Zope 2.11.7 Changelog
Contributors: Effective_date: None Expiration_date: None Type: Document Format: text/plain Language: Rights: SafetyBelt: 1283359352.52
Zope 2.11.7 (2010/09/01)
- Prevent uncaught exceptions from killing ZServer worker threads. https://bugs.launchpad.net/zope2/+bug/627988
- Ensure that mailhosts which share a queue directory do not double- deliver mails, by sharing the thread which processes emails for that directory. https://bugs.launchpad.net/zope2/+bug/574286
- Process "evil" JSON cookies which contain double quotes in violation of RFC 2965 / 2616. https://bugs.launchpad.net/zope2/+bug/563229
- Ensure that Acquistion wrapper classes always have a ``__getnewargs__`` method, even if it is not provided by the underlying ExtensionClass.
- Fix the ``tp_name`` of the ImplicitAcquisitionWrapper and ExplicitAcquisitionWrapper to match their Python visible names and thus have a correct ``__name__``.
- Expand the ``tp_name`` of Acquisition's extension types to hold the fully qualified name. This ensures classes have their ``__module__`` set correctly.
pytzexternal to point to
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import.
- MailHost should fall back to HELO when EHLO fails.
Zope 2.11.6 (2010/01/12)
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This provides a place to put imports that won't be clobbered by buildout in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on import / export form.
- Fixed improper handling of IF_MODIFIED_SINCE header inside Five/browser/resource.py
Zope 2.11.5 (2009/12/22)
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent when clearing a cloned request.
- updated to ZODB 3.8.4
Zope 2.11.4 (2009/08/06)
- Moved exception MountedStorageError from ZODB.POSExceptions to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to Products/TemporaryFolder/mount.py (its only client is Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from Products/ZODBMountPoint/MountedObject.py.
- Fixed vulnerabilities in the ZEO network protocol affecting ZEO storage servers.
Zope 2.11.3 (2009/05/04)
- SiteErrorLog now includes the entry id in the information copied to the event log. This allowes you to correlate a user error report with the event log after a restart, or let's you find the REQUEST information in the SiteErrorLog when looking at a traceback in the event log.
- Updated to match all new versions from the yet-unreleased Zope 3.4.1 release (`http://svn.zope.org/zope.release/branches/3.4/ releases/controlled-packages.cfg?rev=99659`).
- Updated to include all new versions from the final Zope 3.4.0 release (http://download.zope.org/zope3.4/3.4.0/).
App.class_initto ease migration. In Zope 2.12 it will be recommended to import
AccessControl.Permissions, in order to break an import cycle in third-party code which avoids imports from
Globals.Left the class importable from its old location without deprecation.
- configure script: setting ZOPE_VERS to
- Products.PluginIndexes.PathIndex: backported doc fixes / optimizations from trunk (and ExtendedPathIndex).
- Moved svn:externals for
pytzto versions managed outside the Zope3 trunk.
- Testing.ZopeTestCase: Remove quota argument from DemoStorage calls in preparation for ZODB 3.9.
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary header if it is already present - this can make cache configuration difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from loop over indexes if the result set is already empty.
- "Permission tab": correct wrong form parameter for the user-permission report
- Launchpad #290254, DateTime/DateTime.py:
__setstate__to cope with old pickles missing a
_microsattribute; Python's pickling support was creating a new instance, with a
_microsattribute, but not clearing that attribute before updating the instance dict with the unpickled state.
- Launchpad #332168, Shared/DC/RDBMS/Connection.py: do not expose DB connection strings through exceptions
- Launchpad #324876: tighened regex for detecting the charset from a meta-equiv header
- Launchpad #174705: ensure that the error info object exposed to a
tal:on_errorhandler has attributes visible to restricted code.
- Acquisition wrappers now correctly proxy __iter__.
Zope 2.11.2 (2008/10/24)
- Ensure that response header values cannot embed CRLF pairs, which violate the HTTP spec (RFC 2616).
- Launchpad #282677: fixed implementation of guarded_map and provided tests and implementation for guarded_zip (RestrictedPython).
- updated to ZODB 3.8.1
- Lauchpad #143736,#271395: fixed AttributeError' on _ltid in TempStorage
AccessControl.ZopeGuards.guarded_importmapped some Unauthorized exceptions onto ImportErrors: don't do that! Also, removed mutable defaults from argument list, improved tests.
