You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » 2.7.1 » HISTORY.txt » View Document

Log in




Zope History

This file contains change information for previous versions of Zope. Change information for the current release can be found in the file CHANGES.txt.

Zope 2.6.2 beta 2

Bugs Fixed

  • TemporaryStorage (which is used by TemporaryFolder, and thus the default sessioning configuration) no longer uses a "LowConflictConnection" database connection. This fixes a bug in which data structures used for session housekeeping data could become desynchronized; the symptom for this was KeyErrors being raised from TransientObjectContainer's get method. As a result, many more conflicts will be raised under high session load, but desynchronization will not occur.
  • Fix potential performance bug in PathIndex.
  • Scored result sets from catalog (i.e., from text indexes) can now be merged and sorted together across queries like unscored results.
  • Fixed a memory leak in TALES. If an exception propagated from a tal:repeat block, an uncollectable cycle held a reference to everything in the TALES context.
  • If you're running in development mode, Zope will now raise an exception if a product cannot be initialized properly instead of silently continuing. This is to prevent a debugging frenzy in which you spelunk through one more more half-initialized modules wondering why the class you wanted isn't part of the module namespace. If not in development mode, the process continues silently.
  • Though Python 2.2.2 is not officially supported, a potential issue was found when running under 2.2.2. Some built-in types gained docstrings in the 2.2.2 release, making them publishable where they weren't publishable before. A fix has been added to the publisher to ensure that the types of objects that are publishable do not change between 2.1 and 2.2.

Zope 2.6.1 beta 2

Features added

  • DateTime objects now have a tzoffset() method that returns the objects timezones offset from GMT in seconds.

Bugs Fixed

  • Collector #740: DateTime now handles positive numerical timezones correcly.
  • Collector #763: There was no error when you had a sendmail-tag without specifying a mailhost or smpthost. Also added a missing import.
  • Work around potential BTrees key enumeration bugs in Transience package by checking explicitly for error cases.
  • Collector #736: ZPublisher now allows marshalling tags to contain a -. This is the first step towards a fix for Collector #737
  • Collector #714: CopySupport's manage_clone now calls manage_afterClone in the saem way that manage_pasteObjects does.
  • Collector #697: Multiple selection properties were incorrectly marshalled. note than any non-ascii multiple selection properties modified in versions without this fix will have been corrupted in the zodb.
  • Collector #256: Added a check in _doChangeUser to make sure passwords isn't encrypted twice.
  • Added a sortKey() method to Shared.DC.ZRDB.TM to silence warnings from updated ZODB that DAs dont have that method.

Zope 2.6.1 beta 1

Bugs Fixed

  • VirtualHostMonster handles empty Mapping paths properly.
  • Deadlock prevention code added.

    It was possible for earlier versions of ZODB to deadlock when using multiple storages. If multiple transactions committed concurrently and both transactions involved two or more shared storages, deadlock was possible. This problem has been fixed by introducing a sortKey() method to the transaction and storage APIs that is used to define an ordering on transaction participants. This solution will prevent deadlocks provided that all transaction participants that use locks define a valid sortKey() method. A warning is raised if a participant does not define sortKey(). For backwards compatibility, BaseStorage provides a sortKey() that uses __name__.

  • Fixed bug in FileStorage related to object uncreation. An attempt to load an uncreated object now raises KeyError.
  • Fixed a couple bugs in FileStorage recover() that wrote incorrect backpointers.
  • Fixed data_txn attribute of iterator data records to use the transaction id of the previous transaction, even if it also has a data_txn field.
  • Fixed conflict resolution bug that raised a NameError when a class involved in a conflict could not be loaded.
  • Fixed C extensions that included standard header files before Python.h, which is not allowed.
  • Added code to ThreadedAsync/ to work around a bug in a handled signal can cause unwanted reads to happen.
  • Collector #651: WebDAV Lock Manager was broken.
  • Collector #646: metal:slot was lost during the I18n merge.
  • Collector #640: Fix security assertion on ZCTextIndex query method.
  • Delayed opening the ZODB until after the "Zope" module has been imported, fixing a deadlock issue involving ZEO. The "Zope" module now has a "startup()" function.
  • Fixed a NameError in the recent change to DateTime.rfc822().
  • Made DateTime.rfc822() simpler and independent of local timezone.
  • Fixed bug in Transience reported by kedai which caused spurious KeyErrors under heavy sessioning usage.
  • Fixed bug in the Interface Verify package; base interfaces were not included in an interface compliancy test.
  • Collector #650: Fixed implicit list marshalling for lists where the first two values are tainted.
  • Collector #671: HTTP Ranges were broken for files and images whose length wasn't exactly divisible by 2**16.
  • ModuleSecurityInfo declarations could be lost if further declarations were made after the Info object already had been applied. Such additional declarations could take place in Python trusted code run after Zope strartup or during a Product refresh.
  • Collector #699: MailHosts created in 2.5 breaks in 2.6.
  • Collector #694: dtml-sendmail mailto specification replaces "To:" header. - Collector #702: DateTime.rfc822() fails without daylight saving
  • Collector #703: KeyErrors raised when unindexing a PathIndex (and TopicIndexes) should be swallowed and logged.

Zope 2.6.0

Bugs Fixed

  • Caused many places throughout the code base to use calls to user.getId() rather than user.getUserName(). With most (all?) user folder implementations today, this will have no behavioral change, as getId is always alised to getUserName. However, this makes it possible to write user folder implementations which make the distinction between the user's id and the user's name. These user folders will allow users to change names independent of their identity.
  • WebDAV Lock Manager actually gives the user a chance to specify a starting path before searching for locks, shortening query times and memory usage in large Zope instances.
  • PageTemplateFiles were previously owned by whatever object contained them. This resulted in very hard bugs if the user who owned the container was removed. Since PageTemplateFiles come from the filesystem, they are now "unowned", similar to DTMLFiles. Security is still applied, but now it is applied correctly.
  • Collector #411: DateTime.rfc822 is not rfc822 compliant

Zope 2.6.0 beta 2

Bugs Fixed

  • The ability to add multiple select properties to PropertyManagers was broken (issue 612).
  • Removed the signal handler hung off USR1 for packing the database. This feature proved dangerous as the pack operation would happen in the main thread, causing all asyncore operations to stop until it was finished.
  • Collector #372: tal:attributes failed when combined with tal:replace.
  • Don't try to close network connections in the signal handler for shutdown. This hosed ZEO clients.
  • Collector #292: PythonScript.write() didn't properly refresh bindings.
  • Dumb bug in zdaemon fixed in which it would try to kill process numbers 1, 2, 3, 10, 12, and 15 when it caught a signal related to any of these signal numbers. Instead, it actually tries now to kill its child process with the same signal.
  • Write pidfiles out with trailing newlines.
  • Fix setVirtualRoot in the face of unicode paths (such as occur during an XML-RPC request.
  • Collector #539: Fixed rendering of TAL namespace tags with an on-error statement.
  • Collector #586: Generated start scripts had a nonsensical export of an "INST_HOME" environment variable.
  • Collector #580: TALES evaluateBoolean() was squishing default.
  • Collector #581: TALES Path traversal should not special-case a blank string in the second element position. It now skips directly to item access when a path element is blank or has a leading _.
  • Fixed inconsistent attribute access in TALES Paths.
  • Deprecated hasRole alias failed to return result.
  • Collector #538: Hybrid path expressions no longer attempt to call a value returned by the final, non-path alternate.
  • Collector #573: ZTUtils Iterator didn't catch AttributeError.
  • Collector #517: The properties page incorrectly rendered properties with non-latin1 values if there were no unicode properties defined, and incorrectly processed properties with non-ascii names.
  • ZTUtils.SimpleTree could not build a tree with a root other than the ZODB root object. Also, filter functions didn't work at all, let alone in accordance with the documentation in the code.
  • Collector #603: ZTUtils.Tree.encodeExpansion encoded depth with '. characters, but decodeExpansion could possibly see an encoded node id as an encoded depth when that encoded id started with a .'.
  • Collector #605: ZTUtils.Tree.decodeExpansion set no limits on the string to be decoded, allowing for a DoS attack with very large strings.
  • The fix for issue #144 broke the ability to create an empty Image or File object. This functionality is now reenabled again.
  • ZTUtils.Zope.TreeSkipMixin allows you to skip unauthorized objects in the tree, but the filter wasn't applied when trying to filter candidate child nodes through a custom setChildAccess filter.
  • Emails sent through MailHost now automatically include a Date header if not already present, in compliance with RFC822 and RFC2822.

Features Added

  • Add optional relative argument to getURL the method in CatalogBrains. This allows it to generate site relative URLs like absolute_url can.
  • ZTUtils.Tree.encodeExpansion now will use zlib compression by default, allowing for a far larger number of open tree states to be encoded. decodeExpansion handles compressed expansion states automatically.
  • ZTUtils.Tree.TreeMaker now has additional methods for setting various flags and attributes that influence how the tree is built, making these aspects accessible to PythonScripts.
  • ZTUtils.Tree.TreeMaker has a new method setStateFunction, which allows you to set a callback function that can influence the state (open, closed, leaf) of each node in the tree.
  • Pidfile handling improved. When Zope is started under zdaemon, it no longer writes its own pidfile. Instead, it passes in the path to to zdaemon as its pidfile name. The file is no longer ever written. This caused a change to the -Z option of which should be mostly backwards-compatible (unless people were relying on to be written). Now the -Z option is a boolean. -Z1 means use a daemon. -Z0 means dont. The default is -Z1.

Zope 2.6.0 beta 1

Bugs Fixed

  • Collector #587: fixed wrong migration to string methods in
  • Collector #583: Searching for / with PathIndexes failed.
  • Fixed bug in manage_editProperties which used an incorrect default for several types of property when they were not found in the REQUEST.
  • Collector #574: Fixed write on HEAD requests caused by overzealous ETag support.
  • Fixed bug in where it would eat certain socket error exceptions at startup.
  • Collector #550: Exceptions in XML-RPC requests no longer envoke standard_error_message. Plain text error messages are instead added to the fault string. In debug mode, a full traceback is also included since access to the error log is not a given for XML-RPC developers.
  • Collector #512,541: Fixed broken WebDAV compatiblity with Cadaver 0.20.X due to a missing Lock-Token header.
  • Zope Page Templates set a content-type header even if the result of their execution was not rendered to the browser. We now check to make sure a content-type header is not already set before allowing a page template to set its own.
  • The title_or_id attribute of browser id managers and session data managers is now accessible publically.
  • Collector #510: When Python scripts and other "Script" objects were acquired during URL traversal, the __before_publishing_traverse__ code did not properly stop traversal at the script and populate traverse_subpath with the remaining url path elements.
  • Collector #238: Version Save and Discard buttons were too close to each other in Version management screens.
  • The "Add Browser ID Manager" permission was renamed to "Add Browser Id Manager".
  • Collector #437: dtml-sqltest now renders v not in (b,c) when used as . Previously, a sqltest for inequality would render v <> b when a single value was submitted, but would render a in (b,c) when multiple values were present and the multiple switch was set.
  • Collector #478: Z Search Interfaces with no parameters are now generating correct HTML.
  • Collector #448: Z Search Interfaces created as PageTemplates have a correct title, not a fragment of dtml.
  • Fixed brokenness of session data manager hasSessionData method. The old method created a session data object as a result of the call; it does not now.
  • Collector #458: Fixed broken reindex_all in CatalogAwareness classes.
  • The default "start" script now causes the event log to be sent to standard output unless the "EVENT_LOG_FILE" or "STUPID_LOG_FILE" environment variable is found in the environment.
  • The much-hated name "STUPID_LOG_FILE" now has a preferred alias: "EVENT_LOG_FILE".
  • Collector #454: The "default" session_data transient object container was not created if an object named "session_data" existed in the root.
  • Restored behavior of ZCatalog when arguments with empty string are passed in to searchResults. These values are now ignored. If only empty string values are passed to searchResults, then it returns all results (it is assuming what was passed is essentially an empty filter).
  • Collector #160: Allow TemporaryStorages to participate when a version is active.
  • Collector #446: Fixed management security assertions on ZCatalogIndexes class.
  • The BTree module functions weightedIntersection() and weightedUnion() now treat negative weights as documented. It's hard to explain what their effects were before this fix, as the sign bits were getting confused with an internal distinction between whether the result should be a set or a mapping.
  • New "Transience" (session data storage) implementation. More reliable under high load.
  • Collector #402: PythonScript recompile utility should only be usable by Manager to prevent abuse.
  • Collector #433: Fixed broken Splitter backwards compatiblity issue caused by code cleanup.
  • Collector #151: The Python 2.1 / 2.2 fcntl compatibility hacks were bypassed when using medusa directly without importing ZServer first (as when using
  • Collector #72: Start on Windows 95 machines with no network devices installed.
  • Collector #79: Don't swallow App.FindHomes exceptions.
  • The set operation difference(X, None) was returning None instead of returning X, contradicting the docs and common sense. difference(None, X) continues to return None.
  • Fix bug in ISO_8859_1 splitter which corruped storage on initialization.
  • Collector #421: Storage leak in cAccessControl
  • FileLibrary and GuestBook example applications gave anonymous users the Manager proxy role when uploading files - a potential vulnerability on production servers.
  • Exceptions that use untrusted information from a REQUEST object in the exception message now html-quote that information.
  • Stop leaking FastCGI Authorization header in environment to prevent password compromise
  • #178: Don't compile PythonScripts in skins directories
  • Fixed the help registration system and Zope tutorial to honor the environment variables, FORCE_PRODUCT_LOAD, and ZEO_CACHE, that affect whether products are installed in the database at application startup.
  • Collector #547: xmlrpclib SlowParser should also handle CDATA sections.
  • Collector #525: Don't mask Unautorized exceptions as XML-RPC faults. Fix based on patch from Brad Clements.
  • Collector #465: Allow XML-RPC requests with no tag.
  • Collector #528: Don't clear REQUEST_METHOD for XML-RPC requests; instead check for an XML-RPC Response objetc in BaseRequest.traverse.

Features Added

  • Browser ids can now be encoded in the URL and Zope can be instructed to automatically include the browser id in its generated URLs.
  • Browser Id Managers now provide a saner way to obtain a hidden form element which encodes the browser id name and browser id. An interface method named "getHiddenFormField" on browser id managers now exists which returns a snippet of HTML as a hidden form field that encodes these values.
  • A Site Error Log object is now created in the root at Zope startup time.
  • Added url_unquote and url_unquote_plus modifiers to DTML (also fmt=url-unquote and fmt=url-unquote-plus), and made the same functions available in the PythonScripts.standard module.
  • Collector #186: Added urlencode to the standard importables for Python scripts.
  • and &dtml.-name; will now automatically HTML-quote unsafe data taken implictly from the REQUEST object. Data taken explicitly from the REQUEST object is not affected, as well as any other data not originating from REQUEST. This can be disabled (at your own risk!) by setting the environment variable ZOPE_DTML_REQUEST_AUTOQUOTE to one of no, 0, or disabled.
  • ZCatalog index management ui is now integrated into ZCatalog rather than being a subobject managment screen with different tabs.
  • ZCTextIndexes can now be instantiated without constructing a silly "extra" record object if desired.
  • SimpleItem class now passes a new argument "error_log_url" to the standard_error_message template on error. If the site contains an error log object, this will contain the url to the applicable log entry for the error.
  • The IOBTree module also supports multiunion() now.
  • BTrees and TreeSets are complex objects, with parent->child pointers, sibling pointers, and multi-level parent->descendant pointers. About half the pointers are formally redundant, but speed operations. BTrees and TreeSets now support a ._check() method, which does a thorough job of examining all these pointers for consistency. It raises AssertionError if it finds any problems, else returns None. In Zope 2.5, in rare cases a key deletion could leave these internal pointers in an inconsistent state (what was supposed to be redundant information became conflicting information). The most likely symptom was that tree.keys() would yield an object that disgreed with the tree about how many keys there are. tree._check() can be used if you suspect such a problem (and if you find one, rebuilding the tree is the best solution for now).
  • Added support for the ZOPE_HOME environment variable, which points to the Zope root, where the ZServer package and default imports may be found.
  • Collector #516 -- "title" property on image tags
  • Collector #117 -- change External Method DTML to name="id" vs unquoted id
  • Collector #61 -- now manage_PasteObjects return a list of dictionaries containing {'id':original_id,'new_id':newly_pasted_obj_id} when called with REQUEST=None
  • Changed FORCE_PRODUCT_LOAD so that if it is set, it determines whether products are installed regardless of whether ZEO_CACHE is set. This means that you can disable product installation by setting FORCE_PRODUCT_LOAD to an empty string even if you are not using a ZEO persistent cache.


  • xmlrpclib has been updated to the Python 2.2 version, which includes support for the Expat parser for unmarshalling data, which speeds up things considerably.
  • Binary builds for Linux are now built against glibc 2.1.3 with large file support enabled.
  • Binary builds for Solaris are now built against Solaris 8 with large file support enabled.
  • Added i18n support in TAL processing

Zope 2.6.0 alpha 1

Features Added

  • The IIBTree module has a new multiunion function. It accepts a sequence of sets, treesets, etc, and returns the union of the keys of these objects, as an IISet. It's designed for peak speed when the input sequence contains many objects.
  • Set the default sys checkinterval to a higher value (500) to take better advantage of faster processors. Since there is no way to scientifically determine a number that works best for everyone, this at least should err on the side of better performance "out of the box" for higher-end production systems.

    Note that you can always use the -i argument to z2 to change the check interval.

  • Added support for gzip content compression for clients that support it. See lib/python/ZPublisher/ for more details.
  • Added ZCTextIndex plug-in index product. A replacement for TextIndex.
  • Removed the venerable but senile QuickStart folder from the default FileStorage. "Alas, poor Yorick! I knew him, Horatio."
  • Signal handling and log rotation

    All Zope process will respond to signals in the specified manner:

    SIGHUP - close open database connections and sockets, then restart the process

    SIGTERM - close open database connections and sockets, then shut down.

    SIGINT - same as SIGTERM

    SIGUSR2 - rotate all Zope log files (z2.log, event log, detailed log)

    The common idiom for doing automated logfile rotation will become:

    kill -USR2 `cat /path/to/var/`

    The common idiom for doing "prophylactic" restarts will become:

    kill -HUP `cat /path/to/var/`

    When a process is interrupted via ctrl-C or via a TERM signal (INT, TERM), all open database connections and sockets will be closed before the process dies. This will speed up restart time for sites that use a FileStorage as its index will be written to the filesystem before shutdown.

    Unspecified signals kill the process without doing cleanup.

  • ZCatalog no longer has a hand in managing text index vocabularies. The cruft associated with this functionality has been exorcised. No default indexes or metadata elements are defined for you when you create a new ZCatalog. Since we now have many new kinds of plug-in indexes it no longer made sense to do this anymore.
  • A new permission "Copy or Move" was added. This permission may be used respective to an object to prevent objects from being copyable or movable while within the management interface. The "old" behavior stipulated that users whom possessed the "View management screens" permission to an object's container could copy or move the object arbitrarily, even if they had limited access to the object itself. Once the object was moved or copied, the user became the owner of the new object, allowing them to see potentially sensitive information in the management interface for the object itself. This permission is granted to Manager and Anonymous by default, and must be revoked on an object-by-object basis if site managers intend to provide management screen access to folders which contain sensitive subobjects. This patch came as a result of Collector #376 (thanks to Chris Deckard).
  • Structured Text's "DocumentWithImages" class did not recognize image filenames with underscores.
  • The getElementsByTagName method of STDOM (used by Structured Text) would croak on most documents, especially those containing unwrapped text nodes. Fixed.
  • FileUpload objects now evaluate false when the have an empty file name. Making it easier to check for omitted file upload form fields.
  • ZClasses now use a python script as their constructor method instead of a DTML method. Also, ZClasses inherit from CatalogPathAwareness now instead of CatalogAwareness.
  • added browser_default hook to ZPublisher. This allows objects to specify the path to the default method that the publisher calls when the object is published. The default for objects not defining browser_default is still index_html for bw compatibility. A ZMI configurable browser_default implementation has been added to ObjectManager. You can configure browser_default for OMs via a new "settings" management tab.
  • added TopicIndexes: a TopicIndex is a container for so-called FilteredSet. A FilteredSet consists of an expression and a set of internal ZCatalog document identifiers that represent a pre-calculated result list for performance reasons. Instead of executing the same query on a ZCatalog multiple times it is much faster to use a TopicIndex instead.
  • requestprofiler: added new --daysago option and added support for reading gzipped detailed logfiles
  • DateTime: new functions JulianDay() and week() to perform calculation of the week number based on the Julian calendar.
  • WebDAV: the new environment variable WEBDAV_SOURCE_PORT_CLIENTS enables retrieval of the document source for dedicated WebDAV clients (see ENVIRONMENT.txt for usage)
  • Collector #272: Optimizations for RESPONSE.write
  • Collector #271: New environment variables are now used to send the access log into syslog. ZSYSLOG_ACCESS, ZSYSLOG_ACCESS_FACILITY, and SYSLOG_ACCESS_SERVER now do the same job as the old environment variables without _ACCESS in their name. Those old environment variables still do the same job of sending the event log to syslog.
  • When run as a daemon on Unix, Zope will now redirect stdin/stdout/stderr to /dev/null
  • Nicer formatting for the increasingly tall permissions table.
  • TextIndex: Enhanced splitter functionality now allows the TextIndex to index numbers, single characters. It is also possible to enable case-sensitive indexing. The new configuration options are available through the addForm of the Vocabulary object.
  • ICP server support. For more information see
  • STXNG: added new env. variable STX_DEFAULT_LEVEL to change the default level for elements (see doc/ENVIRONMENT.txt)
  • Collector #304: several catalog optimisations
  • New implementation of ZODB object cache. The new implemenation is more likely to keep the size of the object cache close to the target size. This change means that memory consumption may be reduced. Some users will need to increase the default cache size, because a too small setting is more likely to hurt performance than it did in the past.

