Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
eb3c8bf9
Commit
eb3c8bf9
authored
May 16, 2000
by
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
split CHANGES into CHANGES and HISTORY
parent
a51b7b75
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
2411 additions
and
2472 deletions
+2411
-2472
doc/CHANGES.txt
doc/CHANGES.txt
+9
-2472
doc/HISTORY.txt
doc/HISTORY.txt
+2402
-0
No files found.
doc/CHANGES.txt
View file @
eb3c8bf9
Zope
C
hanges
Zope
c
hanges
This file
gives information on changes made to Zope over time,
things that need to be done before the next release and futur
e
plans
.
This file
contains change information for the current Zope release.
Change information for previous versions of Zope can be found in th
e
file HISTORY.txt
.
Notes on Zope 2.0
ZOPE 2.0 REQUIRES PYTHON 1.5.2!
Zope 2 includes:
- ZODB 3, the next generation of the Zope Object Database,
- Z Classes, a new mechanism for building Zope applications
- WebDAV level 1 support,
- Support for XML-RPC clients.
- ZServer, the integration of Zope and Medusa,
- ZCatalog, a mechanism for indexing content and creating
catalogs
- Beginnings of XML support
o The Python pyexpat extension, which provides access to the
widely used expat XML parsing library, is included in the
distribution.
o DOM interface on Zope objects (initially this is limited to
read-only access).
o Import/export using XML
Of course, XML is used in XML-RPC and WebDAV
- Many other sundry big significant items, such as:
o Look and feel improvements,
o Tighter security,
o Simpler creation of Python products.
ZODB 3
See ZODB.txt for notes on ZODB 3.
ZClasses
ZClasses provide a powerful new way to develop Zope
applications. ZClasses allow new objects to be developed
entirely through the web.
ZClasses also support building applications through combinations
of Python classes created on the file system and objects created
through the web. For example, Python classes could implemented
business/domain logic and then augmented with Zope web methods
to provide a web interface.
Releases
Zope 2.2.0 alpha 1
Zope 2.2.0 beta 1
Features Changed
- Added a new security policy architecture and object ownership
to address the server side trojan issue. The new architecture
cleaned up various places where Zope code did authorization
checks. A side effect of the new policy is that it is a bit
more strict than it used to be - objects without explicit
protection to which access was previously allowed will now
be denied. There is a new declarative method for providing
access to such objects, which has been applied to certain
previously unprotected Zope objects that DTML writers are
accustomed to having access to. See the SecurityPolicy
wiki pages on Zope.org for further information.
- Added a new online help system. Help is now available for
standard Zope objects. Zope developers can add help for their
Python Products and Control Panel Products. See HELPSYS.txt
- Added logic to increase the Python interpreter "check interval"
that should provide at least a 20% performance improvement for
most Zope sites. Also added a new -i option to z2.py so that
Zope users can pass in alternate values (the default is 120)
for the check interval. This lets users experiment and tune
the interval for the best results in their particular system
environments.
- The message returned when an empty result set is returned
from a ZSQL Method has been clarified.
- In the load_site utility:
o Added logic to try and figure out a path to ZPublisher if
one was not provided.
o Added an option, -I, to automatically add an index_html
method that redirects to index.html or index.htm.
- Record objects returned by ':record' form-marshalling tag have
been enhanced to act like mapping objects.
- The ZServer startup script, z2.py, now allows all servers to be
disabled with a single option,
- The ZServer startup script, z2.py, now allows all multiple
HTTP, FTP, or monitor servers to be run.
- The ZServer startup script, z2.py, now allows separate IP
addresses to be specified for each HTTP, FTP, or monitor
server.
- Added 'urlparam' attribute to tree tag to allow propagation
of extra parameters through tree URL's (Collector #1045).
- When renaming objects, the old id is provided as the
default value for the new id.
- Allow non-sliceable keys in PersistentMappings (Collector #1064).
