errors). In addition MailHost now provides support for asynchronous mail delivery. The Use queue configuration option will create a mail queue on the filesystem (under Queue directory) and start a queue thread that checks the queue every three seconds. This decouples the sending of mail from its delivery. In addition MailHosts now supports encrypted connections through TLS/SSL.
  • integrated ZODB 3.8 (featuring BLOB support)
  • integrated latest Zope3 components (aka Zope 3.4)
  • Support for using zopectl on Windows has been added. All commands are supported and there are two Windows specific ones: install and remove, which install or remove the Windows service. The start, stop and restart commands handle the Windows service. In order to use them, you need to call bin\zopectl install once.
  • ZCatalog result objects (catalog brains) now have an interface, ZCatalog.interfaces.ICatalogBrain.
  • A new module, AccessControl.requestmethod, provides a decorator factory that limits decorated methods to one request method only. For example, marking a method with @requestmethod(POST) limits that method to POST requests only when published. Several security-related methods have been limited to POST only.
  • PythonScripts: allow usage of Python's sets module
  • added fast_listen directive to http-server and webdav-source-server sections in etc/zope.conf in order to defer the opening of the sockets until the late startup phase. This in in particular useful when running Zope behind a loadbalancer (patch by Patrick Gerken).
  • the ZopePageTemplate implementation now uses unicode internally. Non-unicode instances are migrated on-the-fly to unicode. However this will work only properly for ZPT instances formerly encoded as utf-8 or ISO-8859-15. For other encodings you might set the environment variable ZPT_REFERRED_ENCODING to insert your preferred encoding in front of utf-8 and ISO-8859-15 within the encoding sniffer code.

    In addition there is a new output_encodings property that controls the conversion from/to unicode for WebDAV/FTP operations.

  • the ZPT implementation has now a configurable option in order how to deal with UnicodeDecodeErrors. A custom UnicodeEncodingConflictResolver can be configured through ZCML (see Products/PageTemplates/(configure.zcml,,
  • AccessControl.Role: added new method manage_getUserRolesAndPermissions().
  • AccessControl: the form behind the "Security" tab has a new form for user-related reporting of permissions and roles
  • Zope 3-based exception views can now be registered in ZCML for various exceptions that can be raised by Zope. Registering an exception view can be done like this:
                permission="zope.Public" />

Relevant exceptions that can have views are:

  • zope.interface.common.interfaces.IException
  • zope.publisher.interfaces.INotFound

Note that the name has to be index.html for the exception view to work. (patch by Sidnei da Silva from Enfold, integration by Martijn Faassen (Startifact) for Infrae)

  • DateTime now uses pytz for time zone data. This means support for more time zones and up to date daylight saving time information.

Bugs Fixed

  • Collector #2113: zopectl test masked Ctrl-C.
  • Collector #2190: Calls to weren't rerouted to Zope 2's security policy.

    NOTE: If you already have a Zope 2.10 instance running, you will either have to recreate it or add the following lines to the end of the etc/site.zcml file:

                    component="" />

  • Collector #2223: Evaluation of booleans in TALES and the default variable.
  • Collector #2213: Can't edit "old" ZopePageTemplate instances.
  • Collector #2235: A number of ZCatalog methods were doing boolean evaluation of objects that implemented __len__ instead of checking them against None. Replaced a number of "if not obj" with "if obj is None".