File contents
Zope Changes
This file contains change information for the current Zope release.
Change information for previous versions of Zope can be found in the
file HISTORY.txt.
2.7.0b1
Features added
- zopectl command now has 'debug' and 'run' options.
- the zodb_db section in zope.conf now accepts a 'connection-class'
key that accepts a python dotted-path-name to use as the
connection class for the database.
- The ReST input and output encodings are now configured via the
'rest-input-encoding' and 'rest-output-encoding' config file
directives rather than the REST_INPUT_ENCODING and
REST_OUTPUT_ENCODING environment variables.
- Datetime-format settings are now configured via the
'datetime-format' configuration file directive rather than the
DATETIME_FORMAT environment variable.
- Trusted proxies are now configured via the 'trusted-proxy'
configuration file directive rather than the
ZOPE_TRUSTED_PROXIES environment variable.
- The maximum number of sockets that ZServer will open in order to
service incoming connections can now be specified via the
max-listen-sockets conf file parameter.
- Shane Hathaway's DBTab product has been integrated. The
Control_Panel -> Databases tab now allows you to control all
mounted databases. You can add a mount point by editing the
zope.conf file, adding a zodb_db section for the main database
and other mounted databases, and choosing "ZODB Mount Point"
from the Zope "Add" list.
- DTML Methods and Documents supply a traceback supplement when called.
- Windows installer contains NT/2K/XP service support on
a per-instance-home basis.
- zopectl command now has 'debug' and 'run' options.
- the zodb_db section in zope.conf now accepts a 'connection-class'
key that accepts a python dotted-path-name to use as the
connection class for the database.
Bugs Fixed
- mkzopeinstance did not expand tildes in directory name input.
- The 'configure' script did not work under Solaris sh.
- The SiteErrorLog object did not ignore NotFound errors,
which caused (mainly) useless messages to be kept in the log.
- The addition of a linefeed to version.txt in lib/python caused
Apache proxies to choke because the string was injected into
a header including the linefeed. This has been fixed.
- Collector: #964: standard_error_message refers to looking into the
HTML code for more information which is deprecated. Referring to
the error log now.
- Collector #893: Mailhost: munge_header has been broken for addresses
containing the recipients full name
- Zope's setup.py didn't include the ZEO.auth package.
- Collector #628: Applied patch to fix several textarea resize
problems.
- Collector #953: fixed namespace collision with form_title in ZMI
- Collector #342: Avoiding insertion of a BASE tag for file objects
with content-type text/html
- Windows installer properly deletes pyc/pyo files on uninstall.
- Windows binary post-install quickstart page is now more
informative.
- Fixed a potential bug in ZTUtils.Tree.decodeExpansion where a
potentially empty string was tested for it's first character; used
.startswith for safety.
2.7.0a1
Features added
- OFS: OrderSupport and OrderedFolder added. OrderSupport is a mixin class
that adds the IOrderedContainer interface to ObjectManagers.
OrderedFolder - meta_type 'Folder (Ordered)' - is a new Folder class
using OrderSupport.
(thanks to Stephan Richter for inspiration and some code)
- Folder: Constructor now takes an optional 'id' argument.
- Show known medusa servers in Control_Panel.
- New startup and installation regime (./configure; make; make install
instances use a config file, daemon is now a separate process). See
http://dev.zope.org/Wikis/DevSite/Proposals/InstallationAndConfiguration
for more information.
- New module: App.config. New API for getting a configuration
object. This should be the preferred way for all code in Zope
to get configured values for many settings. For settings made
available via this module, alternate locations are deprecated,
though will to be supported for Zope 2.7.
- Collector #435: Support for passwords encoded using MySQL's
PASSWORD() function add to lib/python/AccessControl/AuthEncoding.py.
- Collector #167: Support __getattr__ on cAccessControl PermissionRole
objects to allow gathering of permission names for products like
DocFinder and VerboseSecurity.
- Added a new REQUEST method, getClientAddr(), to determine a clients
IP address. Address restrictions in the user folder have been changed
to use this method. By default the value returned by this method is the
same as the initial value of REQUEST['REMOTE_ADDR']. Zope also has
support for obtaining a more useful value from other headers if a
front-end proxy is in use. See doc/ENVIRONMENT.txt for details.
- DateTime module: added support to parse international dateformats. The
Datetime constructor has a new "datefmt" parameter to enforce the
parsing of a date as "us" or "international" date. The new field
descriptor field descriptor "date_international" can be used to
enforce this behaviour inside the ZPublisher. See also
doc/ENVIRONMENT.txt to check with the DATETIME_FORMAT
- KeywordIndex, FieldIndex and ZCTextIndex are now able to index more
than one attribute of an object. This removes the ties between the
indexes ID and the attribute name to be indexed.
- Integration of reStructuredText (reST) and the ZReST product
by Richard Jones. See doc/RESTRUCTUREDTEXT.txt for details.