- Use smtplib in implementing MailHost/sendmail (Collector #1005).
- Allow call to get() w/o explicit default in PersistentMapping
(Collector #1182).
- Allow rename of multiple items (Collector #1065).
- Allow expr syntax in <dtml-mime/boundary> for type, disposition,
encode, name, filename; add skip_expr (Collector #892).
- Split the old CHANGES.txt into two files. CHANGES.txt will
now contain only change information for the current Zope
release. Change information for older versions is now in
the file HISTORY.txt.
Bugs Fixed
- Fixed problem with extra PermissionMapping objects being in
the aq_parents hierarchy during traversal when a method was
being accessed a ZClass defined instance method.
- Fixed ZCatalog 'Find to ZCatalog' with expressions problem.
- Fixed broken links in ZCatalog 'Cataloged objects' view.
- FTP directory listings were not sorted.
- Improved FCGI support in ZServer.
- Improved ZServer streaming, including fixing chunking and
keep-alive support. Chunking is now done by default with
HTTP 1.1 clients. Fixed possible problems with large responses.
Thanks to Toby Dickenson.
- ZServer's FTP server no longer binds to all interfaces.
- Fixed a bug which caused File objects of type 'text/html' be
have the wrong Content-Length set.
- A bug in SQL methods could caused results to be returned without
an acquisition context. This could cause methods provided
via ZClass brains to be inaccessable due to the dependence of
ZClass method security on a correct acquisition environment.
- Fixed tree tag so that expand_all and branches_expr play nice
(Collector #919).
- Suppressed "private" names from catalog indexes/meta-data
(Collector #1076).
- Allowed strings with linebreaks as data in Gadfly queries
(Collector #972).
- Added note to WEBSERVER.txt pointing out security issues with
REMOTE_USER mode (Collector #733).
- Fixed colspan counting in tree tag (Collector #913).
- Logging enabled with the -D option to the z2.py script did
not include traceback information and was not performed
during Zope startup. This made finding startup errors
difficult.
- The logic for reparsing the dtml files used for the Zope management
screens while in development mode was broken - it was reparsing
system dtml files on every request.
- Correct DateTime docstring to remove spurious 'negative offset'
language (Collector #1074).
- Clean up pointer cast to suppress compiler warning in zlib.c
(Collector #1190).
- Guarantee null-terminated buffer in Record_init() so
Record_compare() doesn't UMR (Collector #1012).
- Clean up use of PData for large images (Collector #1061).
- Fix overflow exception in statistics of <dtml-in> (Collector #1089).
- Check for invalid characters in whole id, not just first character
(Collector #1131).
- Prevent unintentional exceptions from blocking manage_beforeDelete;
added OFS.ObjectManager.BeforeDeleteException to allow an object
to veto its deletion (Collector #1183).
Zope 2.1.6
Bugs Fixed
- Some bits from the 2.2 line inadvertantly got into the ZRDB
package during the SQL Methods update which caused errors
for certain database adapters.
- A fix to the logic in Acquisition for aq_acquire caused a bug
in the handling of inner ZClasses.
Zope 2.1.5
Bugs Fixed
- Fixed a problem with the permission declarations for the Image
and File classes. The problem made it impossible to change the
'View' permission for File objects.
- Added logic to setgid() to the user's primary group if z2.py
is run by root.
- Fixed a bug in TimeStamp objects that produced a wrong
date/time representation for bobobase_modification_time.
- Changed _checkId in ObjectManager to disallow REQUEST as an
object id.
- Fixed a bug that could allow someone with a lot of Zope zen
to change the apparent AUTHENTICATED_USER to access things
that they shouldn't.
- Fixed a bug in ZServer that could cause server hangs under
certain heavy load conditions.
- Fixed a remaining '.' form target that we missed in the Zope
rename form. This caused rename to fail for Zope installations
running behind Netscape servers.