    Third-party C extensions that use the persistence API must be recompiled, and may need to be updated to work correctly with the new cache; see PER_GHOSTIFY().

  • The ZODB Connection is now resposible for registering changed objects with the current transaction.
  • Implementation of RestrictedCreation fishbowl proposal; Product registration can now include a function used to determine whether that product constructor want to allow objects to be created in the specified container object.
  • Collector 196: manage_page_style.css is now cacheable. Added freshness information to ImageFile, to improve cacheability of management interface
  • Collector 358: added a new parameter no_push_item to dtml-in, to inhibit automatically pushing sequence-item onto the namespace stack.
  • STXNG: Structured Text now supports images by default by using the HTMLWithImages class (has been disabled prior to Zope 2.6)
  • new option --force-http-connection-close for to prevent clients from maintaing pipelined connections to the Zope server (Collector #412)
  • Updated the Interface package to be compatible with Zope 3 Interfaces. This included changing some interface APIs that may affect existing products.
  • Added a database activity monitoring graph to the control panel, making it easier to tune the ZODB cache size.

Bugs Fixed

  • External methods didn't properly setup func_defaults and func_code when they were first loaded. This meant mapply couldn't properly map arguments on the first try.
  • Fixed bug #96: Narrower/Wider buttons now work on both CSS and non-CSS compliant browsers. This allows better control for browsers that have a hard time knowing what 100% means.
  • Fix for Collector #319: filtered_manage_options didn't correctly filter tabs based on permission.
  • Made repr of an HTTPRequest.record eval'able as a dict (Collector #89).
  • Fixed bug #144: Upload button on dtml, py scripts, images, files and pts now raises an error if the file is not specified rather than clearing the source.
  • Fixed bug #275: setPermissionDefault didn't actually set the right permission -> role mappings.
  • Fixed bug reported on maillist during EWOULDBLOCK when using FTP server (http://
  • App/ now computes the "real" path for SOFTWARE_HOME and INSTANCE_HOME, resolving any symlinks in any element within paths passed in via the INSTANCE_HOME or SOFTWARE_HOME envvars. Paths that are computed by "dead reckoning" from os.getcwd and module paths are also "realpathed". So for instance, if you use /home/chrism/Instance as your INSTANCE_HOME, and /home/chrism is a symlink to /other/home/chrism, your INSTANCE_HOME will be computed as /other/home/chrism/Instance. This is necessary to avoid weirdnesses while using "dead reckoning" from INSTANCE_HOME and SOFTWARE_HOME in other parts of the code. POSIX systems only.
  • Fixed PropertyManager/PropertySheets so that you can safely add a property named ids without breaking your properties page.
  • Removed spurious self from scarecrow interfaces; updated method-generation in Interface package to ignore self when source is a method (rather than a function).
  • Collector #32: Use difflib instead of ndiff
  • Fixed long standing bug in PythonScript where get_size returned the incorrect length. This broke editing using EMACS via FTP or WebDAV. Thanks to John Glavin at South River Technologies for help finding the bug.
  • Collector #207: fixed problem with inner links in STXNG
  • Collector #210: HTML() function of StructuredText produced wrong tags.
  • Collector #166: ObjectManger.all_meta_types() implemented only an incomplete filter based on interfaces.
  • FTP: Downloading files through FTP has been broken since 2.4.0 because the downloaded file has been stored with a HTTP header at the beginning of the file. Fixed!
  • FTP: Spaces in usernames inside a FTP file listing are now replaced by underscores to avoid confusion with some FTP clients.
  • Collector #227: improved handling of unicode string in with unmodified default encoding in
  • Collector #227:, TextIndex/dtml/manage_vocab.dtml modified to display unicode strings in the vocabulary properly (now using UTF-8 encoding for display purposes)
  • Collector #250: applied several patches for TextIndex for better unicode support for the GlobbingLexicon
  • Collector #254: return owner object from getOwner wrapped in its context
  • Collector #259: did not delete all .pyc and .pyo files during installation. Fixed.
  • Collector #231: BTrees ignoring errors from comparison function
  • Collector #278: DocumentWithImages could not handle URLs with underscores
  • Collector #279: changed exception handling for safegmtime() to provide a more intuitive traceback for operating systems with a limited gmtime() implementations
  • Collector #285: Zope changes its working directory to the var directory at startup
  • WebDAV: removing an non-existing property now returns a HTTP 200-OK response instead of 404 (now compliant with RFC 2518)
  • Fixed a bug in that would cause database adapters to hang on errors in the second phase of the two-phase commit.
  • Collector #291: ZCatalog not unindexing deleted properties
  • Collector #266: Retried requests losing track of http request headers, causing Connection:Close requests to stall
  • Collector #17: Fixed broken links in StandardCacheManagers help
  • Collector #1: UNIX security fixes: make starting Zope as root secure, stop using nobody, warn of insecure umasks
  • Collector #303: Properties of type long got truncated
  • Collector #325: adding a new TextIndex to an existing Catalog cleared the standard Vocabulary.
  • Collector #373: content_type property for Image objects are no longer deletable to prevent malfunction.
  • Collector #343: The ZCatalogs Indexes view showed the wrong number of indexed objects for FieldIndexes.
  • FTP server: replaced System_Process by Sysproc to avoid breaking some FTP clients and the output format with overlong usernames.
  • Fixed a potential bug with cAccessControl's permission role deallocator which would try to decref things which may not have been set, due to a change in the initializer (which will bail out if it doesnt get called with a tuple argument)
  • Collector #185, 341: PCGIServer and FCGIServer logs corrected and now output extended information like HTTPServer does.
  • Propertysheets: Ids like values and items are now forbidden as they break WebDAV functionality. Existing Propertysheets are not affected
  • Collector #348: decapitate() now recognizes both \r\n and \n\n to be compliant with the HTTP RFC
  • Collector #386: workaround for hanging FTP connections with NcFTP
  • Collector #419: repaired off-by-1 errors and IndexErrors when slicing BTree-based data structures. For example, an_IIBTree.items()[0:0] had length 1 (should be empty) if the tree wsan't empty.

Zope 2.5.1 beta 1

Bugs Fixed

  • Fixed failed incref in cAccessControl that caused problems when ghosting occured.

Zope 2.5.1

New Features

  • Added the fsIndex feature. This adds a new BTree variant, fsBTree, a module that uses it, and some changes to to use fsIndex if it exists so that the oid-to-offset index (pindex) is a BTree rather than a straight dict.
  • ZODB changes necessary to support StandaloneZODB were merged
  • requestprofiler: added new --daysago option and added support for reading gzipped detailed logfiles
  • HTTP_TRACEBACK_STYLE environment variable controls the appearance of error tracebacks when not in debug mode. Recognized values are none (no traceback), js (§ that expands into traceback when clicked), and plain (plain text). The default is to include the traceback in an HTML comment.

Bugs Fixed

  • A fix for the issue addressed by Hotfix 2002-04-15 was incorporated into the core.
  • Fixed table regex parsing bug in ClassicStructuredText thanks to Albert Ting via Zope maillist.
  • Register CatalogPathAware as a ZClass base class in response to Collector #33.
  • Fix for Collector #319: filtered_manage_options didn't correctly filter tabs based on permission.
  • Fix for Collector # 275: setPermissionDefault was not being propagated to actual security settings.
  • Fixed bug where TTW code that called:

    del REQUEST.SESSION['key']

Would fail with a slice error (due to the security machinery). Assigning __garded_delitem__ to __delitem__ solves this problem, and allows del to be called against a SESSION key value.

  • Fixed a bug that could cause spurious AttributeErrors and other strange failures when trying to work with methods acquired from within the context of a transient object obtained via REQUEST.SESSION.
  • A last modified attribute has been added to transient objects. The conflict resolution method of transient objects now uses the last_modified time when deciding which if any of the three states to return. Objects with a later last modified time are preferred. Thanks to Tres for finding a corner case that identified the problem with the "old" conflict resolution machinery and suggesting this fix.
  • Collector #236: recursive ownership changes could be short-circuited prematurely if a user already owned a subobject.
  • Page templates will now not expand if expand=0 is passed to them.
  • ZTUtils.Zope.Batch now has the same default orphan parameter as ZTUtils.Batch.Batch. Calculation of previous batches with non-zero orphans is fixed.
  • Python-based Scripts that need to be recompiled for efficiency now emit a single, much more explanatory log entry, per run. The recompile() utility function works properly now.
  • Caused sqltest implementation to match help system docs Expression tags now work. "multiple" attribute now works. type="nb" attr now works. (thanks to Christian Theune for the patch)
  • Fixed cAccessControl to incref __roles__ in imPermissionRole_of
  • Fixed long standing bug in PythonScript where get_size returned the incorrect length. This broke editing using EMACS via FTP or WebDAV. Thanks to John Glavin at South River Technologies for help finding the bug.
  • Collector #207: fixed problem with inner links in STXNG
  • Collector #210: HTML() function of StructuredText produced wrong tags.
  • Collector #227: improved handling of unicode string in with unmodified default encoding in
  • Collector #166: ObjectManger.all_meta_types() implemented only an incomplete filter based on interfaces.
  • FTP: Downloading files through FTP has been broken since 2.4.0 because the downloaded file has been stored with a HTTP header at the beginning of the file. Fixed!
  • FTP: Spaces in usernames inside a FTP file listing are now replaced by underscores to avoid confusion with some FTP clients.
  • Added UnicodeSplitter to Windows build process
  • STXNG: underlined text at the end of line has not been recognized properly
  • Collector #250: applied several patches for TextIndex for better unicode support for the GlobbingLexicon
  • Fixed compatibility of the Interface package with newer versions of Python.
  • Collector #259: did not delete all .pyc and .pyo files during installation. Fixed.
  • Collector #254, make getOwner wrap the owner object in its context
  • DTML: unicode conversion inside DTML to other character sets has been broken (workaround added to
  • Collector #278: DocumentWithImages could not handle URLs with underscores
  • WebDAV: removing an non-existing property now returns a HTTP 200-OK response instead of 404 (now compliant with RFC 2518)
  • Updated to zlib 1.1.4.
  • Fixed a bug in that would cause database adapters to hang on errors in the second phase of the two-phase commit.
  • Collector #17: Fixed broken links in StandardCacheManagers help
  • Collector #303: Properties of type long got truncated
  • Collector #325: adding a new TextIndex to an existing Catalog cleared the standard Vocabulary.
  • Collector #343: The ZCatalogs Indexes view showed the wrong number of indexed objects for FieldIndexes.
  • FTP server: replaced System_Process by Sysproc to avoid breaking some FTP clients and the output format with overlong usernames.
  • Propertysheets: Ids like values,keys and values are now forbidden as they break WebDAV functionality. Existing Propertysheets are not affected
  • FTP: some passive FTP connections were blocking. Fixed.
  • Fix potential segfault with cAccessControl's permission role deallocator when the permisson role is constructed with a non-tuple argument.
  • Collector #185, 341: PCGIServer and FCGIServer logs corrected and now output extended information like HTTPServer does.
  • Collector #167: superValues() now includes items with duplicate IDs

Zope 2.5.1 beta 1

Bugs Fixed

  • Fixed failed incref in cAccessControl that caused problems when ghosting occured.

Zope 2.5.0

Bugs Fixed

  • Btree module and UnicodeSplitter could potentially fail to incref Py_None on return
  • Setting proxy roles on DTMLMethods and Documents has been broken
  • Collector #99: items(), keys() and values() methods of IIBucket objects has been broken when called with min/max parameters.
  • WebDAV: The long outstanding read-only problem with WinWord and .html is finally solved. Zope sends now an additional ETag header for DTMLMethods and DTMLDocuments. Many thanks to Joachim Schmitz for this hint.
  • PathIndex: fixed minor bugs, enhanced testsuite
  • DTML-MIME tag: creates now a Mime-Version: 1.0 to make some fussy email programs happy
  • utilities/requestprofiler - fixed bugs in timed mode which could show nonsensical results.

Features Added

  • TextIndex/Splitters: the constructor of all three splitters has now three new optional parameters:

    'maxlen'=(1-256) - to specify the maximum length of splitted words

    'singlechar'=(1|0) - allows single characters to be indexed

    'indexnumbers'=(1|0)- allows numbers to be indexed

    The default values of all parameters reflect the standard behaviour.

  • Enhancements to utilites/

    Added readstats and writestats features which allow for saves and reuse of profile stats between runs of the requestprofiler.

    Added urlfocus mode. Urlfocus mode presents a summary of activity within a period of time before and after the invocation of a particular URL as it was recorded in the big M log. This can be useful when trying to track down a problem which you believe is related to some series of URL invocations as opposed to a single URL invocation.

  • added doc/ENVIRONMENT.txt to document all used environment variables Zope is using
  • Provided a much more robust tool for recovering data from damaged FileStorage files:

    Allow recovery of data when:

    • either transaction or data records are damaged and when
    • multiple parts of a file are damaged

    The interface has changed to not modify in place.

    Other features:

    • Progress indicator
    • Verbose output
    • optional packing
    • index creation
  • The last entry in the breadcrumb path in the ZMI is now an underlined hyperlink.
  • Added a new script "utitilies/" to perform some consistency checks on a ZCatalog instance
  • Added the following new products related to sessioning:
    • browser id manager
    • session data manager
    • transient object container
    • temporary folder
  • Zope will create default sessioning objects on startup
  • Zope will create an Examples folder on startup. This folder contains a collection of simple example applications.

Bugs Fixed

  • STXNG: added + as allowed character inside URLs
  • enhanced the checks for Domains field in the UserFolder
  • Webdav: fixed broken MOVE and COPY commands
  • Updated DTMLMethod validation support patch with version by Steve Alexander
  • did not work properly under some acquisition related reaons.
  • pre-2.5 installation could not properly migrated to 2.5 because of changes in the Splitter API
  • ZODB conflict errors were logged at a severity that caused tracebacks to be logged to the stupid log file "out of the box". Because conflict errors happen under normal operations, and their appearance in the log frequently alarms folks, typical conflict error logging verbiage has been reduced, and traceback logging has been changed to happen only at BLATHER log level, which means that conflict tracebacks will only be logged if STUPID_LOG_SEVERITY is set to -100 or lower.

Zope 2.5 Alpha 2

Bugs Fixed

  • New accelerated security management bugfix in App/, changing calling sequence to positional parameters.
  • STXNG: re-enabled inner now work also through DTML and not only when using STXNG standalone
  • STXNG: generated HTML is now more HTML4/XHTML compliant (quoted attributes, inner links)

Zope 2.5 Alpha 1

Features Added

  • re-enabled inner links for STXNG documents.
  • Zope installations upgraded from pre-2.4 installations did not show the WebDAV LockManager entry in the control panel.
  • "" script in utilities now does better analysis, including:

    "active" in detailed output is now slightly more meaningful. It is > 0 only if other requests started after it started but before it finished. The greater the active count, the more likely it is that something was going on at the time in which the request ran that caused a slowdown.

    Multiple files may be analyzed at the same time.

    Also, script recognizes "U" opcode in big M logs as meaning a restart.

  • Added a "preview" field to the edit form for Image objects. This provides a preview of the actual image data on the form to make it easier to know what you are working on. The preview image is scaled if necessary to be useful without being obtrusive.
  • Added the ability to edit File object content in a textarea. If the content of a File is a text type and the size is less than 64K (the max size for text area data in some Web browsers), then you can edit the content as you would a DTML or other text-based object.
  • New user management API for user folder objects was implemented.

    As of Zope 2.5, manage_addUser, manage_editUser and manage_delUsers form the official API for user management. The old grotesque way of using manage_users is now deprecated.

    The default implementation of these API methods simply call the _doXXX versions of the methods that user folder authors have already implemented, which means that these APIs will work for current user folder implementations without any action on the part of the author.

    User folder authors that implement the new manage_XXX API can get rid of the old _doXXX versions of the methods, which are no longer required (we only use them if the new api is not directly implemented).

    API documentation for the User Folder API was also added to the help system.

  • Python compiler in RestrictedPython brought in sync with main distribution. Made to be compatible with Python 2.2.
  • Added links in the "debugging information" control panel for viewing the contents of the ZODB cache.
  • Added user password encryption capability, fulfilling the needs described in the proposal at: There is now a "properties" tab in user folders where you can select whether passwords are stored encrypted.
  • Locale support in STXNG has been broken (since 2.4.0)
  • Added SOFTWARE_HOME, INSTANCE_HOME, and CLIENT_HOME to the control panel to make it easer to tell what configuration of Zope is running.
  • Re-applied Medusa patch to allow proxy-like HTTP requests (GET http://hostname:port/ HTTP/1.0)
  • Objects indexed by the PathIndex can now provide a hook or an attribute with the same name as the index name to provide a customized path information other than using getPhysicalPath().
  • Selecting "Clear Catalog" from the ZCatalog "Advanced" did not clear the vocabulary associated with a TextIndex.
  • Added updated and enhanced testsuite for STXNG.
  • added getEntryForObject() for PathIndexes. Reworked PathIndex's internal inverse index.
  • API help topics can now document functions as well as classes.
  • Security accelerations in c
  • Accelerated C Document Template handling; Document Templates can now do additional rendering in C, improving performance.
  • Unicode support for ZCatalog:
    • added new UnicodeSplitter
    • ZCatalog now allows unicode strings as attributes of objects to be indexed using a TextIndex (see lib/python/ZCatalog/README.txt)

Bugs fixed

  • WebDAV: Zope escaped nested object properties derived from internal dav__* functions in although they are considered to be safe and do not need any escaping. This caused Zope to be completely incomplete with Windows XP. Fixed !
  • WebDAV: '( and )' are now allowed in Ids for Zope objects. This is needed when one tries to duplicate files using cut&paste through Microsoft webfolders.
  • Collector #2532: ZCatalog.availableSplitters is now protected by security mechanism.
  • Collector #2412: a read-only FileStorage has not been closed properly.
  • Collector #2390: Objects of type Help Image were not properly re-registered inside registerHelp().
  • Fixed broken FTP download for larger files.
  • Collector # 2396: StructuredText did not allow URLs containing "%"
  • Collector # 2397: StructuredText could not handle underlined text properly. Also will no longer produce .. and ..
  • Collector #2438: Using a slice operation like [30:] on a ZCatalog search result caused a MemoryError because the __getslice__ implementation used range() instead of xrange().
  • Collector #2423: Searching a FieldIndexes for documents with a blank string has been broken.
  • WebDAV Lockmanager was not working due to a Python 2.1 incompatibility.
  • Collector #2482: A COPY operation through WebDAV on a locked resource left the destination resource in a locked state so any WebDAV client was unable to unlock the destination object. Locks are now cleared from the destination object.
  • Error message AttributeError/_v_blocks when a DTMLfile is not present or could not be read replaced by a more informative message.
  • Collector #2497: SERVER_PROTOCOL variable is now compliant with the CGI specification and looks like "HTTP/1.1" instead of "1.1"
  • Creation of a TextIndex ignored the vocabulary setting.
  • Fixed broken aquisition of vocabularies from a Catalog by a TextIndex.
  • Collector #2504: level parameter has not been passed to HTMLClass constructor
  • default for orphan attribute of is now 0 instead 3.
  • Fixed conflict resolution problem in BTrees (BTreeTemplace/ _p_resolveConflict)
  • Fixed many subtle bugs in the BTrees, including some that could silently corrupt the BTree and render some data inaccessible.
  • Collector #2524: Medusa sent "HTTP/None..." as response header when then HTTP version could not be determined from the HTTP request. Now sending "HTTP/1.0..."
  • queries for the PathIndex can now specified as tuple (path,level). the level parameter inside a query overrides the optional level parameter for a complete search request.
  • Collector #2561: XXBucket.values() returned keys instead of values
  • Fixed the API docs for user objects.
  • Fixed bad interaction between ZCatalog and dtml-in (submitted by Steve Alexander)
  • Multiple links in a paragraph with mixed link notation (quotation+colon+URL or quotation+comma+whitespace+URL) did not work properly (thanks to Alastair Burt for reporting and submitting the patch).
  • Fixed case where complained when it tried to remove the accelerated DTML security validation routine after recursive entry.