- Objects locked through WebDAV are now marked with a lock icon
inside the ZMI.
- Collector #741: Applied patch to provide better FTP error messages.
- Made all PluginIndexes and ZCTextIndex use 'safe_callable',
which is aware of extension classes that fill 'tp_callable'
but don't define '__call__'.
- Made KeywordIndex be more robust about receiving a value that
is not a string or an iterable type.
Bugs Fixed
- Collector #954: clear() method of TopicIndex removed all filter sets
instead of clearing them.
- Collector #939: Fixed typo in TopicIndexes
- Collector #937: UnicodeError exception available within PythonScripts
- Collector #902: recursive Scripts were broken due to shared globals.
- Product initialization would only consult a file named "version.txt"
to read version information. Now it will check version.txt, VERSION.txt
and VERSION.TXT.
- Collector #928: DateIndex ignored timezones when indexing and
querying
- Collector #892: misleading error msg when initializing an OIBTree
from a dict with a float value. The message claimed that the
dict's items didn't consist of 2-element tuples, but of course
they do. The TypeError now says "expected integer value".
- Collector #882: delPropertySheet was broken due to a typo
- Collector #683: WeDAV request without XML preamble
were not recognized by Zope and raised an exception.
- Index constructors were called without acquisition context of the
calling object. This caused caller.getPhysicalPath() to fail for
indexes depending on this information.
- Collector #814: PathIndexes now uses IITreeSet instead of
IISet. This should result in less memory usage.
- Fixed a whitespace problem in Z2.log (AWStats failed to process
Zope logfiles)
- Collector #816: dtml-sendmail corrupted header if message was
left blank.
- Collector #790: WebDAV access is granted by default only
to Managers and Authenticated users instead to Anonymous users.
This restricts access to the Control_Panel and especially
to the Products management to trusted users.
- Rename, Cut & Delete operations on locked objects (WebDAV) are
no longer permitted and will raise an exception. Copies of
locked objects are copied without lock.
- Collector #634: Image objects can now be rendered without border
attribute by calling "image.tag(border='')".
- Collector #695: Object IDs "." and ".." are no longer permitted.
- Collector #771: ZCatalog failed to index DTML Document if the name
of a catalog metadata was identical with the name of an acquired
object.
- Collector #686: intSets no longer lose their values.
- Collector #685: Improved documentation explaining how, where and
why security assertions should be placed in:
lib/python/Products/PythonScripts/README.txt
lib/python/Products/PythonScripts/module_access_examples.py
- The ZEO unit tests and wo_pcgi.py didn't run on Windows if the path
to the python executable included a space.
- Some calls to os.system('chmod') has been replaced with the more
portable os.chmod() call, to make install work properly on Windows.
- Fixed an isinstance() check in SimpleItem on standard_error_message
handling that would always break if the first argument was not
an extension class because the second argument was a type.
- Any write request could be tricked into writing into a version
be setting a version cookie or by including a version name in
the request. Now we require the user to globally have
permission to join or leave versions to run a request in a
version.
Backward incompatabilities
- We no longer honor local security settings that would allow
someone to join or leave versions unless the location of the
settings is a folder directly or indirectly containing the
user's user folder.
Bugs Fixed
- Collector #956: automatically installing Examples at startup
could be a security risk. Examples now must be installed
explicitly by the user (thanks to Jamie Heilman and day0).
- Collector #954: clear() method of TopicIndex removed all filter sets
instead of clearing them.
- Collector #882: Fixed typo in PropertySheets
- Collector #939: Fixed typo in TopicIndexes
- Collector #937: UnicodeError exception available within PythonScripts
- Collector #902: recursive Scripts were broken due to shared globals.
- Product initialization would only consult a file named "version.txt"
to read version information. Now it will check version.txt, VERSION.txt
and VERSION.TXT.
- Make ZCTextIndex much less prone to generating conflict errors.
Previously *any* concurrent updates would provoke a conflict.
- Fix query performance and scalability bug in ZCTextIndex.
- Collector #928: DateIndex ignored timezones when indexing and
querying
- Any write request could be tricked into writing into a version
be setting a version cookie or by including a version name in
the request. Now we require the user to globally have
permission to join or leave versions to run a request in a
version.
- Fixed a problem with potentially mis-acquiring 'func_code' in
publisher BeforeTraverse hook.
- Fix for issue 683: Image cache manager headers were not sent
when an image request returned a 304 (in response to an if-mod-since
request).
- Made all PluginIndexes and ZCTextIndex use 'safe_callable',
which is aware of extension classes that fill 'tp_callable'
but don't define '__call__'.
- Made KeywordIndex be more robust about receiving a value that
is not a string or an iterable type.
- Fixed incorrect docstring in OFSP/Image help.
- Fixed unhelpful signal description.
Log in
Forgot your password?