- Fixed a potential buffer bug in PCGI reported by Larry Luther.
- In the load_site utility, binary files were misshandled on
windows.
- Fixed manage_renameObject to be willing to get the REQUEST
via acquisition, making it easier to use from DTML.
- Changed the expireCookie method of FTPResponse to fail
gracefully when attempting to delete a cookie that does
not exist.
- Fixed a bug that caused a traceback when all members of a
multiple select property were deselected.
- The _validTime method of DateTime objects rejected time values
with fractional seconds between 59 and 60 (which caused problems
with some database date conversions).
- Changed id checking logic to disallow '/' in an object id.
- Structured Text had problems with '~' characters in URLs.
- Fixed a potential security hole that could allow users with
permission to add Folders and edit DTML (and a who have a
lot of Zope zen) to get access to things that they shouldn't.
- The internal templates used by SQL methods weren't correctly
applying the same access control constraints as standard DTML
objects.
- Fixed ZopeAttributionButton to open in the top-level of the
web browser.
- Fixed a problem with using the "scale" arguments to the tag
method of Image objects.
- Fixed a problem in the Acquisition module that could cause
objects accessed via aq_acquire to not be wrapped correctly.
- Fixed If-Modified-Since header handling for Images and Files.
Zope 2.1.4
Bugs Fixed
- Removed the "feature" that allowed the REQUEST object to be
traversed through the web. While useful for debugging, this
could be a security issue.
Zope 2.1.3
Bugs Fixed
- A race condition in the logic for managing Zope database
connections caused Zope to hang on very busy sites.
- A bug in the packing code that caused records to be
nreadable after:
o someone did work in a version
o Someone did an (unrelated) undo
o the version was committed
and the database was packed to a time before the work was done
in the version.
- Fixed a bug that caused packing to raise an
error in the following situation:
o someone modifies and then deletes an object
in a version.
o they commit the version
o the database is packed between the time the
object is deleted and the time the version
is committed.
- Fixed a bug that caused Zope to sometimes hang instead of
shutting down or restarting when accessed over a fast network.
- It wasn't possible to use a ZClass instance as a method of a
ZClass.
Zope 2.1.2
Bugs Fixed
- Thanks to Kevin Littlejohn's sleuthing, a sizable problem in
the security machinery in DTML has been brought to our
attention and resolved. The problem is most acute in
situations where untrusted people can edit DTML documents or
methods.
Zope 2.1.1
Bugs Fixed
- Conflict errors (multiple threads trying to modify the same
object) were not handled correctly for requests with
bodies (e.g. POST requests).
- ZODB FileStorage index files could become out of date after
an undo. This could lead to strange results and apparent
database corruption if Zope was shut down ungracefully and
restarted. Now index files are removed when undoing
records.
- Saving or discarding versions failed if a transaction that
added a new object in the version was undone.
- There was circumstantial evidence that a failure of an OS to
correctly delay writing to data to disk after Zope had
written it led to a corrupted database. Zope now makes an
'fsync' system call (where available on Unix systems) to
force data to be written to phusical storage when
transactions are committed.
- Some applicataions were writing empty transactions. The
FileStorage now checks for and avoids writing empty
transactions in this case.
- Multiple-selection properties didn't work in regular
property views, even though they did work in ZClass property
sheets.
- The Win32 WISE installer did not create a default Zope.cgi
PCGI resource file.
- The Win32 WISE installer script is now included in the /inst
directory of win32 installations by popular demand.
- An import problem caused the name "BTree" to be incorrectly
overwritten in TextIndex.py and UnTextIndex.py in the
SearchIndex package, which caused problems for some third-
party product authors.