Zope 2.4

Bugs fixed

  • Some of the import shenanigans in were still trying to load Python 1.5 versions of support dlls for running as a service under win32 (meaning you effectively couldn't).
  • Collector #2335: older products like GadflyDA that did not use registerClass() were registered but their visibility flag has not been set to Global. So these products did not appear in the ZMF.

Zope 2.4 beta 1

Features Added

  • Added a new lesson to the Zope tutorial which shows how to insert data into a relational database.
  • Made the meta-type in the upper-left corner of ZClass instances' management interface into a link to the ZClass definition.
  • Collector #2316: introduced new environment variable ZSYSLOG_FACILITY to override the default syslog facility user

Bugs fixed

  • Updated the Zope tutorial a bit. Now it references the Zope Book and the online help's DTML reference. Replaced ZopeTime examples with DateTime in lesson 9.
  • The manage_afterClone hook was called too early for copied objects, before the cloned object was reattached to its context. This caused problems with CatalogAware objects reindexing themselves on copy.
  • Fixed a situation that could slow down lazy processing of sorted search results.
  • Product import ordering has been changed. Now, the total set of all Products are initialized in ascending alphabetical order by product name, regardless of whether an INSTANCE_HOME exists. If two products with the same name exist in both SOFTWARE_HOME and INSTANCE_HOME, the order in which they appear in Application.Products.__path__ determines whether they are loaded first or second.
  • Collector #2318: html_quote function re-aliased into DT_Util so as not to break existing user code.
  • Corrections to the code that adds interface information to the meta type registry.
  • Collector #2274: fixed typo in Made a bit more noisy in case of failure
  • Collector #2273: fixed bug in STXNG (unable to handle :img: commands with absolute URLs)
  • Collector #2272: fixed problem in (Objects with id==None could not print themselves)
  • fixed Python module import problems causing XML export/import too be completely broken
  • Collector #2270: fixed import problem when $INSTANCE_HOME was set
  • Collector #2269: default script for PythonScript is no longer compiled during installation
  • Updated to zlib 1.1.3.
  • fixed parenthesis handling for TextIndex queries
  • Collector #2283: PersistentMapping class keys() method now returns a copy of the cached keys list instead of the cached list of keys itself. This prevents mutation of the list.
  • DateTime constructor now accepts ISO 8601 compliant dates
  • Collector #2254: added hook for webdav/ftp MKCOL
  • Collector #2247: put values of properties into CDATA section to prevent non XML compliant documents to be sent to a webdav client.
  • Collector #2287: fixed missing import of render_blocks in
  • Collector #2289: leading \n\r inside messageText broke mail headers
  • Collector #2290: better handling of subject header in
  • Collector #2291: fixed cookie path in Zope Version Control
  • Collector #2286: Could not create ZClasses. coptimizations.c had been corrected erroneously. Fixed.
  • It was discovered that the implicit names of certain DTMLMethods were ambiguous, making security assertions for them unpredictable. Code was added to detect the condition and correct it in the Zope core. The affected DTML methods did not pose a security risk. Instead, most were overprotective.
  • "print" with a trailing comma (to avoid a newline) caused spurious errors in Python Scripts. It turned out the compiler module was in error. Fixed.
  • Collector #2306: Fixed broken glossary of Zope Tutorial
  • Collector #2305: A comma inside an optional parameter of the parameter string broke the ZScriptHTML_tryParams function of PythonScripts.
  • Restored performance of security checks in DTML and Scripts (Python) by replacing read guards with function calls to guarded_getattr() and guarded_getitem() of ZopeGuards.
  • Restricted the target of PythonScript print statements.
  • Python 2.1 reopened the old "AttributeError: __call__" bug. Checked in a fix that should finally solve it correctly.

Zope 2.4 alpha 1

Features Added

  • Zope now requires Python 2.1. See the Zope 2.4 migration document for details:

  • The Authenticated role has been added as one of Zope's standard roles. A user's possession of this role indicates that he or she has been authenticated by the Zope security machinery. It is an implicit role, and cannot be provided to users within the user management screens or the local roles management screens. It is provided to all authenticated users. Another way to think of the Authenticated role is that it is possessed by all users except the Anonymous User.
  • A module is now part of the utilities directory. When run from the command line, this utility allows you to generate profiling information from Zope's detailed request log (the "-M" log).
  • Restricted code can import AccessControl.getSecurityManager, and use validate, validateValue, checkPermission, getUser, and calledByExecutable.
  • Zope's WebDAV support now includes exclusive write locking.
  • index_html now shows zope_quick_start instead of old, inaccurate content.
  • Changed index_html, standard_html_header, standard_html_footer, and standard_error_message in to use "new" DTML syntax (as opposed to SSI-style syntax).
  • Added check for FORCE_PRODUCT_LOAD environ var to bits which try to detect whether we're a ZEO client or not in order not to skip product-loading tasks. This has the consequence that a ZEO client with the "ZEO_CLIENT" env var set will cause product loading tasks to occur iff his "FORCE_PRODUCT_LOAD" environment var is set as well.
  • Further optimizations in the lexicon of the Catalog as well as the final merge code integration for Text indexes. This should reduce the bloat when things are reindexed.
  • StructuredText: old StructuredText replaces by StructuredTextNG. Added support for locale settings. Several bugfixes and code cleanup.
  • Image and File objects now support the HTTP Range and If-Range headers, enabeling partial downloads of such objects. This can be used by clients to restart a broken download. Downloads of these objects through FTP can also be restarted.
  • Update of Medusa tree to latest version
  • If an INSTANCE_HOME is defined and has a lib/python subdirectory, it will be added to the front of the Python path.
  • DTML-In and DTML-Tree now have optional "prefix" attributes that can be used to make friendlier tag variable names.
  • Added product reloading capability, formerly provided by the "Refresh" product. This enables developers to see the effect of changes to their products without restarting Zope.
  • Added new sequence module for underscore namespace to provide extended sorting functionality for sequence (implements ExtendedDTMLSorting proposal)
  • Fixed a long-standing bug in FileStorage that made it so versions were only partially committed.
  • Rewrote the complete indexing infrastructure according to the DropinIndex proposal (see lib/python/Products/PlugginIndexes/README.txt for detailed informations).
  • Adopted ZCatalog to new indexing infrastructure.
  • added text() method to HTTPRequest object to provide a plain text representation of the request (Collector #2264)

Bugs Fixed

  • TextIndexes which called methods expecting an argument failed with a TypeError. This was fixed by extending an exception handler.
  • A security issue having to do with setting permission mappings on ZClass methods was fixed (this supersedes Hotfix-2001-05-01)
  • Automatic reloading of Help topics while running in debug mode was fixed.
  • Fixed problem adding propertynames with spaces (Collector #2206)
  • Plugged a memory leak in extensions. There are often circular references in code generated by Python's "exec" statement but with a small change extensions now break those references.
  • Hardened ZMI contents view against subobjects w/ flaky get_size (Collector #1900).
  • Fixed OFS.CopySupport's _verifyObjectPaste to utilize the permission stored in the metatype registry, if available (Collector #1975)
  • Fixed a long-standing bug in FileStorage that made it so versions were only partially committed.

Zope 2.3.2

Bugs accidentally fixed :)

  • Fixed missing html_quote attribute inside some DTML methods (Collector #2170)
  • Fixed logging output to the compatible with the Common Logfile Format specs (Collector #2188)

Zope 2.3.2 beta 2

Bugs fixed

  • Fixed Catalog "object does not support item deletion" bug.

Zope 2.3.2 beta 1

Bugs Fixed

  • Catalog field index bug fixed.
  • Fixed several places where filesystem paths were assembled in a non-portable way.
  • Fixed some places in SimpleItem that assumed that the object was an Acquirer.
  • Fixed layout problem in StandardCacheManagers/dtml/propsRCM.dtml (Collector #2152)
  • Fix bug in AcceleratedHTTPCacheManager. Sended HTTP headers were depending on locale settings (Collector #2142)
  • GoLIVE is unable to handle some empty properties send from the Zope's WebDAV server. (getlastmodified is no more send when they are not available for an object) (Collector #2150)
  • added globbing support for the FTP server
  • added support for fetching recursive listings from the FTP server (needed by ncftp)
  • fixed handling of broken objects in the WebDAV server
  • An ambiguous timezone alias (CDT) was removed from DateTime.
  • It was not possible to pass class=... to the tag() method of Image objects because class is a Python reserved word. Image.tag() now accepts an optional css_class argument that is turned into a class attribute on the resulting tag to work around this.
  • Fixed various places where the right tabs were not highlighted after form submissions.
  • The code that produces the data for the security settings form included a misleading default (Manager) that could make it looks as though Manager had a permission in a subobject when that permission had actually been denied in a higher level object. This only affected the form generated, not the actual security settings in effect.
  • The textarea resizing buttons for DTML objects and scripts were not preserving work done in the text area during the resize.
  • Some changes were made to the implemenation of User.allowed(), which will make it less expensive to do local role matching and also resolves an issue noted in the UserProgrammableSecurityObjects proposal on
  • A problem in the bytecode munging done by Python scripts that could cause a core dump was fixed.

Zope 2.3.1

Bugs Fixed

  • Fixed catalog length error bug.
  • Fixed textindex search queries with parenthesis (which haven't worked since at least 2.2.4).
  • Added logic to use the value of textindex_operator as passed in the request to determine which query operator to use (and, near, andnot, or). Valid values to pass in to textindex_operator are and, or, near, and andnot (capitalization is ignored). This is a near-term workaround for the inability to specify a default text index query operator on a per-index basis. It provides the ability to override the currently module-defined default Or operator for textindexes on a per-search basis.

    An example of the utility of textindex_operator used with a ZCatalog instance:

    zcatalog.searchResults(atextindex=foo, textindex_operator=and)

  • The import machinery did not correctly find import files located in SOFTWARE_HOME/import if SOFTWARE_HOME / INSTANCE_HOME setups were in use.
  • The default view for "broken" objects was broken :)
  • The FTP server now provides for more informative error handling through a setMessage() method on the ftp response object (thanks to Richard Jones).
  • The title of HTML help files is now parsed out and used by the help engine (thanks to Richard Jones).
  • Objects wrapped with Explicit acquisition wrappers were not correctly handling the __nonzero__ protocol (as well as other numeric protocols).
  • A bug in the sendmail tag that could cause "len of unsized object" errors has been fixed.
  • Some bits of DateTime parsing were not raising the same errors claimed in the documentation.
  • Handling of HTTP "Destination" headers for WebDAV MOVE and COPY was not tolerant of complete URLs (including scheme, server, etc.)
  • Keyword indexes generated spurious error logs when objects without keywords were added.
  • Fixed a memory error in the new BTree buckets that surfaced during testing on ia64.
  • Fixed a multi-arg append() call in the ClassicDocumentClass in StructuredText.

Zope 2.3.1 beta 3

Bugs Fixed

  • ImageFile objects were not using os.path.join to build the local path to an image file, which caused oddities on win32.
  • Some missing casts in Splitter.c prevented the splitter from properly working with some international characters.
  • Fixed documentation of dtml-var tag. Improved discussion of entity syntax and fmt and url attributes.
  • Fixed manage_convertBTrees method of ZCatalogs (this method was failing due to a missed copying of the length value, preventing Catalogs from showing their "old" items once converted).
  • Changed the presentation of last-modified dates in ZMI listings to an ISO format that is a bit shorter and a better common format.
  • Added a patch to to handle entity references.
  • Added a patch to to use the new dtml syntax when adding header and footer lines.
  • Handling of the __nonzero__ protocol by Acquisition wrappers was fixed.

Zope 2.3.1 beta 2

Bugs Fixed

  • Fixed formatting bugs in the DTML reference. Also added a note to the dtml-tree tag reference page explaining the leaves attribute better.
  • Fixed broken Image and File downloads when using an Apache server set up to cache such data. In certain circumstances a content-length of 0 would be sent, which made Internet Explorer not read any more than that, resulting in broken images and downloads.
  • Fixed a doc string display bug in API help topics. Also slightly improved the display of help topics which include more than one class.
  • Fixed inaccuracies in dtml-in DTML reference help topic. (Collector #1972)
  • Merged a bug fix that was missed in the logging call when an object that is not in a Text Index tries to unindex itself.
  • Removed a duplicate list item from the copyright screen.
  • Fixed a bug in the docstring of
  • Added ZPL to ZPublisher/
  • The tabs behaved oddly in the "database management" part of the control panel.
  • The icon for Python script objects has been updated. Thanks to Chris Withers for sending it in.
  • Added an entry to doc/FAQ.txt about the "checksum error" that some vendor-supplied tar implementations (Solaris) produce due to long pathnames in an archive produced by GNU tar.
  • Using the scale argument to the tag method of an Image object could produce invalid height and width values in the resulting HTML tag (floating point values).
  • The tab corner .gifs for inactive tabs were not transparent in places where they should have been.
  • Corrected mistakes in the logic that retries the request when a ConflictError occurs. The behavior was a little erratic.
  • The problems (attribute error: commit_sub) that some people were having with certain kinds of objects (like database connections) not playing correctly with subtransactions have been fixed.
  • Applied changes from Hotfix_2001-02-23. Some ZClass methods weren't protected properly and the ObjectManager, PropertyManager, and PropertySheets classes were returning mutable objects that could be exploited by restricted code.
  • A malformed html option tag made the add list broken for Mozilla.
  • The permission declaration for manage_main on ZSQLMethod objects was missing, making editing effectively only available to the Manager role (the Change Database Methods permission had no effect).
  • A missing / at the end of the contents form action url caused some clients to behave strangely.
  • A long-standing problem with traversal of object names with spaces in them from WebDAV tools has been resolved. Part of the DAV machinery was in some cases double-url-quoting DAV:href values.
  • A long-languishing patch from Dieter Maurer to fix batching info in dtml-in has been applied.
  • failed to correctly pass an address:port specification for the ZSYSLOG_SERVER environment variable to the medusa syslog logger.
  • The value passed for the ZSYSLOG environment variable was not being used in the same way by logging machinery in ZServer and the Zope core. The file in doc/LOGGING.txt has been updated to reflect that the value passed for ZSYSLOG should be the path to the UNIX domain socket to log to (usually /dev/log).
  • Using the strftime method of DateTime objects (often via the fmt attribute of a dtml tag) produced incorrect results for DateTime objects outside of the range of the native C strftime implementation. A change has been made so that an exception is raised in those situations rather than silently return the wrong answer.
  • Corrected the aq_inContextOf() method so it always follows containment wrappers.
  • The headers attribute of FileUpload objects did not have any security assertions, which meant that it could not be accessed from DTML as advertised.
  • A number of Collector patches to fix DateTime issues (mostly regarding timezone handling) were applied.
  • Key errors were returned from catalog searches due to bugs in unindexing objects.
  • Objects that should have been included in search results were excluded do to bugs in indexing objects.
  • The database grew too fast when objects were routinely indexed one at a time by the catalog. This was due to inefficiencies in the underlying BTree implementation that caused too many objects to be changed when indexing incrementally. In addition, the set implementation, used for keeping track of documents in field indexes, when the number of documents per key was large, caused large database updates when a document was added or removed, because the entire set was stored in a single database record.

    A new BTree and set implementation has been provided to address these problems.

  • The catalog is the most common source of conflict errors due to a number of "hot spots" in the implementation and due to the large number of objects that are typically updated when indexing. The hot spots have now been removed and the number of objects modified when indexing has been dramatically reduced. In addition, conflicts detected during transaction commit can now usually be resolved using new conflict-resolution protocols and conflict-resolution support added to the catalog. These changes will not avoid all conflicts, but will reduce conflicts significantly in many cases.

    Specific information on how to update existing Catalogs to take advantage of the data structures available can be found at:

Zope 2.3.1 beta 1

Bugs Fixed

  • PUT on NullResource is now a public method that checks whether the user can create the type of object returned by a PUT_Factory.
  • dtml-in sorting using unhashable types (like lists) has been fixed.
  • A new environment variable "FORCE_PRODUCT_LOAD" when set on ZEO clients (clients which also define the "ZEO_CLIENT" env var) causes product loading to be "forced" by that ZEO client. Formerly, if all ZEO clients had the "ZEO_CLIENT" environment variable set, it was impossible to force a product load without undefining the "ZEO_CLIENT" env var on one of the ZEO clients. Now, if one of the ZEO clients has both the ZEO_CLIENT env var and the FORCE_PRODUCT_LOAD env var defined, that client will push products into the ZODB. It is advisable to only set FORCE_PRODUCT_LOAD on one ZEO client if it's set at all.
  • A typo in CopySupport caused the wrong http error to be raised in manage_renameObjects (500 Server Error instead of Bad Request).
  • A bit of PermissionMapping logic was calling manage_access with too many arguments, causing an error when trying to make changes on the Security tab of ZClasses.
  • The Catalog no longers throws an AttributeError if you pass it a sort_on parameter that isn't useful. Instead, it throws a ValueError with an instructional string.
  • An error in the edit form for Permission objects made it impossible to edit Permission objects in Products through the Web.
  • The script source in Python scripts was not being html quoted on the Web edit form.
  • Fixed a bug in that made it difficult to see the reason connections failed.
  • Fixed a bug which made it impossible to cut and paste ZCatalog instances.
  • Processes spawned from a Zope process could have a bad effect if one tried to kill the Zope process while a spawned process was still active. Because the spawned process had inherited the listening sockets of the servers across the fork(), it was not possible to restart the Zope instance until the spawned process had died and release the server sockets :(
  • Added a "" module to lib/python. This tempfile module is r1.27 from the Python CVS MAIN branch. It fixes two race condition bugs that could appear under heavy load. This module will be used by Zope instead of the that ships with the Python source or with a Zope binary distribution. It is probably unnecessary under Python 2.0+, but won't hurt.
  • Removed lib/python/App/manage.dtml, which wasn't removed when dtml files were moved to a separate directory.
  • Fixed two mistakes in the RAM cache cleanup code.
  • Added code to handle a failed BeforeTraverse hook gracefully.
  • Added help system docs for Script (Python) instance management screens.
  • Checked in Stephen Purcell's PyUnit 1.3, replacing PyUnit 1.2.
  • Hardened ZMI contents view against subobjects w/ flaky get_size (Collector #1900).
  • Corrected a bug that could leave a cacheable object associated with the wrong cache manager after switching cache managers.
  • Changed the html title tag in the manage frameset to use BASE0 instead of SERVER_NAME, providing more useful info for virtual hosted sites (patch from Chris Withers).
  • The highlighted active tab wasn't correct for some security views.
  • Changed undo error message wording in FileStorage, DemoStorage, and POSException. Confusing error reports that claim a transaction could not be undone because the transaction was "undoable" now claim that the transaction was "non-undoable".
  • Some conflict errors failed to properly quote object ids, making the ids unreadable and introducting binary text into output.
  • Changed Product init/list code to accept all of "VERSION.TXT", "VERSION.txt", and "version.txt" as the version.txt file for the Product. Additionally accept any of "README.txt", "README.TXT", or "readme.txt" as the readme filename.
  • When the root index_html was missing, an inappropriate error was displayed to a visitor when viewing an object that didn't have its own index_html. (Collector 1954, thanks to Chris Withers for the bugreport).
  • A bug prevented unchecking the "cache anonymous connections only" checkbox for Accelerated HTTP Cache Managers.
  • Some code that tried to workaround a DAV client bug dealing with ports in Host headers caused problems for virtual hosting setups. That code has been disabled until we decide that we care enough about the buggy client to work around it in a better way.
  • The isCurrent(Month|Day|Hour|Minute) methods of DateTime objects returned incorrect answers. Thanks to Casey Duncan for the patch.
  • The "help" links did not work if javascript was disabled in the client.
  • ZCatalog getobject now uses unrestrictedTraverse during getobject instead of restrictedTraverse. This emulates Zope 2.2 behavior.
  • A bug in the HelpTopic implementation for STX help topics caused them to be inaccessible unless Anonymous Users had the View permission.
  • Structured Text did not correctly recognize CRLFs generated by windows editors as paragraph dividers.
  • A bit of code that ran after an import where ZClass objects were added was removed. It was designed to fixup the ZClass registry after import to resolve ZClass dependencies that could get broken if a system were moved in separate imports. It turned out to be expensive under ZEO, and the benefit is not that compelling (if a failed dependency does get introduced, it will be spotted at the next startup).
  • The month name recorded in Z2.log was affected by the current locale setting, which caused problems for various logfile analysis tools.
  • Product object in the control panel had a useless View tab by an accident of inheritance.
  • Manual restarts and shutdowns weren't logged.
  • Unix: If processes were restarted too frequently, the daemon process incorrectly inferer a startup problem and shut itself down.
  • Unix: On restart, the watcher daemon restarted as well, causing the watchers process id to change.
  • The method for enabling modules for use with Python scripts was not documented and a bit harder than it needed to be. A helper function has been added in a in the PythonScripts product to make this easier and the process is documented in the README.txt in the PythonScripts package.
  • Fixed OFS.CopySupport's _verifyObjectPaste to utilize the permission stored in the metatype registry, if available (Collector #1975).
  • In certain situations using restrictedTraverse failed with the wrong error if called on the application object with the name of a nonexistent object.
  • Subtransactions couldn't be used if some data managers didn't support subtransactions. This was especially painful when using RDBMS user authentication in combination with large image or file uploads or catalog rebuilding, which use subtransactions.