- LP #281156:
AccessControl.SecurityInfo.secureModuledropped ModuleSecurity for failed imports, obscuring later attempts to import the same broken module.
- DateTime conversion of datetime objects with non-pytz tzinfo. Timezones() returns a copy of the timezone list (allows tests to run). (Backport of r89373 from trunk).
- LP #253362: better dealing with malformed HTTP_ACCEPT_CHARSET headers
- integrated Hotfix-2008-08-12
- Launchpad #267545: DateTime(DateTime()) now preserves the correct hour
- Launchpad #262313: respect the
Expand macros when editingflag when editing a page template through the ZMI
- Testing.ZopeTestCase: installPackage was tied to the ZopeLite layer.
Zope 2.11.1 (2008/07/17)
- Suppressed DeprecationWarning during import of ZPublisher.Iterators: that module needs to use Z2-style interfaces in 2.11, for BBB, but the Interface module itself issues the warning on import.
- Launchpad #246748: added
immediateoption to sendXXX() methods for sending a mail immediately by-passing the zope.sendmail delivery mechanism
- Launchpad #246290: fixed backward compatibility issue
- zope.testing : updated to 3.5.3
- Launchpad #245649: the Products package is now a proper "namespace package" under the rules specified by setuptools.
- zope.viewlets: updated to 3.4.2
- zope.sendmail: updated to 3.5.0 (fixing Launchpad #230831)
- Launchpad #239636: Ensure that HEAD requests lock an empty body for NotFound errors.
- fixed outdated transaction.commit(1) call in ZODBMountPoint.SimpleTrailblazer
Zope 2.11.0 (2008/06/15)
- Noted long-standing but silent deprecation of Zope2-style interfaces (on import of the Interface package). That package is already gone on the trunk.
- Launchpad #229549: Don't ignore
debugflag when rendering page templates (thanks to Eric Steele for the patch).
- Fixed against-the-rules zope.conf option
fast-listen(dash, not underscore).
Zope 2.11 rc 1 (2008/05/08)
- Launchpad #142350: Display description for properties as row title, if present.
- Launchpad #200007: DateTime(anotherDateTime) now preserves the timezone.
- Launchpad #213311: Handle "unsubscriptable object" errors during publishing traversal.
- Products.Five: Fixed vocabulary lookup broken in 2.11 beta 1. ZopeVocabularyRegistry wasn't hooked up on startup.
- Launchpad #143813: zopectl now exits non-zero when child processes fail.
- Products.Five: Resynced browser.adding with zope.app.container. This fixes some minor bugs and removes deprecated code.
- Launchpad #173658: Removed dead code in OFS.Traversable's
- Launchpad #198274: "empty" ZopePageTemplates could not be unpickled.
Zope 2.11 beta 1 (2007/12/29)
- Turned deprecation warnings for manage_afterAdd, manage_beforeDelete and manage_afterClone methods into discouraged warnings. These methods will not be removed in Zope 2.11, but stay for the foreseeable future. Using events is still highly encouraged.
- Moved two implements declarations from Five into the proper classes.
- Document.sequence: replaced by zope.sequencesort
- All Products folders as well as the zope and zope.app folders are declared as setuptools namespace packages now. See http://peak.telecommunity.com/DevCenter/setuptools#namespace-packages for more information about namespace packages.
- ZPT: removed display of ZPT warnings since warnings were removed from the zope.pagetemplate implementation
- Ship Zope with a standard docutils 0.4 distribution, instead of a patched one. Both trusted and untrusted code are still protected against unwanted file inclusion.
- Removed ZGadflyDA (deprecated since Zope 2.9). The code is still available from svn.zope.org/Products.ZGadflyDA.
- Removed OFS.content_types (deprecated since Zope 2.9)
zLOG, which will remain a backward-compatibility shim for the Python logging module.
- Indexes: Removed unused parameters from
- Removed deprecated support for product initialization based on
- reStructuredText/ZReST: setting raw_enabled to 0 for security reasons
- OFS Image: Image and File updated to use isinstance(data, str) and raises TypeError upon encountering unicode objects.
- OFS Application: Updated deprecation warnings.
meta_typeswill be removed in Zope 2.11,
methodssupport might remain longer.
- Zope2 startup: Zope will now sends DatabaseOpened and ProcessStarting events during startup
- Testing.ZopeTestCase: Introduced a "ZopeLite" test layer, making it possible to mix ZTC and non-ZTC tests much more freely.