- There were a number of problems with the load-site utility
(utilities/load_site.py):
o A recent change caused HTML files to have their headers and
footers replaced with var tags for standard headers and
footers. While this is sometimes very useful, it is
sometimes disastrous. This feature is now enabled with the
-D option.
o Handling of files with a '.dtml' extension was broken. These
are now handled correctly. Files with '.dtml' suffixes now
get uploaded as methods.
o A workaround for old sites that had a bug in Document (aka
DTMLMethod) upload has been disabled. This workaround is now
enabled when the -9 option is used.
The following bug fixes were accidentially excluded from 2.1.0:
- Redefining the "views" on a ZClass could incorrectly affect
the views available on instances of base classes of the ZClass.
- The new 'url' option to DTML 'var' tags did not work properly
for DTML and other callable objects.
Zope 2.1.0
Features Changed
- Enabled preliminary support for FastCGI to ZServer. This
allows Zope to communicate with web servers that support
FastCGI. Use z2.py's -F switch to configure FastCGI support
in ZServer. See WEBSERVER.txt for more information.
Bugs Fixed
- Redefining the "views" on a ZClass could incorrectly affect
the views available on instances of base classes of the ZClass.
- The new 'url' option to DTML 'var' tags did not work properly
for DTML and other callable objects.
Zope 2.1.0 beta 2
Features Added
- Added Oleg Broytmann's patches to utilities/load_site.py
that provide automatic parsing of title and property
information and inclusion of std headers and footers.
- Added Martijn Pieters' patches to DT_Try.py to implement
try/except/else and try/finally constructs.
- Virtual Hosting and SiteObjects. Virtual Hosting allows a
server that can multi-host, like Apache, to serve different
hosts from different Zope folders. 'SiteObjects' act as a
placeholder for a virtualhost.
Bugs Fixed
- Some problems with the product distribution machinery that
prevented product distributions from installing correctly
have been fixed.
- Description lines on the Undo screen were not HTML quoted,
which could cause problems rendering the Undo log if any
of the descriptions contained stray HTML tags.
- Bugs in the way that ZClass instances were pickled have
been fixed.
- Some long-standing indentation problems with the tree tag
have been fixed.
- The Zope database lock file was not properly closed.
- Linux and Solaris binary distributions did not contain the
python _locale module required for locale support.
Zope 2.1.0 beta 1
Features Added
- The ZCatalog now supports relevance ranking. Instead of
search results being returned in an essentially random
order, results are now sorted by 'score'. For text indexes,
the score is the number of occurrences of the search term in
a document. The score can be accessed by an attribute on
Catalog results 'data_record_score_' and
'data_record_normalized_score_' contain the score and
normalized score for the result object.
- Added Keyword Indexes to the Catalog. Keyword indexes allow
you to index a sequence of 'keywords' as an atomic property
of an object. This is useful for buiding catagorical
hierarchies.
- Z SQL Methods arguments list is now a TEXTAREA widget to
ease editing long aruments lists.
- SQL Database Adapters now have a 'test' tab where arbitrary
SQL may be entered and executed immediately through the
connection object. DTML is not supported in this tab.
- SQL Methods now support an option 'op' parameter on the DTML
method <dtml-sqltest> which allows you to choose the
operator used for comparison.
- WebDAV support has been modified to support MS Office 2000
applications. The changes _emulate_ aspects of DAV level 2
locking but do _not_ provide actual locking support at the
present time.
- Files and Images now can be served without loading themselves
into memory. This is automatically done for large Files and
Images. As a by product, RESPONSE.write now works better in
ZServer.
- Most if not all of the default DTML generated by Zope and its
built-in products is now generated in the new <dtml-var ...>
syntax. The DTML sources for Zope's built-in management
interfaces have also been converted to the new syntax.
- DTML entity references can now include dot-separated
var tag *options*, as in: '&dtml.url_quote-foo;'
- There is a new 'url' option on the DTML var tag that causes
absolute_url to be called on the displayed value. This
allows entity references like: '&dtml.url-foo;'
- There is a new 'url_quote_plus' option on the DTML var tag that
acts like the standard url_quote option but uses '+' to encode
blank spaces.