    Now allow subtransaction commit (but not abort) even when some participating data managers don't understand subtransactions.

New Features

  • The API for cataloging objects changed slightly:
    • If the object being cataloged has a getPhysicalPath method, as Zope objects typically (always) do, then it is no longer necessary to pass a unique ID to the catalog when catalling the catalog_object method. It is recommended to not pass a unique id and let the catalog figure out the unique id on it's own.
    • If a unique id is passed to the catalog catalog_object method, it must be a string.

Zope 2.3.0

Bugs Fixed

  • The authentication machinery now correctly returns a 400 (Bad Request) if an invalid authentication token (bad base64 encoding) is sent by a client.
  • ZClasses with very minimal base classes could end up without a _setId method, which createInObjectManager expects.
  • Fixed a bug that caused the ExtensionClass __call_method__ hook to fail when used with unbound C methods.
  • Fixed a bug in the management interface which caused the "Paste" button to not show up after a copy or cut operation on the first showing of manage_main.
  • Final lexicon optimizations that provide additional performance over previous releases. In addition, the number of objects that have to be updated is frequently reduced.
  • Merge code for Catalog Text indexes has been integrated. This will now merge the changes in, rather than replacing them. This should reduce the number of objects that has to be updated. In addition, when nothing has changed, the object's indexes won't be touched, saving enormous amounts of space for some applications.
  • Flow of the Catalog management screens cleaned up so that pages are refreshed correctly. Buttons on the Advanced tab refresh to the Advanced tab now.
  • Further management interface cleanup of the Lexicon to bring in line with the normal ZMI.

Zope 2.3.0 beta 3

Bugs Fixed

  • The import / export button did not show up if a folder was empty.
  • A problem in acquisition wrapping of users obtained though the SecurityManager caused certain ownership operations to fail (this manifested itself as a report about broken DAV MOVE operations).
  • The Zope management screens no longer try to set a default charset with the content-type.
  • Certain security related operations were failing due to argument mismatch errors (too many arguments).
  • Passing unicode data to html_quote could cause problems since html_quote was trying to screen out two characters that many browsers are willing to accept as html special characters (to prevent "cross-site scripting" attacks). This has been moved out of html_quote and into the RESPONSE object, where the chars will be quoted only if no charset is defined for the content-type or the charset is an alias for Latin-1.
  • Rename via FTP was not supported.
  • Changed index_html, standard_html_header, standard_html_footer, and standard_error_message in to use "new" DTML syntax (as opposed to SSI-style syntax).
  • meta_type of all DTML Methods in object manager "_objects" lists is now "DTML Method". It had been "Document", which caused inaccurate superValues results if spec was used.
  • Make ZClasses navigable to FTP/WebDAV; implement PUT_factory hook to create PythonScripts (for MIMEtype text/x-python) and DTMLMethods (for other text MIMEtypes) (Collector #998).
  • Calling manage_addProperty with a list value and a type of lines caused a string representation of the list to be stored.
  • Submitting the proxy roles form without selecting any roles to be used as proxy roles caused objects with proxy role support to silently become unexecutable (have effectively empty proxy roles) rather than raising an error. The proxy role api now requires that at least one role be passed in or an error will be raised.
  • Mechanisms in the underbelly of the Catalog and Globbing Lexicon (which is the default for all new Catalogs) has been overhauled given substantial performance increases. On simple queries, performance should double (or more) in many situations, whereas with globbed queries it may increase by substantially more.
  • A method in SQLMethod objects had been removed but the reference to it in __ac_permissions__ had not, which caused failure on attempting to set permissions on SQLMethods.
  • A bit of exception handing in the dtml-in tag implementation was too general and could hide subsequent rendering exceptions (thanks to Richard Jones for the patch).
  • Cacheability was not fully enabled for DTML Documents.

Zope 2.3.0 beta 2

Bugs Fixed

  • Changed management style sheet to explicitly set the http content-type to avoid a rendering problem on resize in NS browsers.
  • index_html now shows zope_quick_start instead of old, inaccurate content.
  • Changed index_html, standard_html_header, standard_html_footer, and standard_error_message in to use "new" DTML syntax (as opposed to SSI-style syntax).
  • The way that the default management tree view imposed sorting in its tree tag dtml made it hard for custom objects to provide a sorting that would be more appropriate for the custom object. The management tree view now preserves whatever ordering is returned from tpValues. The default tpValues implementation in the ObjectManager class sorts by id by default.
  • Disallowed object IDs that start with "aq_".
  • Changed the default support for "domain authentication mode" in UserFolder to be disabled by default. Domain auth mode was implemented for a very specific case long ago and causes a lot of overhead for anonymous accesses that are needless for the 99% case. People who actually want domain auth mode turned on may call a new setDomainAuthenticationMode method to enable it if they wish.
  • Changed the implementation of emergency_user to be backward compatible with the expectations of third-party user folders. Third party user folders should now work with Zope 2.3 without modification.
  • A bug in the search interface generation for ZCatalogs was fixed.
  • An integrity check for the global product registry has been added at startup to mitigate registry consistency problems caused by things like missing base classes that cannot be detected by Zope (like removing a Product that another Product depends upon). If a problem is detected, the global registry is automatically rebuilt and the action is logged.
  • A bug in the rendering of record type form variables when rendering a request object was fixed.
  • A bug that cause setting of proxy roles for Python Scripts to fail was fixed.

Zope 2.3.0 beta 1

Features Added

  • Added a hook that allows user folders to provide a logout action.
  • Added a browser preferences screen to allow people to tweak the management UI to their liking. For the folks who complained that they didn't like the new top frame, they can (among other things) turn it off from the browser preferences screen.
  • Added Michel's new QuickStart material. I haven't quite decided whether the old QuickStart should go away or stay around as a source of examples.
  • The logout function has been implemented in a fairly minimal way. We may try to make this nicer by final if we get time.
  • The ZCatalog interface is now cleaned up and matches the new interface look and feel better. In addition some logical reorganization was made to move things onto an Advanced tab.
  • Result sets from the Catalog are now much Lazier, and will do concatenation with eachother in a lazy fashion. This was suggested by Casey Duncan in Collector #1712.

Bugs Fixed

  • Added a deprecated alias to UnrestrictedUser, Super, for use by user folder products that depend on the old class name.
  • Fixed path for management interface files used for CatalogPathAwareness and Aqueduct.
  • Fixed a NameError in HTTPRequest.
  • Made manage_page_style.css correctly available to all.
  • ZCatalog objects now show up in the Add List in the same naming convention that was used for all other Z objects. This does not* affect the meta_type that is actually used for the object itself.
  • (Collector #1835, 1820, 1826) Eliminated errors in both Field and Keyword indexes where old keys might show up in uniqueValuesFor() because of the way the data structures were kept around.
  • (Collector #1823)Eliminated situation where if the Catalog did not have a metadata record for meta_type the Cataloged Objects view would be incorrect and list everything as a ZCatalog. Now it simply lists it as Unknown.
  • (Collector #1844) On the brains returned from ZCatalog queries, getObject() now tries to resolve URLs as well as paths. This should catch more cases.
  • Tags generated for ImageFile objects attempted to use title_or_id(), which is not defined for those objects.
  • Mounting now fails gracefully in when getId() is not available in the mounted object.

Zope 2.3.0 alpha 2

Features Added

  • The install machinery for source release has been modified to allow Zope to build out of the box for Python 2.0. Note however, that Python 2.0 is still not officially supported. You may see quite a few warnings from the extension builder when compiling for Python 2.
  • A new module, AccessControl.Permissions has been added to make it easier to use the new security assertion spelling. The new module provides consistent symbolic constants for the standard Zope permissions.
  • Cache manager support added. This allows site administrators to ease the burden on their site in a very configurable way. It also provides an API for developers to follow when experimenting with caching strategies.
  • The ZPublisher method form variable type has been deprecated in favor of action. The behavior is the same, only the official (and documented in the Zope book) name has changed. The method name is still supported for backward compatibility.
  • The objectIds and objectValues methods of ObjectManager derived objects are no longer directly Web-accessible. This is a topic that has come up over and over on the lists. Some (xml-rpc, mostly) users may depend on this behavior - applications that need access to this information remotely should be modified so that a Python Script or DTML Method can explicitly pass the data.
  • The Image.tag() and ZopeAttributionButton methods now return an image tag that is XHTML compatible; a space and a slash have been added.
  • SQLMethods can now be edited via FTP and WebDAV tools. Thanks to Anthony Baxter for his FTP support patches.
  • The Catalog has been slightly overhauled to manage object paths instead of URLs in its tables. This should not cause any backward compatability concern, but everyone upgrading should read the web pages on the site at: this will provide information about how to upgrade and new features on the result sets, like getObject and getPath. These are very important.
  • SiteAccess 2.0 has been added, to enable virtual hosting.
  • The StandardCacheManagers product has been added as a primary product, making it easier to get started with caching.
  • The class DTMLFile has been added alongside of HTMLFile. It supports name bindings, ignores positional parameters, and puts the container on top of the namespace by default. Most HTMLFiles should work the same (or more securely) if converted to a DTMLFile. Most management interface methods should be converted by the final release of 2.3.
  • Added a variable called PUBLISHED to REQUEST. From now on, this variable should be used instead of PARENTS for user validation.
  • The inituser file is now read even when one user has been created. This provides a way to reset the password after a new user installs Zope but ignores the generated password.
  • ZCatalogs have a reduced number of management interface tabs.
  • ZCatalog keyword and field indexes have been modified to use a merge strategy when existing indexes are updated. When an existing object is indexed, the contents of field and keyword indexes are merged with the changes detected between the existing contents of the index and the new content.
  • CatalogPathAware class added. This will eventually replace CatalogAware.
  • The ManagementInterfaceQuickFix project was merged in. The Zope management interface has been tweaked in various ways to improve productivity and consistency and is now at least slightly less ugly :)

Bugs Fixed

  • A misspelled function name which prevented the addition of properties was corrected.
  • Caused PropertySheets to restrict IDs the same way ObjectManager does.
  • (Collector #1586) Fixed situation where the Catalog would attempt to loop over a bucket as if it were a list, which won't work. This was reported by Steve Alexander with a patch.
  • Corrected local role computation (Hotfix 2000-12-15)
  • The basic user folder implementation in was changed to use the Zope security policy machinery. see ChangeUserFoldersToUseSecurityPolicyAPI for details.
  • Trying to cut or copy with no items selected now returns a nicer error message.
  • A roles keyword argument was added to ZopeSecurityPolicy.validate to enable callers to pass in roles as opposed to allowing the machinery to figure it out for itself.
  • Some product context initialization related to setting roles was updated.

Zope 2.3.0 alpha 1

Features Added

  • Python Scripts are now part of the Zope core. Big whopping kudos to Evan Simpson for all of the work he has put into this! Having Python Scripts in the core will allow people to much more easily separate logic and presentation (and get that logic out of DTML!) More information and prototype documentation for Python Scripts can be found in the project:

  • Added the __replaceable__ property support to ObjectManager. This is currently documented only in the Wiki.
  • Added unit tests for the DateTime module.
  • Added new BASEPATHn and URLPATHn variables in the REQUEST object, and changed Zope core DTML files to use BASEPATH1 instead of SCRIPT_NAME.
  • Added new getId() method to SimpleItem.Item. This should now be used instead of referencing directly, as it is guaranteed to always be a method and to always return the right thing regardless of how the id of the object is stored internally.
  • Improved Ownership controls. Now you simply choose whether or not to take ownership of sub-objects when taking ownership. There is no need to control implicit/explicit ownership.
  • Changed the Zope installation procedure so it is only necessary to create one user account and that user is stored in the ZODB. The user created at startup now is simply a normal intial "Manager", not the "superuser". It is no longer necessary to login, create an initial manager, logout and log back in! Woohoo!
  • Implemented the "emergency user" concept, which is the new name for what was called the superuser. The emergency user doesnt even exist now until you explicitly create it.
  • Added new "WebDAV source view" HTTP handler, enabled by new -W (note uppercase) switch to This handler is not enabled by default.
  • Implemented "hookable PUT creation" (allows containers to override webdav.NullResource's guess at the type of object to create when PUT is done to an unknown ID).
  • Added to the utilities directory. The testrunner is a basic utility for running PyUnit based unit tests. It can be used to run all tests found in the Zope tree, all test suites in a given directory or in specific files. The testrunner will be used to ensure that all checked in tests pass before releases are made. For more information, see the docstring of the actual module.
  • The Interface scarecrow package has been checked in - more work will likely be done on it before it goes into wide use. See Michel's "Zope Interfaces" project on for details:

  • PyUnit has been checked into the core. Along with the testrunner, this provides enough infrastructure for us to incrementally begin accumulating (and running!) test suites for various parts of the Zope core.
  • The new security assertion support has been checked in. For more information and an updated version of the "Zope security for developers" guide see the project on

Bugs Fixed

  • Removed some cruft in OFS/ (an old data structure was being constructed but was going unused in favor of a newer structure used in conjunction with the mimetypes module).
  • (Collector #1650)Where the underlying object does not define its own __cmp__(), comparisons of acquisition-wrapped objects fall back to comparing the identities of the wrappers . Fixed to unwrap the object (both, if needed) before comparing identities.
  • (Collector #1687 Products which register base classes for ZClasses typically defer creating them until product registration; the derived ZClass needs them to be available immediately after import. Deprecated ProductContext.registerZClass and ProductContext.registerBaseClass in favor of a new function, ZClasses.createZClassForBase (because none of the machinery needed a ProductContext instance anyway).
  • (Collector #1355) Fixed overlapping HTTP POST requests in ZServer which could have been corrupted. Thanks to Jeff Ragsdale.
  • Undid a bug fix that caused the DateTime unit tests to fail.
  • Removed the requirement that an "access" file exist. "access" is now only needed to create an emergency user account.
  • Disabled the monitor port by default because, initially, there is no emergency user, and thus no password that can be used to protect the port.
  • Secured the hole that was patched by Hotfix_2000-12-08.
  • Disallowed object IDs that end with two underscores.
  • Caused PropertyManager to restrict id's the same way ObjectManager does.

Zope 2.2.5

Bugs fixed

  • Corrected a mounted database connection leak. The reference to the sub-connection was occasionally being garbage collected, meaning the sub-connection never get closed and Zope eventually used up all connections from the pool.

Zope 2.2.5 beta 1

Bugs fixed

  • Secured the hole that was patched by Hotfix_2000-12-08.
  • A bug in ZServer caused concurrent POST requests to overwrite each others incoming data, leading to AttributeError: data errors.
  • The ZSQLMethods code to handle query caching had a bug that could cause a KeyError in certain cicumstances.
  • A dumb algorithm in the basic user folder interface caused a reverse dns lookup to be done for each user in a user folder if domain-based matching was being used. This could cause a real lag for sites with large user folders doing domain matching.
  • The "View" management page for Image objects generated an incorrect link to the image object (though it often happened to work thanks to acquisition).
  • Import only looked for files in INSTANCE_HOME/import. Now, if the file is not found there it looks in SOFTWARE_HOME/import.
  • Fixed situation where the Catalog would attempt to loop over a bucket as if it were a list, which won't work. This was reported by Steve Alexander with a patch (#1586).
  • It was not possible to access the manage_access screen for a custom propertysheet on an instance. Thanks to Steve Alexander for this one as well.
  • The checkboxes on the "Add ZClass" form were being reset after every base class addition.
  • A WebDAV support bug that caused authentication to fail for MOVE and COPY (and possibly other) requests was fixed.
  • The WebDAV support was setting an extra HTTP Connection header when Zope was running under ZSever, because ZServer didn't handle that correctly back when the DAV code was written.
  • Several other DAV-related fixes were made to address bugs discovered in the course of using Zope with several DAV clients. The DAV support now generates a faux creation date property to make Adobe GoLive happy.
  • A bug in state diffing in the Tree tag when a tuple was passed in instead of a list was fixed.
  • Corrected local role computation (Hotfix 2000-12-15).
  • Fixed protection of the update_data method of File / Image objects (Hotfix 2000-12-18).
  • The content_type argument passed to manage_addImage or manage_addFile was ineffective.
  • The Image.tag() and ZopeAttributionButton methods now return an image tag that is XHTML compatible; a space and a slash have been added.
  • Long running processes spawned via os.system() from Zope code could hang the request that spawned them due to inheritance of open file descriptors. Thanks to Dieter Maurer for a fix for ZServer to set the close-on-exec flag on ZServer sockets.
  • Some of ZServer's medusa underpinnings were outputting various WARNING messages that should have been ignorable and caused confusion for new Zope users. The startup messages have been fixed to avoid spewing things that scare newbies unnecessarily.
  • SQLAlias objects were leaking when a database column was accessed via an aliased name. This was tracked down to a subtle bug in ExtensionClass.
  • A packing bug could, on rare occasions, cause corruption of transactions committed while the database was being packed. This corruption wouldn't show up until the database was scanned, either on startup without an index, or on subsequent packs. The actual data records were correct in most cases, but contained invalid file pointers to their transaction or other record data. The problem could be corrected using the FileStorage recovery tool,

Zope 2.2.4

Bugs fixed

  • There was a mistyped permission in ("Add Documents, Files, and Images" should be "Add Documents, Images, and Files").
  • The caching code added for ImageFile objects had a dumb cut-n-paste error (fixed for 2.2.4 final). ImageFile caching was verified after the fix with the Cacheability Engine at:
  • Fixed and tested a problem in the way that headers are extracted from the message text in the dtml-sendmail tag. Windows text editors could introduce ^M characters that threw off the rfc822 message parser if they were not cleaned off before parsing.

Zope 2.2.4 beta 1

Bugs fixed

  • Zope 2.2.4 includes all of the 2.2.3 changes plus a fix for a bug introduced while fixing another bug that caused acquisition of permissions to fail (whew!).
  • Fixed a bug in computation of object roles (from permissions) that could cause roles to come from non-containment context.
  • ImageFile objects (e.g. icons in the mgmt interface) did not set or recognize HTTP caching headers, which caused some browsers to never cache them.
  • The function rfc1123_date was mis-formatting http dates.
  • The registerHelp() method of ProductContext objects would blow up if a product did not have a help directory.

Zope 2.2.3

Bugs fixed

  • Resolved known condition in the Catalog where objects are not guaranteed to be unindexed before indexing happens again. Now objects are guaranteed to be unindexed correctly first. This should resolve all outstanding KeyErrors with Catalog, although currently broken Catalogs will require a reindex to resolve them.
  • Fixed a race condition and a possible memory leak in mounted databases.
  • Added the DTML Reference to the online help system.
  • Applied Toby Dickenson's patch that fixes aq_inContextOf. Now it is more thorough in discerning whether an object is in the context of another object.
  • Fixed keyword args for aq_acquire.
  • Plugged a memory leak that occurred when objects wrapped through acquisition but which do not have a "__call__" method are invoked. The arguments passed to the call would be leaked.
  • DateTime did not recognize timezone strings like +0200.
  • Security for Images and Files could not be changed due to an old name left in the permissions structure (__call__).
  • Removed some ancient references to Principia from the ZGadflyDA user interface.
  • Fixed bug in which opened filesystem file without using read-binary mode, which caused file corruption when uploading binary files using ZPublisher.Client from Windows NT.
  • The _getOb method of ObjectManagers did not correctly restrict access to private attributes (beginning with an _).
  • The XML import/export machinery was fixed to properly deal with long datatypes.
  • Uploading new contents for a File or Image object without a content-type header caused the old (possibly now incorrect) content_type attribute to be retained.
  • There was an extra slash in the rewrite rule for using PCGI in single-threaded mode in WEBSERVERS.txt
  • The PARENTS list passed to the validate method of User Folders did not include the published object, which could lead to incorrect security handling in certain cases (this was the 2000-10-02 Hotfix).
  • (Collector #1687) Products which register base classes for ZClasses typically defer creating them until product registration; the derived ZClass needs them to be available immediately after import. Deprecated ProductContext.registerZClass and ProductContext.registerBaseClass in favor of a new function, ZClasses.createZClassForBase (because none of the machinery needed a ProductContext instance anyway). Update OFSP and ZCatalog products to use this machinery, instead of registerBaseClass.
  • The manage_edit of the Connection base class used by database connection tried to coerce the connection string to an actual string. This was problematic because some DAs (Sybase apparently) store the connection string as an HTTPRequest.record object.
  • BASE tags generated by Zope were not XHTML compliant.
  • Part of the PropertyManager interface incorrectly assumed a wrapped object.
  • HTTP date headers were generated by strftime in medusa; this meant that using a different locale caused medusa to generate invalide Date headers re: the RFC. The date header generation has been changed to use english even if a different locale is in effect.
  • Dates generated by WebDAV code also used strftime and were therefore made invalid when a non-english locale was in use.
  • Headings generated in HTML by StructuredText did not generate a closing paragraph tag.
  • StructuredText did not recognize URLs with ampersands in them.
  • A bit of the SecurityManagement code expected threads to be available, which broke the "single-threaded-mode" that some folks use with pcgi.
  • DateTime arithmetic was broken if you tried to subtract a DateTime from another DateTime where one of them was on daylight savings time and the other was not.
  • The infamous "__call__" bug that could surface in situations where documents called other documents has been stamped out. And there was much rejoicing.
  • The redirect target after adding a ZSQLMethod had too many path elements in it.