- Testing/custom_zodb.py: added support use a different storage other than DemoStorage. A dedicated FileStorage can be mount by setting the $TEST_FILESTORAGE environment variable to a custom Data.fs file. A ZEO server can be configured using the $TEST_ZEO_HOST and $TEST_ZEO_PORT environment variables. This new functionality allows us to use the standard Zope testrunner for writing and running tests against existing Zope installations.
- The ZPublisher HTTP request has now both the debug and locale attributes available, like its Zope 3 counterpart. The debug attribute was so far limited to code from the zope.* namespace in order to make the Zope 3 ZPT engine work. The locale attribute provides access to an zope.i18n.interfaces.locales.ILocale object with access to locale related information like date / time formatting or translated language and country names. Form variables of both debug and locale will shadow these two attributes and their use is therefor discouraged.
- MailHost: now uses zope.sendmail for delivering the mail. With this
change MailHost integrates with the Zope transaction system (avoids
sending dupe emails in case of conflict errors). In addition MailHost
now provides support for asynchronous mail delivery. The
Use queueconfiguration option will create a mail queue on the filesystem (under
Queue directory) and start a queue thread that checks the queue every three seconds. This decouples the sending of mail from its delivery. In addition MailHosts now supports encrypted connections through TLS/SSL.
- integrated ZODB 3.8 (featuring BLOB support)
- integrated latest Zope3 components (aka Zope 3.4)
- Support for using zopectl on Windows has been added. All commands are
supported and there are two Windows specific ones: install and remove,
which install or remove the Windows service. The start, stop and
restart commands handle the Windows service. In order to use them, you
need to call
- ZCatalog result objects (catalog brains) now have an interface, ZCatalog.interfaces.ICatalogBrain.
- A new module, AccessControl.requestmethod, provides a decorator
factory that limits decorated methods to one request method only.
For example, marking a method with @requestmethod(
POST) limits that method to POST requests only when published. Several security-related methods have been limited to POST only.
- PythonScripts: allow usage of Python's
fast_listendirective to http-server and webdav-source-server sections in etc/zope.conf in order to defer the opening of the sockets until the late startup phase. This in in particular useful when running Zope behind a loadbalancer (patch by Patrick Gerken).
- the ZopePageTemplate implementation now uses unicode internally.
Non-unicode instances are migrated on-the-fly to unicode. However this
will work only properly for ZPT instances formerly encoded as utf-8 or
ISO-8859-15. For other encodings you might set the environment variable
ZPT_REFERRED_ENCODING to insert your preferred encoding in front of
utf-8 and ISO-8859-15 within the encoding sniffer code.
In addition there is a new
output_encodingsproperty that controls the conversion from/to unicode for WebDAV/FTP operations.
- the ZPT implementation has now a configurable option in order how to deal with UnicodeDecodeErrors. A custom UnicodeEncodingConflictResolver can be configured through ZCML (see Products/PageTemplates/(configure.zcml, unicodeconflictresolver.py, interfaces.py)
- AccessControl.Role: added new method manage_getUserRolesAndPermissions().
- AccessControl: the form behind the "Security" tab has a new form for user-related reporting of permissions and roles
- Zope 3-based exception views can now be registered in ZCML for
various exceptions that can be raised by Zope. Registering an
exception view can be done like this:
<browser:page for="zope.publisher.interfaces.INotFound" class=".view.SomeView" name="index.html" permission="zope.Public" />
Relevant exceptions that can have views are:
Note that the name has to be
index.html for the exception
view to work. (patch by Sidnei da Silva from Enfold,
integration by Martijn Faassen (Startifact) for Infrae)
- DateTime now uses pytz for time zone data. This means support for more time zones and up to date daylight saving time information.
- Collector #2113:
zopectl testmasked Ctrl-C.
- Collector #2190: Calls to zope.security.management.checkPermission
weren't rerouted to Zope 2's security policy.
NOTE: If you already have a Zope 2.10 instance running, you will either have to recreate it or add the following lines to the end of the etc/site.zcml file:
<securityPolicy component="Products.Five.security.FiveSecurityPolicy" />
- Collector #2223: Evaluation of booleans in TALES and the
- Collector #2213: Can't edit "old" ZopePageTemplate instances.
- Collector #2235: A number of ZCatalog methods were doing boolean evaluation of objects that implemented __len__ instead of checking them against None. Replaced a number of "if not obj" with "if obj is None".