Zope 2.2.2

Bugs Fixed

  • Applied Dieter Maurers patch to prevent log entries from being dropped when clients disconnect prematurely.
  • The manage_test method of database connection objects were not checking for RDB-format results, which caused the test queries to fail from the test tab of some older DAs.
  • did not allow passing numeric UIDs for the -u option.
  • Fixed a bug in the dtml-var tag handling of the null attribute. Before null would only work correctly if there was also a fmt attribute. Now null correctly works with non-zero false values when there isn't a fmt option.
  • Corrected a factory bug that prevented creation of ZClass instances within objects owned by users defined in a different user folder than the root acl_users.
  • Made ZopeAttributionButton method of Application object public.
  • Factory dispatchers inappropriately acquired ownership in certain cases, causing problems creating objects for users not defined in the root user folder.
  • The DestinationURL method of FactoryDispatchers did not work correctly if the dispatcher was obtained through the unrestrictedTraverse method.
  • Several calls to socket.bind() were fixed for Python 1.6/2.0 compatibility in PCGI and Gadfly.
  • The sqlvar tag could fail on the trailing L of the string representation of longs when coercing to int or float.
  • Under some circumstances, versions were only partially committed (or aborted) in FileStorages causing objects to be left locked in a version with no way to unlock them.
  • FileStorages opened read-only incorrectly truncated data files when incomplete transactions were discovered.
  • Read transactions were aborted due to conflict errors. This was an attempt to catch write conflicts early, but was far too pessimistic.
  • The document_src method of DTML objects required a REQUEST and RESPONSE argument, making it difficult to use from Python code. They are now optional.
  • The "test" tab of SQL Methods did not include the rendered query in the error message if the test failed due to a database-level error (such as a malformed query).
  • A signed/unsigned buglet in the code for Splitter objects caused recognition of national characters to fail on some platforms (FreeBSD/x86).
  • A bug in ZODB database objects could cause ZEO clients to fail to start without deleting the ZEO client cache.
  • The lock keyword argument to RESPONSE.redirect was not in the API documentation.
  • Some missing SCRIPT_NAME variables were added to the IMG SRC paths for the navigator pane.

Zope 2.2.1

Bugs Fixed

  • Correction of ZClass-in-ZClass bugfix which prevented import of .zexp's containing Factories.
  • Made acquisition in the URL and XML-RPC work together.
  • A bug in FTP downloading was fixed.
  • A bug in the "views" screen for ZClasses could cause strange IndexErrors depending upon whether help topics were created.
  • Improved behavior when non-persistent objects are added to an ObjectManager.
  • Fixed an obscure bug that could cause Zope to crash when there were errors in computed attributes that depended on acquisition.
  • Fixed very obscure bug in database invalidation when committing from one version to another. This could cause source version data to fail to get updated.
  • Fixed a condition that prevented error messages from being displayed when performing a redirect. This means that standard_error_message documents that redirect now need to add a "lock=1" argument to the redirect call.
  • A bug in the stupid file logger consumed exception info for certain types of errors (such as failed product import).
  • A bug in integration with the new security machinery caused copy / paste operations to fail in certain cases.
  • Changed permission assignments for manage_editForm, manage, manage_main, manage_uploadForm, manage_historyCopy, manage_beforeHistoryCopy and manage_afterHistoryCopy to Change DTML Documents (for DTML Documents) and Change DTML Methods (for DTML Methods) which is more correct and makes view filtering work properly.
  • The medusa code that produced the server log file was writing the formatting the date in GMT but adding a local timezone identifier (+0100, etc.) It has been fixed to format the date using localtime.
  • The DTML "tree" tag did not understand the common shorthand spellings for name= and expr=.
  • The HTML4 formatting method on DateTime objects did not return the datetime in UTC as it was supposed to.
  • A bug in caused an entire extra copy of large file uploads and input data to be kept in memory, defeating the work the module does to avoid doing exactly that ;^)
  • A bug in the cgi module could cause memory to spike on large inputs, as it kept a complete copy of the input in memory that was never used :(
  • A packing bug could cause data written by saved versions to be inaccessible. This is actually a bug that was fixed in Zope 2.1, but the fix never got applied to the main code tree. :(
  • The behavior of the tag and __str__ methods of images has changed slightly; if no alt argument is given, it will use the title of the image (if defined) for the alt attribute. Otherwise it will generate alt="". Also, it now generates border="0" unless a different value for border is given as a keyword argument.
  • The database control screen in the control panel did not work with storages that returned string "sizes". Some storages return strings to indicate units other than bytes.
  • Fixed the broken Product Help icon.
  • Fixed ZClass view help setting, thanks to Jeff Sasmor.

Zope 2.2.1 beta 1

Bugs Fixed

  • FileStorage-based databases became corrupted when their size grew beyond 2GB.
  • FileStorage-based databases could be corrupted if transaction descriptions or transaction extended meta-data exceeded 64KB in size.
  • Some relational database adapters use an older version of a results class in Shared.DC.ZRDB. The RDB-format based results class was missing a needed security assertion to allow access to result data.
  • Missing security assertions in the ZDOM module caused unauthorized errors for things trying to use ZDOM (such as XMLDocument).
  • A bug in the registration of help content caused unnecessary transactions to be written at startup.
  • The machinery for guessing content types ignored default values passed in explicitly.
  • A problem in the Find machinery removed the acquisition context from subobjects, causing permission checking to fail.
  • There was a hard-coded unix path separator in the logic for initializing special dtml objects from files.
  • The ordering of tabs on some management screens was changed inadvertantly during the 2.2 development cycle. The ordering has been tweaked to conform more closely to earlier releases.
  • The strftime() method of DateTime objects was changed so that it formats based on the current timezone representation of a given DateTime object. This is now also the case when formatting DateTimes from DTML using the fmt="..." construct (which uses the strftime method under the hood). Previously, strftime converted to GMT, which was inconsistent with other formatting methods and caused problems for people. Those who actually do want the date to be formatted in GMT can use: myDate.toZone(GMT) to get a version of the object represented in GMT and then call the formatting methods on that object.
  • Permissions were not properly defined for the new history vew in DTMLMethods and DTMLDocuments. This caused many useful features to be available only to managers and others to be available only to those with undo priveledges. A new permission, "View History" has been added for viewing historical changes and you can copy historical versions to the present if yo can edit DTMLDocuments or DTMLMethods.
  • The new traversal method, restrictedTraverse was private, but should have been public. It also didn't check access to the root object when an absolute path was used.
  • The roles (and only the roles) "Manager" and "Anonymous" had the "Access contents information" permission on the root application object regardless of permission settings made through the management interface.
  • A ZCatalog bug which was symptomized by a "KeyError" during a searchResults query was squished by changing some exception handling in the cataloging machinery.
  • Version's chose their names based on absolute_url, which depends on access method, rather than physical path.
  • A fix for socket.connect() calls in preparation for Python 2.0 was accidentally applied to a wrong part of in ZPublisher.
  • The "distribution" tab for ZClass-based products has been changed to allow creation of redistributable products.
  • DAV property sheets were not correctly associated with permissions, which cause Unauthorized errors when iterating over propertysheets under the new security model.
  • Some patches to PCGI added in the 2.2 development cycle to support things like syslog connectivity were backed out due to problems on certain platforms. The patches may make it back in the future after the issues are resolved and broader platform testing can be done.
  • The new security machinery did not allow REQUEST to be accessed when it was acquired. This didn't prevent access to REQUEST, but made the access eccessively expensive.
  • Fixed the display order of the Zope tutorial topics.
  • Fixed the help system menu frame to not use standard html header and footer.
  • Products that have not been updated to define an initialize method to do product initialization were not filtered correctly by permission in the filtered object add list.
  • Exception logging was added to catalog to catch "shouldnt happen" sorts of events.
  • Text indexes did not recognize boolean connectives (and, not) if they were mixed-case.
  • Fixed Tutorial bug that caused win98 to crash with adding a tutorial.
  • Fixed to avoid overwriting existing service start parameters at install time on win32.
  • The deprecated alias getSize() was added back to Image and DTML objects (existing products still depend on it).
  • Cleaned up a DocumentTemplate namespace issue. Fixed QuickStart.
  • Removed old validation code in cDocumentTemplate.
  • In ZCatalog, it was possible for stemming on single-word search queries to be handled incorrectly and produce no results.
  • A problem in the url traversal machinery caused strange errors in cases where the root of the site was requested but had no index_html instead of the expected Not Found error.
  • ZCatalog objects did not implement the searchable object interface correctly.
  • XML (database) import sometimes failed, especially with ZClass instances.
  • XML (database) export didn't properly handle strings that contained the string "\n".
  • The tag insertion machinery failed if the request result had content-type with a charset attribute (thanks to Dieter Maurer).
  • A long-standing bug that caused a "resource not found" error when trying to instantiate a ZClass inside of another ZClass was fixed. Hooray for Chris McDonough :^)
  • In certain circumstances it was possible for the manage_afterAdd and other manage_after* methods to get into an infinite loop by essentially acquiring themselves in cases where subobjects did not implement those protocols.
  • The sqlvar tag produced misleading error messages when an expression caused an exception during rendering.
  • RFC1123 dates were not formatted correctly in the webdav.client implementation.
  • Made the ObjectManager class inherit from Traversable (which exposes unrestrictedTraverse). ObjectManager-type items which didn't inherit from SimpleItem.Item had problems with Management.Tabs producing the right views for manage_options before this was in there.
  • FileStorage-based databases got into an unusable state if available disk space was exceeded. This problem could lead to database corruption.

Zope 2.2.0

Bugs Fixed

  • The add form for MailHost objects described fields that are no longer needed (descriptions have been removed).
  • User databases did not correctly handle situations where a browser sends an authentication token naming a user that can't be found while accessing a publicly available resource.
  • Minor bug in ZCatalog which prevented deletion of indexes fixed.
  • XML-RPC requests could not be completed via https.
  • Several uses of multi-argument append() calls (that will be illegal in Python 2.0) were fixed.
  • The UNLOCK method for DAV support was missing some needed argument declarations.
  • Corrected some error handling in the database connection code.
  • Fixed support for strftime day-of-week formatting in DateTime.
  • Fixed Image content-type detection to also use the binary "nonces" in the file to determine the real content-type. This should catch GIF/JPEG/PNGs that are uploaded without the correct information associated with them.
  • Added missing permission declarations to make the methods of PropertySheets objects accessible.

Zope 2.2.0 beta 4

Bugs Fixed

  • The History tab is now protected by the Undo changes permission, and setting this permission actually has effect now.
  • A bug in validation in filtered_manage_tabs made tabs misbehave in some cases.
  • Fix an AttributeError bug in the Lexicon objects used by ZCatalog.
  • FileUpload objects did not have the required security assertion to allow access to attributes such as filename and headers.
  • Broken objects weren't deletable due to a recent change in the object deletion logic added to support mountable databases.
  • Some formatting bugs in the status method of the ZServer HTTP server were fixed (thanks to Jeff Rush).
  • The _read_data method of Image and File objects didn't correctly handle being passed an actual file object.
  • A new behavior in 2.2 is that after calling REQUEST.redirect the HTTP status can no longer be changed. This caused problems for some people who were calling redirect() and then trying to set the HTTP status to 301 Moved Permanantly instead of the default 302 Moved Temporarily status. To make this possible, a new optional status argument is now recognized by the redirect method so that RESPONSE.redirect(/foo, status=301) can be used
  • Corrected the text of some kinds of unauthorized error messages.
  • Fixed a bug that caused dtml-try to throw a KeyError. Related to the recent changes made to DT_Util.namespace().
  • Packing to a time earlier that a previous pack could lead to serious data lossage.
  • Attempts to install product information into the Zope database on startup made no sense and could cause problems for ZEO clients. Product adtabase updates are suppressed when the ZEO_CLIENT environment variable is set.
  • A missing security assertion made DTML code that tried to create instances using manage_addProduct['foo'] constructs fail.
  • Fixed a couple typos in the Tutorial thanks to Alastair Burt.
  • Fixed a Javascript error in the Tutorial thanks to Luke Tymowski.
  • Revised online help content quite a bit.
  • Revised API docs quite a bit.
  • Fixed a bug in Logging docs thanks to Andy McKay.
  • Added code that will reveal bugs in calls to DT_Util.namespace().
  • The way that the values of selection and multiple selection properties were looked up on the properties form was changed so that the values can now be either properties on the same object or found through the DTML _ namespace to support situations where the selection value is acquired or otherwise not findable in the object's properties.
  • The If-Modified-Since handling in Image and File objects did not gracefully handle malformed date strings in that header (which seem to be sent by certain proxy servers). Malformed date strings are now ignored as if the header was not present rather than raising an error.
  • Corrected a recent problem with boolean properties.
  • Permissions were not being set properly on factory methods (constructors) loaded from Python (disk) products. This bug existed in 2.1, but was not very visible until recent fixes were made to the security machinery.
  • The ownership management code incorrectly was willing to delete ownership information in the class rather than only in object instances.
  • A bug that made packing always complain that you were trying to pack to an earlier time than a previous pack was fixed.
  • The security context stack wasn't handled correctly for DTMLDocuments.
  • DateTime objects did not support GMT(+/-)xx30 timezones.

Zope 2.2.0 beta 3

Bugs Fixed

  • Handling of "broken" products was, er, broken :) This is why some folks reported seeing objects "spontaneously change into Folders". In reality, the Broken objects that should have been created in place of objects whose Product was missing or broken weren't behaving correctly due to an interaction with the new overridable __getattr__ support in cPersistence.
  • FTP support was broken for Folders containing Broken objects.
  • ZServer returned None as the HTTP version if no version was given in the HTTP request.
  • It was possible to rename or move Versions, which was plain bad.
  • A bug that caused SQLMethods to have problems unpickling was fixed. This bug also made it impossible to add Zope Tutorial instances.
  • A bug in the lookup order for Product extensions was fixed.
  • Fixed the tutorial to ensure that a gadfly directory has been created before attempting to import the tutorial info.

Zope 2.2.0 beta 2

Bugs Fixed

  • Fixed Tutorial bug that caused win98 to crash with adding a tutorial.
  • Fixed to avoid overwriting existing service start parameters at install time on win32.
  • The deprecated alias getSize() was added back to Image and DTML objects (existing products still depend on it).
  • The "Host" headers sent by ZPublisher/ did not include the port number if given.
  • Cleaned up a DocumentTemplate namespace issue. Fixed QuickStart.
  • Removed old validation code in cDocumentTemplate.
  • Added checks to only allow legal Python name characters in ZClass ids.
  • Selection and multiple selection properties were displayed incorrectly on ZClass propertysheet forms.
  • getPropertyType was not supported for PropertySheet objects. It appeared to work but always returned None because it was being acquired :)
  • The send method of MailHost objects was broken if explicit to, from or subject arguments were given.
  • The constructor for MailHost objects was changed to have a non- backward compatible signature in the alpha period. The localhost and timeout arguments were added back to the MailHost constructor for backward code compatibility for 2.2 beta 2 (though these args are now effectively ignored).
  • An insufficiently protected method deep in DocumentTemplate was fixed to prevent a security issue that could allow unauthorized changes to the sources of DTML objects.
  • Insertion of the BASE tag in responses violated the HTML 4 spec, which states that BASE must come first in the element of a document so that relative references thereafter will work. It now conforms to the spec.
  • A bug in the SendMail tag if an existing mailhost was named has been fixed.
  • New and improved content has been added to the help system.
  • Some problems with certain management screens having wrong help or no help have been fixed.
  • A bug in PropertyManager allowed properties defined in products as read-only to be changed.
  • Added an entry in the content_types registry for RealAudio file extensions.
  • At some point stopped accepting "-P 0" as a valid option. That has been fixed.
  • Fixed a bug that caused instances of ZClasses which use DTMLMethod as a base class to have an ID of "". Unfortunately, existing instances will still have the wrong ID. The effect is it's not possible to use the clipboard on them. They will need to be re-created.
  • Fixed a bug in PermissionMapping that could in a certain case cause determination of whether an object is a ZClass instance method to throw an exception.
  • A few tweaks were needed to the way that SQLMethods made use of the new security machinery. This fixes the authorization problems some users were seeing when calling SQLMethods from inside of other SQLMethods.
  • Medusa did not handle absolute URLs given in HTTP commands quite correctly. It turns out that WebTV (and possibly others) send such commands, and the HTTP spec allows them, so we now support it.

Zope 2.2.0 beta 1

Features Changed

  • Split the old CHANGES.txt into two files. CHANGES.txt will now contain only change information for the current Zope release. Change information for older versions is now in the file HISTORY.txt.
  • Added basic internal support for mountable databases. A separate product will still be required to make use of this ability.
  • Added a new "history" tab to selected objects (DTML methods and documents for now) that provides access to previous versions through the web.
  • The property management screens now include the types for existing properties.
  • Added support at Python level for user-defined __get/set/delattr__ methods on persistent objects. These have essentially the same semantics as for Python, except that overridden __set/delattr__ methods must explicitly signal changes that should be persistent.
  • Better error messages and syslog capabilities were added to pcgi-wrapper (thanks to Jeff Rush).
  • Calls to the ZLogger system were added to the user authentication process to help sys admins diagnose login problems (thanks again to Jeff Rush).
  • The Undo view shows only transactions performed in the place where undo was performed. (As before, it also shows only transactions performed by users defined in the place where the undo user is defined.)
  • The way that transaction logging is done was changed to make transaction logs based on "physical" object and user paths. This was necessary to make undo work properly in the presense of virtual hosts.
  • A number of hooks have been added and changes made to support products that implement virtual hosts. Keep an eye on
  • The distributions now have an Extensions directory by default.

Bugs Fixed

  • Added type checking to the constructor and edit methods of builtin Zope object types to prevent inappropriate passing of acquisition-wrapped objects for standard attributes (like title, etc.). A similar restriction was added to prevent the adding of wrapped objects as properties.
  • Fixed a naming bug in MailHost that caused simple_send to fail.
  • Fixed a buglet in the rename form that caused the form to submit to the old manage_renameObject if the user just hit the enter key in the browser on a single item rename.
  • A bug that caused the tabs to disappear after performing cache management operations was fixed.
  • A problem that prevented multiple Zope instances from running at the same time on win32 was fixed.
  • An algorithm in medusa's code was updated to improve startup time on certain platforms.
  • The behavior of manage_editProperties on PropertyManagers and PropertySheets has been fixed so that existing properties that are not found in the update request are not reset to empty values.
  • A problem that disallowed access to the individual records in a result set from a SQL method was fixed.
  • A problem that caused the query template for an SQL method to be rendered twice when used from the "test" tab has been fixed.
  • Fix for bug #1270: Netscape Image Problems. Added casts to long to avoid an overflow error caused when trying to convert dates sent by certain versions of Netscape in the If-Modified-Since header.
  • Corrected to recognize years specified as 00 through 69 as 2000 through 2069.
  • A bug that made objects named in dtml namespaces always fail security validation was fixed. This was noticed by folks trying to use manage_tabs from ZClasses who hit the bug because the manage_tags document uses a namespace:
  • A change to pcgi_publisher was made to support FreeBSD, where send() will send only 8192 bytes at a time.
  • A bug that broke import in the alpha was fixed.
  • A bug in the transaction handling logic could cause infinite loops if objects were registered incorrectly.
  • A bug in the transaction machinery could cause objects to be aborted multiple times if errors occurred.
  • Logging via syslog now correctly captures the process id.
  • Adding User Folders and MailHosts from the management screens didn't redirect to the correct URL after adding the object.
  • A form problem that prevented joining or leaving versions has been fixed.
  • A more reasonable default content type is now used for HEAD requests on DTML objects if the object does not have a content_type attribute or a file-extension-like id that can be used to determine content type.
  • HTTP HEAD handling was inconsistent for collections, depending on whether the "default document" (index_html) was acquired or not.

Zope 2.2.0 alpha 1

Features Changed

  • Added a new security policy architecture and object ownership to address the server side trojan issue. The new architecture cleaned up various places where Zope code did authorization checks. A side effect of the new policy is that it is a bit more strict than it used to be - objects without explicit protection to which access was previously allowed will now be denied. There is a new declarative method for providing access to such objects, which has been applied to certain previously unprotected Zope objects that DTML writers are accustomed to having access to. See the SecurityPolicy wiki pages on for further information.
  • Added a new online help system. Help is now available for standard Zope objects. Zope developers can add help for their Python Products and Control Panel Products. See HELPSYS.txt
  • Added logic to increase the Python interpreter "check interval" that should provide at least a 20% performance improvement for most Zope sites. Also added a new -i option to so that Zope users can pass in alternate values (the default is 120) for the check interval. This lets users experiment and tune the interval for the best results in their particular system environments.
  • The message returned when an empty result set is returned from a ZSQL Method has been clarified.
  • In the load_site utility:
    • Added logic to try and figure out a path to ZPublisher if one was not provided.
    • Added an option, -I, to automatically add an index_html method that redirects to index.html or index.htm.
  • Record objects returned by :record form-marshalling tag have been enhanced to act like mapping objects.
  • The ZServer startup script,, now allows all servers to be disabled with a single option,
  • The ZServer startup script,, now allows all multiple HTTP, FTP, or monitor servers to be run.
  • The ZServer startup script,, now allows separate IP addresses to be specified for each HTTP, FTP, or monitor server.
  • Added urlparam attribute to tree tag to allow propagation of extra parameters through tree URL's (Collector #1045).
  • When renaming objects, the old id is provided as the default value for the new id.
  • Allow non-sliceable keys in PersistentMappings (Collector #1064).
  • Use smtplib in implementing MailHost/sendmail (Collector #1005).
  • Allow call to get() w/o explicit default in PersistentMapping (Collector #1182).
  • Allow rename of multiple items (Collector #1065).
  • Allow expr syntax in for type, disposition, encode, name, filename; add skip_expr (Collector #892).

Bugs Fixed

  • Fixed problem with extra PermissionMapping objects being in the aq_parents hierarchy during traversal when a method was being accessed a ZClass defined instance method.
  • Fixed ZCatalog Find to ZCatalog with expressions problem.
  • Fixed broken links in ZCatalog Cataloged objects view.
  • FTP directory listings were not sorted.
  • Improved FCGI support in ZServer.
  • Improved ZServer streaming, including fixing chunking and keep-alive support. Chunking is now done by default with HTTP 1.1 clients. Fixed possible problems with large responses. Thanks to Toby Dickenson.
  • ZServer's FTP server no longer binds to all interfaces.
  • Fixed a bug which caused File objects of type text/html be have the wrong Content-Length set.
  • A bug in SQL methods could caused results to be returned without an acquisition context. This could cause methods provided via ZClass brains to be inaccessable due to the dependence of ZClass method security on a correct acquisition environment.
  • Fixed tree tag so that expand_all and branches_expr play nice (Collector #919).
  • Suppressed "private" names from catalog indexes/meta-data (Collector #1076).
  • Allowed strings with linebreaks as data in Gadfly queries (Collector #972).
  • Added note to WEBSERVER.txt pointing out security issues with REMOTE_USER mode (Collector #733).
  • Fixed colspan counting in tree tag (Collector #913).
  • Logging enabled with the -D option to the script did not include traceback information and was not performed during Zope startup. This made finding startup errors difficult.
  • The logic for reparsing the dtml files used for the Zope management screens while in development mode was broken - it was reparsing system dtml files on every request.
  • Correct DateTime docstring to remove spurious negative offset language (Collector #1074).
  • Clean up pointer cast to suppress compiler warning in zlib.c (Collector #1190).
  • Guarantee null-terminated buffer in Record_init() so Record_compare() doesn't UMR (Collector #1012).
  • Clean up use of PData for large images (Collector #1061).
  • Fix overflow exception in statistics of (Collector #1089).
  • Check for invalid characters in whole id, not just first character (Collector #1131).
  • Prevent unintentional exceptions from blocking manage_beforeDelete; added OFS.ObjectManager.BeforeDeleteException to allow an object to veto its deletion (Collector #1183).

Zope 2.1.6

Bugs Fixed

  • Some bits from the 2.2 line inadvertantly got into the ZRDB package during the SQL Methods update which caused errors for certain database adapters.
  • A fix to the logic in Acquisition for aq_acquire caused a bug in the handling of inner ZClasses.

Zope 2.1.5

Bugs Fixed

  • Fixed a problem with the permission declarations for the Image and File classes. The problem made it impossible to change the View permission for File objects.
  • Added logic to setgid() to the user's primary group if is run by root.
  • Fixed a bug in TimeStamp objects that produced a wrong date/time representation for bobobase_modification_time.
  • Changed _checkId in ObjectManager to disallow REQUEST as an object id.
  • Fixed a bug that could allow someone with a lot of Zope zen to change the apparent AUTHENTICATED_USER to access things that they shouldn't.
  • Fixed a bug in ZServer that could cause server hangs under certain heavy load conditions.
  • Fixed a remaining . form target that we missed in the Zope rename form. This caused rename to fail for Zope installations running behind Netscape servers.
  • Fixed a potential buffer bug in PCGI reported by Larry Luther.
  • In the load_site utility, binary files were misshandled on windows.
  • Fixed manage_renameObject to be willing to get the REQUEST via acquisition, making it easier to use from DTML.
  • Changed the expireCookie method of FTPResponse to fail gracefully when attempting to delete a cookie that does not exist.
  • Fixed a bug that caused a traceback when all members of a multiple select property were deselected.
  • The _validTime method of DateTime objects rejected time values with fractional seconds between 59 and 60 (which caused problems with some database date conversions).
  • Changed id checking logic to disallow / in an object id.
  • Structured Text had problems with ~ characters in URLs.
  • Fixed a potential security hole that could allow users with permission to add Folders and edit DTML (and a who have a lot of Zope zen) to get access to things that they shouldn't.
  • The internal templates used by SQL methods weren't correctly applying the same access control constraints as standard DTML objects.
  • Fixed ZopeAttributionButton to open in the top-level of the web browser.
  • Fixed a problem with using the "scale" arguments to the tag method of Image objects.
  • Fixed a problem in the Acquisition module that could cause objects accessed via aq_acquire to not be wrapped correctly.
  • Fixed If-Modified-Since header handling for Images and Files.

Zope 2.1.4

Bugs Fixed

  • Removed the "feature" that allowed the REQUEST object to be traversed through the web. While useful for debugging, this could be a security issue.

Zope 2.1.3

Bugs Fixed

  • A race condition in the logic for managing Zope database connections caused Zope to hang on very busy sites.
  • A bug in the packing code that caused records to be nreadable after:
    • someone did work in a version
    • Someone did an (unrelated) undo
    • the version was committed

    and the database was packed to a time before the work was done in the version.

  • Fixed a bug that caused packing to raise an error in the following situation:
    • someone modifies and then deletes an object in a version.
    • they commit the version
    • the database is packed between the time the object is deleted and the time the version is committed.
  • Fixed a bug that caused Zope to sometimes hang instead of shutting down or restarting when accessed over a fast network.
  • It wasn't possible to use a ZClass instance as a method of a ZClass.

Zope 2.1.2

Bugs Fixed

  • Thanks to Kevin Littlejohn's sleuthing, a sizable problem in the security machinery in DTML has been brought to our attention and resolved. The problem is most acute in situations where untrusted people can edit DTML documents or methods.

Zope 2.1.1

Bugs Fixed

  • Conflict errors (multiple threads trying to modify the same object) were not handled correctly for requests with bodies (e.g. POST requests).
  • ZODB FileStorage index files could become out of date after an undo. This could lead to strange results and apparent database corruption if Zope was shut down ungracefully and restarted. Now index files are removed when undoing records.
  • Saving or discarding versions failed if a transaction that added a new object in the version was undone.
  • There was circumstantial evidence that a failure of an OS to correctly delay writing to data to disk after Zope had written it led to a corrupted database. Zope now makes an fsync system call (where available on Unix systems) to force data to be written to phusical storage when transactions are committed.
  • Some applicataions were writing empty transactions. The FileStorage now checks for and avoids writing empty transactions in this case.
  • Multiple-selection properties didn't work in regular property views, even though they did work in ZClass property sheets.
  • The Win32 WISE installer did not create a default Zope.cgi PCGI resource file.
  • The Win32 WISE installer script is now included in the /inst directory of win32 installations by popular demand.
  • An import problem caused the name "BTree" to be incorrectly overwritten in and in the SearchIndex package, which caused problems for some third- party product authors.
  • There were a number of problems with the load-site utility (utilities/
    • A recent change caused HTML files to have their headers and footers replaced with var tags for standard headers and footers. While this is sometimes very useful, it is sometimes disastrous. This feature is now enabled with the -D option.
    • Handling of files with a .dtml extension was broken. These are now handled correctly. Files with .dtml suffixes now get uploaded as methods.
    • A workaround for old sites that had a bug in Document (aka DTMLMethod) upload has been disabled. This workaround is now enabled when the -9 option is used.

The following bug fixes were accidentially excluded from 2.1.0:

  • Redefining the "views" on a ZClass could incorrectly affect the views available on instances of base classes of the ZClass.
  • The new url option to DTML var tags did not work properly for DTML and other callable objects.

Zope 2.1.0

Features Changed

  • Enabled preliminary support for FastCGI to ZServer. This allows Zope to communicate with web servers that support FastCGI. Use's -F switch to configure FastCGI support in ZServer. See WEBSERVER.txt for more information.

Bugs Fixed

  • Redefining the "views" on a ZClass could incorrectly affect the views available on instances of base classes of the ZClass.
  • The new url option to DTML var tags did not work properly for DTML and other callable objects.

Zope 2.1.0 beta 2

Features Added

  • Added Oleg Broytmann's patches to utilities/ that provide automatic parsing of title and property information and inclusion of std headers and footers.
  • Added Martijn Pieters' patches to to implement try/except/else and try/finally constructs.
  • Virtual Hosting and SiteObjects. Virtual Hosting allows a server that can multi-host, like Apache, to serve different hosts from different Zope folders. SiteObjects act as a placeholder for a virtualhost.

Bugs Fixed

  • Some problems with the product distribution machinery that prevented product distributions from installing correctly have been fixed.
  • Description lines on the Undo screen were not HTML quoted, which could cause problems rendering the Undo log if any of the descriptions contained stray HTML tags.
  • Bugs in the way that ZClass instances were pickled have been fixed.
  • Some long-standing indentation problems with the tree tag have been fixed.
  • The Zope database lock file was not properly closed.
  • Linux and Solaris binary distributions did not contain the python _locale module required for locale support.

Zope 2.1.0 beta 1

Features Added

  • The ZCatalog now supports relevance ranking. Instead of search results being returned in an essentially random order, results are now sorted by score. For text indexes, the score is the number of occurrences of the search term in a document. The score can be accessed by an attribute on Catalog results data_record_score_ and data_record_normalized_score_ contain the score and normalized score for the result object.
  • Added Keyword Indexes to the Catalog. Keyword indexes allow you to index a sequence of keywords as an atomic property of an object. This is useful for buiding catagorical hierarchies.
  • Z SQL Methods arguments list is now a TEXTAREA widget to ease editing long aruments lists.
  • SQL Database Adapters now have a test tab where arbitrary SQL may be entered and executed immediately through the connection object. DTML is not supported in this tab.
  • SQL Methods now support an option op parameter on the DTML method which allows you to choose the operator used for comparison.
  • WebDAV support has been modified to support MS Office 2000 applications. The changes emulate aspects of DAV level 2 locking but do not provide actual locking support at the present time.
  • Files and Images now can be served without loading themselves into memory. This is automatically done for large Files and Images. As a by product, RESPONSE.write now works better in ZServer.
  • Most if not all of the default DTML generated by Zope and its built-in products is now generated in the new syntax. The DTML sources for Zope's built-in management interfaces have also been converted to the new syntax.
  • DTML entity references can now include dot-separated var tag options, as in: &dtml.url_quote-foo;
  • There is a new url option on the DTML var tag that causes absolute_url to be called on the displayed value. This allows entity references like: &dtml.url-foo;
  • There is a new url_quote_plus option on the DTML var tag that acts like the standard url_quote option but uses + to encode blank spaces.
  • There is a new missing option in the DTML var tag that allows you to provide a value to be used if the variable is missing, rather than raising a KeyError. This will work in the entity reference syntax as well. If it is used without an argument, it will provide an empty string.
  • The DTML built-in function, getattr, now accepts an additional argument providing a default value.
  • The tag() method of Image objects now support optional scale, xscale and yscale arguments that will automatically scale the output height and width tag attributes.
  • The Products folder in the Control Panel now has an Import/Export tab to allow easier importing and exporting of Control Panel Products.

Features Changed

  • ZCatalog uses subtransactions to keep memory consuption low at the expense of indexing speed. Subtransactions can now be disabled through the management interface for use with non subtransactions compatible objects like ZSQL Methods (or for raw speed if you have lots of RAM).
  • Added a coptimizations module. The first optimization is to provide an implementation of persistent_id in C. This routine, which is called extremely often while pickling was found to be a significant bottleneck.
  • More flexible cache management methods were added to ZODB Connection objects so that apps that want to move objects out of memory can force aggressive cache behavior.
  • Added the beginnings of internationalization support to Zope. The Zope startup script ( now supports a "-L" option that can be used to pass a locale name (such as "en" or "de") to Zope at startup. If specified, Zope will attempt to set the locale using the locale module if it is available. This change will allow Zope to better handle international characters in a number of places such as searching and indexing.
  • Logging from ZServer modified to produce Common Log Format in a Combined format, where user-agent and referer are also logged.
  • xmlrpclib was updated to relect the current version (0.9.8) from Pythonware.
  • Add button returned to the management interface, although the Javascript auto-select is still in place. This resolves some problems with browsers on certain platforms.
  • Added small explanation on Image/File add form that if the id is not provided, it will be autogenerated based on the file name.

Bugs Fixed

  • The build procedure for source checkouts now sets the directory structure permissions to something (775) readable by anyone, including, e.g., the web server running under a different user id and group than the installer...
  • A bug in the DTML tree tag that prevented expand_all from working correctly has been fixed.
  • ZCatalog now actually saves memory when using subtransactions. Plugged a couple memory leaks doing this.
  • Added ALT text fixed nested anchor tags produced by the Tree tag to ensure that valid HTML is produced, and fixed the reverse option to the Tree tag.
  • A bug in FTP cookie authentication was fixed.
  • Fixed a bug that caused External Methods to be reloaded every time they were used in development mode.
  • Fixed a permission typo in ZCatalog and a sort_on bug.
  • Fix for missing REQUEST in a method signature in the CatalogAwareness module.
  • Changed to propagate errors raised by _begin for thunked database adapters. Also changed completion code to check registered status and avoid completion logic if not registered, which would be the case if _begin failed.
  • A memory leak in cPersistence has been fixed, and a bug in object deactivation that prevented deactivation of BTrees was fixed.
  • A problem in BTrees that caused unintended db writes on Catalog searches was fixed.
  • Some unnecessary debug mode overhead eliminated - external methods are now automatically reloaded only when the .py files are changed.
  • A thread-safety problem with PCGI handling was fixed.
  • A bug that caused installation of through-the-web product distributions to fail.
  • A bug in the handling of long int properties was fixed.
  • Some bugs in the generation and verification of CRYPT based passwords was fixed.
  • A bug in the earliestTime method of DateTime objects was fixed.
  • A bug in determination of the ZServer version string was fixed.
  • Height and width detection for some PNG images did not work properly.
  • A bug that caused proxy role machinery to ignore local roles was fixed.
  • Added a fix for PCGI to make sure binary IO is used on win32.
  • A javascript fix for IE5 was made for the folder add list.
  • A bug in sequence multiplication in DTML was fixed.
  • A ZServer bug that prevented running multiple Zope2 installations on non-posix systems was fixed.
  • An External Method error handling bug was fixed.
  • The local Owner role could be overwritten when an object was copied, moved or renamed.
  • Documented and fixed the creation of selection and multiple selection properties.
  • SECURITY: Fixed bug that allowed users with local roles gain priviledges on acquired objects. getRolesInContext did not used the correct context, as defined by the inner-most object wrapping.
  • SECURITY: The permissions for Find support methods were not being properly initialized.
  • SECURITY: Viewing existing user no long displays current password, only space for putting in the new password. This will be more critical as we move toward fully encrypted passwords.
  • SECURITY: A bug that prevented setting permissions on External Methods in ZClasses was fixed.

Zope 2.0.1

Bugs Fixed

  • Fixed a bug which allowed unauthorized options to be displayed when adding a Folder. Now you only see options to add an index_document and/or a user folder if you have adequate permissions.

Zope 2.0

Features Added

  • Database conflict errors are now logged. Although conflict errors are normally handled by retrying requests, frequent conflict errors can degrade performance and should be dealt with by redesigning applications.

Features Changed

  • The process id displayed in the control panel now inclused the thread id, in parentheses.
  • Upload of image or file data always used sub-transactions. Unfortunately, database adapters don't support subtransactions. Images and files now use subtransactions only of the image or file is greater than 128K bytes in size. Also, subtransactions are not used if data are uploaded as a string by using the :string ZPublisher type in the upload form.

    More advanced DA's could, and probably should support sub-transactions.

Bugs Fixed

  • Attempting to cut an object then paste it into itself or one of its subobjects would cause a recursion problem.
  • Certain ZCatalog reindex operations could fail due to an unintended transaction abort.
  • Database connections were leaked when database conflict errors occurred and handled by reexecuting requests. When 7 connections leaked, the site would accept no more web requests.
  • The transaction-integration for relational databases didn't work properly. Aborting Zope transactions didn't abort relational database transactions. What's worse, transactions were not committed after a Zope transaction using a relational database was aborted. This explains the reported problems with Gadfly databases and transactions.
  • Fixed a bug which prevented ZPublisher.Client from uploading files to ZServer.
  • Added some logic to the win32 binary installer to fix some dll loading problems people were getting on international versions of NT.
  • Fixed a bug in cDocumentTemplate that could cause AttributeError instances to be leaked in certain situations.
  • reverse option for the in tag as well as the tree tag has been changed to deal with a copy of the data, rather than the original. The database was being modified in place. The side effect is that in large list situations (with ZCatalog for example), sizable memory usage may result.
  • Missing values (as returned from SQL methods) were output as empty strings by the DTML var tag, even when a numeric format (e.g. "%5.3f") is used. Using a numeric format with a missing value should generate an error, unless the null attribute is used. Also, the null attribute had no effect when outputing missing values.
  • It was impossible to map some permissions to themselves, or to other inherited, but not registered permissions in products and in class methods. When this failed, a silly error message ("Waaa" ;) was output.
  • SQL methods had an unused method, getFindContent allowed anonymous users to read SQL method source. This method was renamed to PrincipiaSearchSource, and protected with a permission.
  • SQL methods could not be found with the find mechanism by searching their source.
  • The PrincipiaSearchSource method of DTML documents and methods was not protected, so anonymous users could read their source.
  • Fixed a bug in ZOM which caused getElementsByTagName to fail when using XML Document. Thanks to Andrew Kuchling.
  • It was possible to hijak self arguments for DTML and External methods with request variables. This was especially problematic for XML-RPC, which uses positional arguments.
  • It was difficult or impossible to call External methods with self arguments from XML-RPC.

Zope 2.0 beta 6

Features Added

  • The control panel process id display now also includes the thread id.
  • The Zope start script, start, is now written in a location-independent manner, making it a little easier to move Zope sites around after installation.

Features Changed

Zope 2.0 introduces a new HTML DTML syntax that, among other things, allows simple var tags to be entered using the entity-reference syntax, as in:

          <input name=spam value="&dtml-spam;">

The entity reference syntax is mainly intended for use when a var tag is used to insert text into an HTML tag. In these cases, the text needs to be html-quoted. For this reason, use of the entity reference syntax now implies html quoting. For example, the DTML snippet above is equivalent to:

          <input name=spam value="<dtml-var spam html_quote>">

(Note that when inserting text to be used in a URL, as in an A tag HREF attribute, we need to url-quote the text. Zope 2.1 will provide a means to do this with the entity-reference syntax.)

Bugs Fixed

  • Missing values were not formatted correctly with numeric formats and did not work properly with the null attribute of the DTML var tag.
  • It wasn't possible to map some permissions of objects in Products. For example, it wasn't possible to enable a permission by mapping it to itself. Attempts to do so lead to a rather silly uninformative error message.
  • When providing default values for input fields, few of the built-in DTML methods used html quoting. This lead to incorrect behavior when default values included markup or quotes.
  • View filtering failed to show tabs for views in some cases where it should.
  • Single-character variable names were'nt allowed in the entity-reference DTML syntax.
  • DTML batch processing didn't work properly.
  • The DTML functions, _.getattr, and _.hasattr incorrectly acquired attributes even when explicit acquisition was used.
  • Image dimensions were not autodetected for PNG 1.2 files.
  • The "View" view didn't display correctly for images with ids with characters that had special meaning in URLs.
  • The optional attribute in the sqltest tag had no effect.
  • With browsers (like lynx) that correctly implement RFC 1867 for file-upload support, non-file fields in file-upload requests were treated as file fields.

Zope 2.0 beta 5

Features Removed

  • The help system, which was primarily geared to DTML programmers was removed.

Bugs fixed

  • Database packing failed in certain cases where the data set contained many version commits.
  • Database packing generated spurious error logs indicating that there were bad references for objects created in ncommitted versions.
  • A memory leak due to errors in managing request data.
  • Zope sites became unresponsive (a.k.a. "Hung") due to an error in managing ZODB 3 database connections.
  • Only the top-level folder's standard_error_message was used.
  • There were thread-safety and resouce consumption problems in the implementation of thread-safe regex objects.
  • Fixed bug where ZCatalog's not in the root folder did not recognize the proper URL of objects using the Find machinery. This caused all the objects to mysteriously disapear when you updated the catalog (because their paths were wrong). The Catalog now works correctly anywhere in the object hierarchy.
  • Fixed a bug that caused error messages to be formatted incorrectly if the standard_html_header did not begin with an HTML tag.
  • The undo form was accessible even to people who couldn't do undo. This made it look like we were allowing undo in cases where we were'nt supposed to.
  • The undo form did not restrict undoable transactions to just those transactions performed by users that were authenticated at the same level. This made the new undo less restrictive than the Zope 1 undo. Undo should probably be more restrictive, but that will have to wait for 2.1 or later.
  • Zope crashed under load for applications using ZCatalog due to an ancient bug in handling loading of empty BTrees from the database. This bug has only become effective with ZCatalog.

Zope 2.0 beta 4

Features Removed

  • Draft objects are no longer supported.

Features added

  • The source release install script now checks to make sure that the Python used has thread support.
  • FileStorages can now habe quotas.

Bugs fixed

  • This release fixes a socket listen-queue depth problem on Win32 systems that caused poor performance and connection refusals in ZServer.
  • Fixes to the win32 installation were made to prevent a potential conflict on systems that have an existing installation of the Python win32 extensions.
  • Some of the management views, including the security/permission mapping views were not visible for ExternalMethods.
  • New SQL methods could bot be created.
  • New mailhost objects could not be created.
  • New Draft objects could be created.
  • Draft objects could not be deleted.
  • ZClasses could not be added as methods.
  • Disk full errors could leave the object system in an inconsistent state. The handling of this error was made more robust. Also, when serious errors like this occur late in the transaction commit process, the transaction system switches to read-only mode.

    The File-storage recovery process needs to change to make disk full errors detectable earlier in the two-phase commit process so that the system can recover without switching to read-only mode. This change, which is expected in 2.1 will also provide better write performance.

  • Errors during commit of sub-transactions were not handled correctly, leading to inconsistent object data.
  • Packing not not mark all transactions performed before the pack time as "packed". Undoing these transactions lead to a broken database.
  • On win9x systems, random data seems to be added to the end of the file on system crashes, causing apparent file corruption. Code has been added to check for this case and recover by truncating the file with a log message.
  • The Zope version was not shown in the control panel.
  • The binary release had the PCGI wrapper program in the wrong directory so PCGI installations were not successful.

Zope 2.0 beta 3

Features added

  • Added a getobject method to ZCatalog. This allows you to more easily get at a cataloged object from searchResults. For example:
                <!--#in searchResults-->
                <!--#var "getobject(data_record_id_).title_or_id()"--><br>

Bugs fixed

  • This release fixes a bug in acquisition that caused creation of ZClass instances to fail under some (common) circumstances.
  • Copy and Paste validation machinary now takes local roles into account.
  • ZDOM now adheres more closely to the DOM spec with respect to Document and DOMImplementation nodes.
  • The main management screen will no longer show the Delete or Export buttons if the user doesn't have adequate permissions to delete or export objects respectively.

Zope 2.0 beta 2

Features added

  • Added a -r switch to for ZServer read-only mode.
  • The null attribute in the DTML var tag is now used when the value being output if the Python value None. Some people considered this to be a bug.
  • Permission objects are automatically created for new ZClass objects as part of the ZClass wizard.
  • For Python programmers, there is a new convenience function for debugging in the Zope package.

    For example, to debug method spam in the Zope debugger:

                import Zope
                Zope.debug('spam', d=1)

Bugs fixed

  • Changed the logic used to detect binary content types to only look for control characters. The previous version incorrectly considered certain Latin-1 characters as binary.
  • The used to implement Zope as a Win32 service on NT has been updated to handle a difference in the way .dll files are found on internationalized versions of NT.
  • The file used to build PCGI has been updated.
  • Several fixes to DateTime were added to provide better behavior on machines with unrecognized time zone names.
  • Conflict errors, which occur when simultaneous writes occur to the same object in multiple database connections, are now handled correctly by re-executing (up to three times) the requests that lost the race condition.
  • Error formatting with standard_error_message has been moved to the object publisher via a new published module hook, zpublisher_exception_hook. In addition to enabling conflict error handling, this fixed two other bugs:
    • Error handling in ExternalMethods and in DTML methods or documents called from other DTML documents or methods caused errors to be propagated in ways that defeated use of the try tag and other forms of error handling.
    • Errors raised before or after calling published objects were not formatted.
  • Errors in processing form variables, such as missing or miss-typed values resulted in server errors, rather than in formatted error reports.
  • Database browsing didn't work for ZGadflyDA database adapters.
  • Transaction meta data were not captured correctly by ZPublisher, which made the undo log look odd wrt the user who performed the transaction.
  • Permissions for version operations were not set correctly. This made it hard to delegate work to be done in versions and to separate version participation from version finalization. To fix this, it was necessary to split the "Join/Leave" view into separate "Join/Leave" and "Save/Discard" views.
  • No remark could be entered when discarding versions.
  • Fixed a ZServer kill_zombies bug which kept ZServer from killing hung connections.
  • Improved ZServer's handling of slightly broken HTTP requests.
  • Fixed a properties setting permission bug.
  • Fixed a product permissions registration bug that allowed product permission data to get lost.
  • Updated the MailHost product to use the new product initialization procedure. This fixed a MailHost adding permissions bug.
  • Made Z Class icons visible to everyone. This way you can view a Z Class icon without having and permissions on the Z Class.
  • Objects were sometimes incorrectly acquired do a bug in detecting attribute errors during acquisition. This led to errors getting covered up or obscured.
  • There was a memory leak in acquisition.
  • Some thread-safety problems were fixed.
  • DTML entity references (e.g. &dtml-spam;) with missing semicolons (e.g. &dtml-spam) caused infinite loops.
  • Extra spaces around expressions in DTML caused syntax errors.
  • Broken objects, which are used as surrogates for objects that can no longer be instantiated due to missing product installations, no longer use HTML markup in their text representation, as this caused odd effects in HTML titles.
  • A number of fixes were made to the new DOM support.
  • Versions could be deleted by users working in the deleted versions. This led to strange paradoxical effects. Attempts to delete a version or an object containing a version by someone working in a version now lead to errors.
  • ZGadflyDA has been updated to use the current (as of this release) version of Gadfly. (Note that this had been incorrectly reported as a 2.0 beta 1 feature.)
  • Using an sql method in a version sometimes caused the method to be locked, making it unusable by non-version users. This was due to the way that column meta-data was managed. Now column meta-data, used by report creation wizards, is only safed when sql methods are tested.
  • In StructuredText, list items could not directly introduce example code.
  • Undoing transactions that discarded versions did not cause versions to appear non-empty.
  • Temporary files were created for file storages that were opened in read-only mode.
  • A bug in FileStorage and DemoStorage didn't show you more than the first 20 previous transactions in the Undo log.
  • An incorrect contents view was returned after adding a File object.
  • On the cache parameters page, the number of bytes, rather than the number of objects in the database was shown.


The section for Zope 2.0 alpha 4 did not mention that ZCatalog is now shipped with the Zope core.

Zope 2.0 beta 1

Backward incompatibility

  • ZODB 2 is no longer supported or included!
  • The utility script, no longer supports xml output.

Known problems

  • Handling of conflict errors hasn't been implemented. When two threads try to update the same object, one will get a conflict error. By beta release 2, requests that get conflict errors will be retried until they succeed (or fail without a conflict error) or until a maximum number of retries is exceeded.

Features added

  • The default ports used by ZServer have been changed. The new default ports are: 8080 for HTTP, 8021 for FTP and 8099 for the monitor server.
  • ZServer now uses the zLOG logging mechanism for informational and warning messages.
  • ZServer now includes a fairly stable NT service
  • access file now can use SHA-1 hashing, and now does by default
  • added to top directory to manage this new access file
  • A number of changes have been made to enhance security control in through-the-web-developed products:
    • There are new "Permission" objects that can be added to Products. Permission objects provide a mechanism for defining new permissions. These new permissions show up in folder security screens.
    • Factory objects can have permission settings. This affects whether items show up in add lists and who can use factories.
    • Objects in products now have permission mapping rather than direct permission settings just like ZClass methods.
    • New permissions cannot be defined in ZClasses any longer. Rather, ZClasses can select from global permissions, including permissions defined with permission objects.
    Here's a sample scenario:
    1. Add a ZClass, "Container" with the option to create a factory and constructor methods.
    2. Add a permission object with the permission "Manage Containers".
    3. Change the permission of the factory created in step 1 to "Manage Containers".
    4. Visit the ZClass created in step 1, view the "Define Permissions" view and map the "Create class instances" permission to "Manage Containers".
    5. Visit the constructor DTML Methods created in step 1, view the "Define Permissions" view and map the "View" permission to "Manage Containers".

    In this scenario, we created a ZClass and made it addable only by users (roles) that have the "Manage Containers" permission.

  • There is a new module, Shared.DC.THUNK (lib/python/Shared/DC/ that provides a mix-in class that implements ZODB 3 transaction protocols and that provides course-grained locking logic that should allow many non-thread-safe database adapters to be usable in multi-threaded Zope applications. The Gadfly database adapter has been updated to use this mix-in class.
  • The transaction management mix-in classes (Shared.DC.TM.TM and Shared.DC.THUNK.THUNKED_TM) now provide a lower-level transaction management protocol. Database adapters that mix these in should:
    • Call self._register() when performing database queries, and
    • If necessary, override methods:
      Which is called to begin a transaction,
      Which is called to finish a transaction, and save changes, or
      Which is called to abort (rollback) a transaction, and discard changes, or
  • Object export now provides an XML export option and import files may be in Zope export format or XML format.
  • Zope objects that support the Zope management framework now support the DOM 1.0 read interfaces. This allows DOM read methods and attributes to be usable with Zope objects and Python DOM tools, like FourThought's 4XSL to work with Zope objects.

    Note that DOM-defined attributes are defined with "get" methods. For example, to get the DOM-defined "parentNode" attribute, use: object.getParentNode().

  • The pyexpat extension module for using James Clark's expat library for parsing XML is included in the distribution as Shared.DC.pyexpat.

Bugs Fixed

  • You can no longer cd to an acquired directory in ZServer FTP.
  • A number of changes were made for thread safety. This was not as hard as it sounds, since persistent objects are always thread-safe. (Well, only one thread accesses any particular copy of a persistent object.) The biggest issue here is mutable global variables, mutable objects stored in classes, mutable default Python function arguments, and global variables in extensions.

Zope 2.0 alpha 4

Backward incompatibility

  • The old ZopeHTTPServer is no longer supported or included. Use ZServer.

Features added

  • The let and return tags were added to DTML.
  • Several new input form types were added:
    allows you to specify default values
    allows you to combine multiple form variables into a single input variable.

    For example:

                       <input name="date.year:record:int">
                       <input name="date.month:record:int">
                       <input name="">

    will result in a single variable, date, with attributes year, month, and day.

    allows you to input a list of records (ie a table)
    If the field if the value is an empty string.

For more information, see the section on "Form variable types" in

  • In the startup script,
  • The startup script,, has additional documentation on providing empty strings as arguments.
  • Added a -P option to the startup script,, to specify a base port for the various servers. For example:
                python -P8000 
                  is equivalent to:
                python -w8080 -f8021 -m8099
                  This is a convenient short-hand for systems with many zserver
                  instances running.
  • Added an -l option to the startup script,, to specify the location of the ZServer hit log. If the location is a relative path, then it is assumed to be rooted in the var directory.
  • A progress indicator was added to the database conversion utility, utilities/
  • The PCGI installer now writes the PCGI info file to use ZODB 3 rather than ZODB 2.
  • The default content is provided in both ZODB 2 and ZODB 3 format.
  • There is a new logging framework for reporting errors from Python-level code. See the module for details.

    For the time being, to turn on logging, set the environment variable STUPID_LOG_FILE to a file name or to an empty string to log to standard error. We will eventually provide a more formal and functional logging configuration interface.

  • The hooks used by objects that modify their environment were changed. The new hooks are:
    called after an object has been added
    called before an object is deleted
    called after an object has been copied. This should only be used by object that capture their identity is some way other than their id attribute or persistent id. (It's really for ZClasses, which have global ids.)
  • Pack is now supported for ZODB3 File Storages.
  • The header output by manage_tabs now shows whether the current object has been modified or locked by a version and shows the version if the version isn't the current working version.
    • The locked-in-version decoration in the object management contents view shows the locking version if the version isn't the current working version.
    • Several demonstration ZODB Storage implementations have been added. See lib/python/ZODB/ and lib/python/ZODB/
  • Subtransactions have been added (instead of temporary versions). If a true argument is given in a transaction commit or abort call (e.g. get_transaction().commit(1)), then the commit or abort applies to a subtransaction of the current transaction. This is useful in a number of ways, including:
    • Subtransaction commits on requests that work with lots of data can reduce memory usage because data can be removed from memory after changes are saved in a subtransaction,
    • You can rollback changes due to a local error without rolling back all of the changes made in a long transaction.
  • There is an advanced interface for specifying alternate storages for Zope. Zope will try to import the module custom_zodb from INSTANCE_HOME and use it's Storage attribute.

    For example, to use a Demo storage based on the standard File storage, you might define a custom_zodb module with:

                import Globals, ZODB.FileStorage, ZODB.DemoStorage
                name='%s/Data.fs' % Globals.data_dir
                base=ZODB.FileStorage.FileStorage(name, read_only=1)
                Storage=ZODB.DemoStorage.DemoStorage("Demo (%s)" % name, base)

  • Find can now search text of SQL methods.
  • DTML tree tags now have a reverse option.
  • ZClasses now have class ids. These class ids are registered in a central registry and are used when unpicking instances.
  • Database connections now have a sync method for synchronizing the connection with saved data. This is useful for interactive connections to see database changes made by other threads.
  • Errors encountered when trying to unpickle object state are now logged, if logging is enabled.
  • Added an extra checkpoint to ZODB 3 FileStorage Transaction commit to better handle system crashes.
  • ZPublisher request objects now have a BODYFILE key to get the request body as a file for non-form non-GET requests.
  • Cookie support was added to the ZServer FTP server to make FTP access compatible with cookie-based authentication.
  • ZServer now includes a NT Service, This service requires the Python win32 extensions. It is not yet complete and not yet integrated with the Zope installer. It does however include a large doc string.
  • ZServer is officially using the start script now. The old and were removed. Note: will call for you, if you want to use ZServer in daemon mode on Unix.
  • Added a has_permission method to user objects. This facilitates finding out if a user has access to a given object. For example:
                <!--#if "AUTHENTICATED_USER.has_permissions('View',someObject)"-->
  • The product add list is now filtered. This should keep objects out of the product add list for which the user does not have adequate permissions. This is implemented with a new method, filtered_meta_types which returns all the meta_types for which a given user has permissions. Note: Right now ZClasses do not associate permissions with Products. Thus all Control Panel Products appear in the product add list, no matter what roles the user has.
  • HTTP REQUEST objects now use HTML in their string representation.
  • The REQUEST keys of the form BASEx and URLx, where x is an integer now allow x to be greater than 9.
  • index_html is not longer used automatically for XML-RPC requests.
  • ZPublisher debugger, ZPublisher.test now accepts a extra keyword argument with a dictionary giving extra variables to be added to the request. This is handy for testing methods that require large amounts of input data, such as file uploads.
  • The load_site utility (utilities/ now accepts a -9 switch to make it work with Zope (and Principia) sites at revisions 1.9 and lower.

Bugs fixed

  • Got rid of some DOS line-endings in that caused install-time module compilation to fail.
  • Fixed DOS line-endings in medusa/
  • Fixed a NameError (missing TupleType) definition in the export/import (copy/paste) machinery.
  • The startup script failed on Windows because it imported the posix module without checking the os.
  • ZServer crashed when the number of simultaneous connections exceeded a system limit, especially on Windows. ZServer now stops accepting new connections when the number of active connections exceeds a threshold.
  • Accessing cached results of items() (or values() or keys()) calls on BTrees caused core dumps if affected elements were deleted. For example:
                     for k in abtree.keys(): 
                        del abtree[k]

Note that this code is still incorrect due to the fact that the objects returned from abtree.items() (or values() or keys()) have reference, rather than copy semantics.

  • Compiling Acquisition.c caused (bogus) compiler errors on SGI.
  • zdeemun wus mispeled
  • Local roles were not handled correctly when filtering management views.
  • Copying and pasting ZClass instances copied and pasted their ZClasses too, effectively disconnecting them from their managed ZClasses. The same thing happened when ZClass instances were exported and imported.
  • The Database area in the control panel was broken.
  • Copy and paste of multiple objects was broken.
  • Copy and paste of ZClass methods was broken.
  • Copy and paste of ZClass properysheets was enabled and broken. It is now disabled.
  • Accidental import of BoboPOS in processes using ZODB (3) caused strange errors.
  • A bug in batch processing caused batch processing to hang or give incorrect results.
  • DocumentTemplate-based classes, like DTMLDocument and DTMLMethod could not be subclassed correctly.
  • There was a memeory leak in the DTML try tag.
  • When adding folders with user databases, no check was made to make sure the user was permitted to add a user database.
  • Broken objects weren't created for objects whose class could not be found when using ZODB 3.
  • The self argument wasn't properly passed to external methods used in ZClasses.
  • The Setup file in the SearchIndex package had an unneeded -I option that caused compilation errors on some platforms.
  • ZGadflyDA transactions were not committed.
  • ZClasses didn't provide an interface to edit their titles.
  • Propertysheets were broken for ZClasses that inherited from built-in classes, like Folder and DTMLDocument.
  • Propertysheets were disabled for instances by default. Now, propertysheets have the "manage properties" permission by default.
  • The navigation pane wasn't updated when classes were added.
  • Changes in ZClasses were not properly propagated to all database connections using ZODB3.
  • Database connections were not closed correctly under heavy load when the number of application threads exceeded the number of database connections in the connection pool. This lead to Zope locking up under load if the application thread count was increased using the -t option.
  • undo in ZODB 3 didn't properly refresh objects.
  • export and import was broken for ZODB 3.
  • Fixed ZServer HTTP zombie killing. Now hung connections are successfully closed.
  • A bug in handling the case when a file was created on open without the create flag caused weird errors on windows.
  • The REQUEST BASE1 key was not computed correctly when SCRIPT_NAME was an empty string.
  • It was impossible to return an empty list or dictionary to an XML-RPC request.
  • The database conversion script fails when the first record in the input file lacked properly-formatted transaction data. The conversion script also didn't work on some systems due to an incorrect flush call on the input file.
  • Factories that were also ZClass methods didn't get unregistered properly when they were deleted.

Zope 2.0 alpha 3

Features added

  • XML-RPC support

    All Zope objects are now XML-RPC servers.

  • ZODB 2 (aka BoboPOS) to ZODB 3 FileStorage database conversion

    An option has been added to the script in the utilities directory to convert ZODB 2 database files to ZODB 3 format. The script now accepts an -f option that takes an argument specifying an output file name. For example, to convert the ZODB 2 data file, Data.bbb, in the var directory, to ZODB 3 FileStorage format:

                python utilities/ -f var/Data.fs var/Data.bbb

    Note that version data are not converted.

  • In Z Classes, Methods and Property Sheets now have a "Define Permissions" management tab to map permissions. This tab used to be labeled "Security".
  • ZServer's FTP server now attempts to display an object's owner as defined in local roles.

Bugs fixed

  • The cache management screens were broken
  • Local roles on DTML Methods and Documents were not persistent.
  • ZServer's select trigger has been updated and now shouldn't give errors when running ZServer as another users.
  • The tree tag used persistent object ids in ways that were not compatible with ZODB 3. This caused strange behavior like weird content-types and invalid state messages.
  • The DTML In tag no longer handled batch processing correctly, and sometimes got into infinite loops. This was due to a very old bug that was made effective by Python 1.5.2.
  • Objects that could not be loaded because their implementing modules (or packages) had been removed were not handled properly as broken objects when ZODB 3 was used.
  • The DTML Python string format did not allow expressions for simple variable insertion. Expression insertion is now allowed if the var tag name if the var tag name is supplied, as in:
                %(var expr="x+1")s

Note that, because of this change, the var tag name must also be supplied when a variable named var is inserted, as in:

            %(var var)s

Zope 2.0 alpha 2

Features added

  • There is a new optional EXPERIMENTAL HTML DTML syntax. As an alternative to SSI syntax, you can now use ordinary HTML syntax, as in:

You can also use an entity-reference syntax for the var tag as an alternative to the tag syntax. For example:


is equivalent to:

            <dtml-var foo>

and is especially handy in attributes:

            <a href="&dtml-foo;">

          Both the new syntax and the SSI syntax are allowed in the
          same document.  In fact, if you were really twisted, you

            <dtml-in objectIds>
              <dtml-var sequence-item>


             This feature really is EXPERIMENTAL.  It could disappear
            someday, depending on how people like it.  We'd really like
            to get feedback on how useful this feature is.

        - reverse options were added to the in and tree tags.

        - The startup script,, has a -D option to turn on
          debugging mode.

        - Made environment variable settings work with the http
          server. So now you can do things like ./ -w 8888
          SCRIPT_NAME=Zope and actually have the specified SCRIPT_NAME
          override the normal SCRIPT_NAME. This is Useful for using ZServer
          behind a proxy.

        - Added support for the Medusa monitor server.

        - There's a first cut at a ZServer NT service. This is Zope on
          NT's answer to

          It actually seems to work, though there's still a fair
          amount missing.

        - The error messages for missing or miss-formatted access
          files was improved.

        - A new debugging method, manage_debug, has been added to
          Control_Panel to monitor the Zope process for possible
          memory leaks.

        - The name, 'this', has been added to the namespace available
          to construction methods to provide a function for computing
          the destination object.  The name, 'this' is essentially
          equivalent to 'Destination' and 'Destination' will be
          deprecated eventually.

        - The title of the main Zope management interface now includes
          a full URL.

        - Folders that have (or acquire) index_html methods now have
          view tabs for viewing index_html.

        - On browsers that support Java Script, the "Add" button is
          omitted and the add form is visited as soon as a selection
          is made from the select list.

        - The python-pickle format used to export data from ZODB 2 was
          updated to handle string data differently.

        - Update syslog clients to try for SOCK_DGRAM first, since newer
          syslogd won't accept SOCK_STREAM connections (Collector #888).

      Bugs fixed

        - A number of bugs and features were left out of the 
          release notes for Zope 2.0 alpha 1.  The notes for
          Zope 2.0 alpha 1 have been updated substantially.

        - There was a serious memory leak introduced when a security
          bug was fixed in 1.10.0.

        - There was a memory leak in ZODB 3 persistent objects, which
          now manage object IDs as persistent objects.

        - The Python 1.5.2 cgi module didn't work with Zope.  
          Zope now includes its own fixed version of the module.

          This bug caused FTP, Netscape Publishing and WebDAV to fail.

        - A bug in transaction management caused Gadfly requests to
          fail. Other database adapters need to be updated.

        - Running ZServer as nobody failed due to the order in which
          the log file was opened.

        - Added fix contributed by Brian Hooper for HTTP Clients which
          don't always spell their HTTP headers correctly.

        - A number of classes didn't get there reference-counts
          reduced when instances were destroyed.  This confused the
          new memory allocation monitoring tool.

        - New user folders had no effect because they did not get
          properly registered in their containing folders.

        - Changes made to factory objects were lost when a process was

        - Clicking on the 'Help' caused the help information to be
          displayed in the current frame, rather than in a new

        - Shutting down Zope attempted to save the database index even
          when Zope was run in read-only mode.

        - A number of fixes were made in the Date-Time support.

        - Batch processing in the in tag sometimes failed.

        - Sites with custom roles in the top-level application
          object did not pick up the new 'Owner' role.

        - Content-type detection had problems in DTML documents and

        - Some cookie expiration dates used 2-digit years.

        - Error values for errors raised by ExternalMethods were lost.

        - Values returned by absolute_url were not URL quoted.

        - Extra newlines were prepended to documents when they were

        - Objects ids were not properly quoted in a number of places,
          because id quoting was unnecessary until recent relaxation
          of the rules for ids.

        - ExternalMethods are now automatically reloaded when running
          in debug mode.

        - Search interfaces generated by the search interface wizard
          no longer include a "Cancel" button.

        - Errors were masked by a bug in handling ZODB3 transaction

        - The ZODB 3 cache manager deactivated objects too quickly,
          causing performance to degrade.

        - BASEx request variables were not computed correctly when
          SCRIPT_NAME was not empty.

        - The URLx variables couldn't be computed in some cases when
          using ZServer.

    Zope 2.0 alpha 1


        - A change was made to the way ZClasses are constructed.

          Previously, the __call__ method was an alias for the
          index_html method which took took an id and a request
          and created a new instance and added the instance to
          the destination.

          Now, the __call__ method simply calls the underlying
          managed class with the supplied arguments to create and
          return an instance.  The instance is not added to a

          The index_html method is now an alias for the
          createInObjectManager method, which does what the
          index_html method did before.

          There is a new method, fromRequest, that takes an id
          and a request and creates a new instance.  It does not
          at the instance to a destination.

      Features Added

        - Integration of ZODB 3

        - The ZClass construction interface has been cleaned up to
          make construction of ZClasses a little easier from Python.

        - When adding ZClasses, there is now an option to
          automatically create construction methods and a factory.

        - "Management" screens now *only* show tabs a user permitted
          to see.  Used in combination with carefully selected roles, 
          this change provides an adaptable management interface.

        - Instance homes can now have local Products directories.

        - There is a new ZServer start up script that can be used without
          modification and that integrates process management.  This
          script replaces the ZServer '' and '' scripts.

        - When the new startup script is used, then the control panel
          shows a "Restart" button which causes the Zope process to
          exit and be restarted and a "Shutdown" button that causes Zope 
          to exit and not be restarted.

        - There is a *very* rough cut at a centralized version manager
          in the control panel.  This is only functional when the
          ZODB3 database is used.  This feature will mature
          significantly before the final 2.0 release.

        - A new Zope icon was added, and the "powered by Zope" icon
          has been updated.

        - Made DTMLDocuments, DTMLMethods, Images, Files and Folders
          subclassable by ZClasses.

        - ZClass property sheets can now have read and modify

        - An "add list" name can be specified when creating a ZClass.
          If specified, then construction methods and a factory are
          created. This makes the class immediately instantiatable and
          provides construction method examples.

        - The ZClass basic property sheet now shows base classes.

        - Changed the string representation of HTTPRequest so that
          <!--#var REQUEST--> is a lot friendlier.

        - Added a Zope debugging short cut.  


            import ZPublisher

          is a shortcut for::

            import ZPublisher
            ZPublisher.test('Zope', path)

      Bugs Fixed

        - ZClass permission setting interfaces didn't show inherited

        - A number of bugs arising from attempts to set 
          caching headers were fixed.

        - Some default permissions were not set correctly.

        - The unused non-functioning resource-consuming Scheduler has
          been removed.

        - Access was given to objects without roles even if access
          would be denied to the container.

        - Fix submitted by Martijn Pieters:

          Any property type int or long, set to 0, showed up in the
          Properties Management tab as blank. This resulted in errors
          when trying to change values of other properties, etc.

        - Version names were computed incorrectly.

        - Delete and rename were broken for ZClasses.

        - It wasn't possible to override inherited attributes with
          methods in ZClasses.

        - Property values were not removed from ZClasses when property
          sheets were deleted.  This made it impossible to re-add a
          property from a deleted property sheet.

        - Generated property view and edit forms for ZClass property
          sheets had a number of problems.

        - The propertysheets property sheet should only allow addition of
          property sheets.

    Zope 1.11.0 pr1, which should have been named Zope 2.0.0 alpha 0.

      Lots has changed in this release. The major news is ZClasses and WebDAV.

      Features Added

        - Added WebDAV support. See for details.

        - Added Z Classes. Documentation is forthcoming.

          ZClasses might be viewed as somewhat experimental, although
          we're using them aggressively for internal projects.

        - Added Property Sheets. Documentation is forthcoming.

        - ZServer now included in distribution.

        - Added new product registration interface. Documentation is

        - Added local roles which allow for permission settings for
          users on individual objects. This allows for 'ownership' of Zope
          objects. Added 'Owner' role to default roles, and automatic
          setting of the 'Owner' role on a created object to the user who
          created it.

        - Added hooks for XML-RPC support to ZPublisher. See the source
          for details. XML-RPC support is not yet finished.

        - Added automatic height/width detection for JPEG images.

        - Revised Zope error messages.

        - A new DTML 'try' tag added based on work by Jordan B. Baker.
          See the source for details. Documentation is forthcoming.

        - A new DTML 'mime' tag has been added. See the MIMETools README.txt
          for more information.

        - A new 'range' function added the the '_' DTML variable. 

        - A new 'utilities' directory is included in the distribution.

        - A new flag attribute, 'only', of the DTML 'with' tag
          prunes the DTML namespace to only the namespace created
          with the with tag.

        - Added contributed support for encoding options in the SendMail
          tag and MailHost send method.

        - Management tabs are now prettier and allow status messages with
          the manage_tabs_message variable.

        - Added a method of notifying users of changes without using a
          MessageDialog. This makes editing DTML Documents and Methods

        - Added more documentation to Product add screens.

        - New icons for many Zope objects.

        - Sessions are now known as Versions.

        - Changed from using 'manage_main' as default management method to use
          'manage_workspace' which is a reserved method that dispatches to the
          default management interface which is the first interface defined
          in manage_options

        - Permission settings are now inherited by Products from their base
          classes. This means when you build a Product you only need to specify
          its particular permission settings.

        - Changed ZPublisher.publish_module's interface so that instead of
          providing a stdin, stdout, and stderr, you can provide a Request and
          a Response object. ZServer makes extensive use of this feature.

        - Added methods to HTTPRequest to allow access to ZPublishers object
          traversal. HTTPRequest.clone and HTTPRequest.resolve_url. See the
          source for more details.

        - Added a new "builtin" function reorder to DTML.

          reorder(s, [with, without]])

          Reorder the items in s according to the order given in with
          and with items mentioned in without removed.  Items from s
          not mentioned in with are removed.

          s, with, and without are all either sequences if strings
          or sequences of key-value tuples, with ordering done on the

          This function is useful for constructing ordered select lists.

      Bugs Fixed

        - Added small fixes to ZopeHTTPServer in anticipation of DAV.

        - Construction, upload, and edit methods did not consistently
          support either string or file data.  This caused really weird
          behavior when file upload was used with out including the 
          ':string' suffix in the argument name when doing a file upload.

          This bug was previously (and incorrectly) reported as a 
          ZPublisher.Client problem.

        - Errors in ExternalMethods were masked by bugs in error
          reporting logic.  The bugs were made far more effective
          by Python 1.5.1.

        - Databases (or export files) created in binary distributions
          were not usable in source distributions due to cPickle
          limitations in stock Python 1.5.1.  We now link/copy the
          cPickle extension to BoboPOS to make sure that it uses the
          latest version.

        - Fixed registration of MailHost settings and incorrect default
          quoted-printable encoding of message bodies.

        - Added contributed patch that fixes bug in copied-object id

        - DTML Documents and Methods now attempt to determine their
          content-type rather than assuming they are text/html.

        - Fixed PUT bug in determining content-type of binary files.

        - Added changes that allow the top level userfolder to be replaced by a
          UserDB or other userfolder-like object.

        - Fixed an FTP support bug that sometimes kept simple items from
          producing FTP listings.

        - Added URL1 instead of "." as the form target for the workspace forms --
          using "." causes NS servers to intercept the request and report an
          error, making Zope effectively unusable.

        - Added ZPL 1.0 and credits to copyright link in management screen.

        - Fixed a bug that prevented validate() from working if the top-level
          object were accessed and no default object (index_html) existed.

        - Fixed a logic bug in security validation that allowed access to
          unacquired objects that didn't have __roles__ even if the
          containing object was protected.

    Zope  1.10.2

      Bugs Fixed

        - Fixed a permission problem with DTMLMethod objects that caused
          errors when attempting to commit permission changes.

        - Factories could not determine the available methods
          when they were being edited, making them uneditable.

    Zope  1.10.1

      This is a Python 1.5.2 beta 2 compatibility release.

      A Python C API change in Python 1.5.2 beta 2 broke
      Zope.  This release contains a fix.

      Zope should work correctly with Python 1.5, 1.5.1 and
      beta versions of 1.5.2.

    Zope  1.10.0

      New Features

        - Added Import/Export interfaces to Folders.

      Bugs Fixed

        - Fixed a bug in ZopeHTTPServer which caused it to fail on POST
          requests without content-type headers.

        - PUT and file uploads would fail if the content-type could
          not be determined. Now objects created via PUT and file
          upload will default to either 'application/octet-stream'
          for binary files or 'text/plain' for non-binary files if
          no content-type can be determined from headers or filename

        - Fixed a permission bug left from a change to the Find support.

        - Fixed misc typos in docstrings and docs.

        - Fixed a bug that kept objects from being freed from the cache!
          Basically, there was never a check for inactive objects.

        - MailHost objects didn't do appropriate CRLF conversion or
          recognize 4xx server responses.

    Zope  1.10.0 pr1

      New Features

        - Documents generated by the search interface wizard
          no longer use tab characters.

        - Added a -s option to ZopeHTTPServer.  This is useful
          for emulating older sites when generating screen shots
          for creating or updating documentation.

        - Default bobobase now includes a Zope button along with a link
          to the Zope site. This satisfies the ZPL attribution requirement.
          The button is created by a new builtin method
          'ZopeAttributionButton'. Also, both the source and the binary
          distributions now have the same default bobobase.

        - Made the logic for getting SOFTWARE_HOME a bit more robust, so that 
          it handles relative paths and paths starting with '.' and '..'.
          This is useful when simply importing Main from the Python
          prompt in the lib/python directory.

        - The ThreadLock module has been changed to reflect changes
          in the Python API in Python 1.5.2.

        - The '_' variable in DTML now has the random module
          as an attribute and DateTime.DateTime as the attribute DateTime.

        - Added keys() and items() methods to the REQUEST object.

        - Added get_header() method to the REQUEST object for retrieving
          HTTP headers.

        - New SearchIndex package and BTree component have been added to 
          the distribution, providing low-level support for products with
          built-in searching such as Tabula and Confera.

        - Documents have now been split into two distinct object types:
          DTML Documents and DTML Methods. DTML Methods behave exactly
          as Document objects did. DTML Documents are similar except that
          the "client" or "self" of a DTML Document is the DTML Document
          itself rather than its parent, and DTML Documents can have

        - DTML Documents, Image and File objects can now have properties.

        - A new PropertyManager mixin class allows developers to easily
          add properties and property management to non-Folder objects.

        - Added a new absolute_url method which can generate an absolute
          url for the object on which the method is called.

        - GIF and PNG Images now figure out their own dimensions when
          uploaded. Image height and width properties are now editable.

        - Images now generate themselves as html IMG tags, using an absolute
          url and correct height and width tags if possible.

        - There is a new form input type, boolean, for inputing boolean

        - Added a read_only option to the SimpleDB.MultipleRevision and 
          PickleDictionary constructors to open a database in read_only

        - Added an environment variable, ZOPE_READ_ONLY, used by the
          Zope framework.  If this variable is set, then the database
          is opened in read only mode.  If this variable is set to a
          string parsable by DateTime.DateTime, then the database is
          opened read-only as of the time given.  Note that changes
          made by another process after the database has been opened
          are not visible.

        - Added a database_quota option to the SimpleDB.MultipleRevision and 
          PickleDictionary constructors and a
          SimpleDB.MultipleRevision.set_quota method to set a database
          quota. The quota is given as either an integer number of
          bytes, or a function taking an integer number of bytes
          argument and returning whether the quota has been exceeded.

        - Added an environment variable, ZOPE_DATABASE_QUOTA, used by the
          Zope framework. If this variable is set, it should be set to
          an integer number of bytes.  Additions to the database are
          not allowed if the database size exceeds the quota.          

        - Added size and last modification time to DTML Method and DTML
          Document edit interface.

        - Added a new module, BoboPOS.winlock, that provides file
          locking on windows.  This should prevent many cases of data

        - Added FTP support to Documents, Files, Images, and Folders.
          FTP interface is detailed in OFS/ though it may
          change. Basic FTP support was also added to SimpleItem to make
          it easier for Zope objects to support FTP.

      Bugs Fixed

        - Permissions for manage_clone method were wrong, meaning that
          essentially only managers could use it.

        - File paths that showed up in tracebacks reflected the paths the 
          files had when they were compiled (at distribution build-time).
          The compiled-in paths have been changed to be relative to the
          Zope installation directory.

        - Fixed a bug in ZPublisher's special handling the "cancel"
          submit buttons. The test for the cancel button was case
          sensitive.  I changed it so it would accept any case, as
          well as extra spaces.

          Cancel buttons should probably be handled using the new
          :method form type, but this would require the presense of an
          appropriate redirect method.  Perhaps there should be
          a :redirect form type.

        - Date strings with years < 31 were not accepted, even
          through the documentation says they should be.

        - If Zope crashed or was unable to completely write a database
          record, then on restart, a data corruption error was reported.
          Now, truncated records are removed if necessary on start up.
          If necessary, other records are removed as well to avoid 
          partially-written transactions.

        - Lack of sys.argv in the win32 service version of Zope caused 
          it to raise errors under certain conditions.

        - Several HTTP PUT related bugs were fixed.

        - Simple items did not have an objectValues method, which caused
          odd behavior in certain tree tags since the method would be
          acquired from the parent of the simple item.

        - The Find form in the management interface depended on javascript
          to function properly.

        - Added a fix to compensate for the fact that Apache servers may 
          rename the entire cgi environment when mod_rewrite rules are 
          used in .htaccess files.

        - If system clocks were changed, so that database records 
          had records in the "future", then database corruption could
          either occur or be incorrectly reported.  Now this situation
          results in an informative error message and corruption does
          not occur.

    Zope 1.9.0

      New Features

        - Zope now provides better information about products.  If a 
          Product has a README.txt, then it will be readable through
          the product management interface.   

          If a product encounters an error during startup, the
          traceback is available through the product management

        - Cache statistics are displayed in minutes, rather than

        - Products can define the attribute '__module_aliases__' in
          their '__init__' modules that specifies aliases for modules
          used in the product.  This is useful if module names have
          changed and the database contains pickles refering to the
          old modules.  The attribute should be a sequence of
          tuples. Each tuple has a (dotted) module name and a module.

      Bugs Fixed

        - Development on ZopeHTTPServer has been frozen in anticipation
          of the switch to Medusa. Therefor ZopeHTTPServer still does
          support PUT. Sorry.

        - ZPublisher.Client used the obsolete rand module.

        - Errors occuring during product import caused Zope to fail to come

        - Product version information was not displayed correctly.

        - ZGadflyDA cached table meta-data which lead to missleading
          information when browsing databases.

    Zope 1.9 beta 3

      New Features

        - Z SQL Methods (FKA Aqueduct) and the Z Gadfly Database Adapter
          are now included.

        - The argument handling for ZopeHTTPServer has been changed to 
          be a bit more flexible wrt the order of argumements.  
          While options must still come first, environment settings
          can be given in any order.  This makes startup scripts loke
 quite a bit simpler.

        - ZopeHTTPServer now sports preliminary support for PUT publishing.

        - ZopeHTTPServer now serves from port 9673 by default, not 8080.

      Bugs fixed

        - The start.bat file used to start ZopeHTTPServer on win32 was
          misnamed and didn't correctly pass command-line arguments.

        - Win32 machines without an existing Python installation had problems
          due to PYTHONPATH bootstrapping.

        - The included ZopeHTTPServer was failing to start correctly on
          win32 machines that were not connected to the network.

    Zope 1.9 beta 2

      In addition to various documentation updates, this release includes:

      New Features

        - Changed to accept ZopeHTTPServer command-line options.

        - Added a -P option to the ZopeHTTPServer to specify a file
          to contain the process ID.  This allows a script to stop
          the process on Unix.

        - Added support for the environment variables, Z_REALM and
          Z_DEBUG_MODE to set an authentication realm and to
          enable debug mode.

      Bugs fixed

        - External methods were broken due to differences in 
          Python 1.4 and Python 1.5 comparison semantics.

        - ZopeHTTPServer command-line environment settings
          were not available in os.environ.

        - Some class references were wrong in examples in the ExtensionClass

        - INSTANCE_HOME was not set correctly when the debugger was run
          with a relative path to the published module.

        - The #! line in the ZopeHTTPServer was hidden by the copyright
          statement and didn't have the right path.

        - A bug in caused file uploads larger than 1 MB
          to fail.

    Zope 1.9 beta 1

      Bugs fixed:

        - pcgi did not build correctly on Solaris 2.6

        - links in headers were broken when Zope was reached with
          /, as is the case when the ZopeHTTPServer is used.

        - Python sources used tabs and spaces for indentation, which
          made some people unhappy.

        - Copyright statements were missing or out of date.

        - Added better instructions for building and running Zope.

        - Added new Zope License and attribution information.

        - Merged BoboHTTPServer updates with ZopeHTTPServer. Including 
          socket changes to allow easier stopping and starting.

        - Shutting down the ZopeHTTPServer from the application
          caused an empty document to be returned.

        - The install scripts failed if run more than once when attempting
          to create a var directory.


        - Added (and old version of) the zlib module to make
          installation simpler.

        - Zope requires an access file.  The install scripts now create

    Zope 1.9 alpha 1 

      This was the inital Zope test release.