- There is a new 'missing' option in the DTML var tag that
allows you to provide a value to be used if the variable is
missing, rather than raising a KeyError. This will work in
the entity reference syntax as well. If it is used without
an argument, it will provide an empty string.
- The DTML built-in function, getattr, now accepts an additional
argument providing a default value.
- The tag() method of Image objects now support optional 'scale',
'xscale' and 'yscale' arguments that will automatically scale
the output height and width tag attributes.
- The Products folder in the Control Panel now has an 'Import/Export'
tab to allow easier importing and exporting of Control Panel
Products.
Features Changed
- ZCatalog uses subtransactions to keep memory consuption low
at the expense of indexing speed. Subtransactions can now
be disabled through the management interface for use with
non subtransactions compatible objects like ZSQL Methods (or
for raw speed if you have lots of RAM).
- Added a coptimizations module. The first optimization is
to provide an implementation of persistent_id in C. This
routine, which is called extremely often while pickling was
found to be a significant bottleneck.
- More flexible cache management methods were added to ZODB
Connection objects so that apps that want to move objects
out of memory can force aggressive cache behavior.
- Added the beginnings of internationalization support to Zope.
The Zope startup script (z2.py) now supports a "-L" option
that can be used to pass a locale name (such as "en" or "de")
to Zope at startup. If specified, Zope will attempt to set the
locale using the locale module if it is available. This change
will allow Zope to better handle international characters in
a number of places such as searching and indexing.
- Logging from ZServer modified to produce Common Log Format
in a Combined format, where user-agent and referer are also
logged.
- xmlrpclib was updated to relect the current version (0.9.8)
from Pythonware.
- Add button returned to the management interface, although
the Javascript auto-select is still in place. This resolves
some problems with browsers on certain platforms.
- Added small explanation on Image/File add form that if the
'id' is not provided, it will be autogenerated based on the
file name.
Bugs Fixed
- The build procedure for source checkouts now sets the
directory structure permissions to something (775) readable
by anyone, including, e.g., the web server running under a
different user id and group than the installer...
- A bug in the DTML tree tag that prevented expand_all from
working correctly has been fixed.
- ZCatalog now actually saves memory when using
subtransactions. Plugged a couple memory leaks doing this.
- Added ALT text fixed nested anchor tags produced by the Tree
tag to ensure that valid HTML is produced, and fixed the
reverse option to the Tree tag.
- A bug in FTP cookie authentication was fixed.
- Fixed a bug that caused External Methods to be reloaded every
time they were used in development mode.
- Fixed a permission typo in ZCatalog and a sort_on bug.
- Fix for missing REQUEST in a method signature in the
CatalogAwareness module.
- Changed to propagate errors raised by _begin for thunked
database adapters. Also changed completion code to check
registered status and avoid completion logic if not registered,
which would be the case if _begin failed.
- A memory leak in cPersistence has been fixed, and a bug in
object deactivation that prevented deactivation of BTrees
was fixed.
- A problem in BTrees that caused unintended db writes on
Catalog searches was fixed.
- Some unnecessary debug mode overhead eliminated - external
methods are now automatically reloaded only when the .py
files are changed.
- A thread-safety problem with PCGI handling was fixed.
- A bug that caused installation of through-the-web product
distributions to fail.
- A bug in the handling of long int properties was fixed.
- Some bugs in the generation and verification of CRYPT based
passwords was fixed.
- A bug in the earliestTime method of DateTime objects was fixed.
- A bug in determination of the ZServer version string was fixed.
- Height and width detection for some PNG images did not work
properly.
- A bug that caused proxy role machinery to ignore local roles
was fixed.
- Added a fix for PCGI to make sure binary IO is used on win32.
- A javascript fix for IE5 was made for the folder add list.
- A bug in sequence multiplication in DTML was fixed.
- A ZServer bug that prevented running multiple Zope2 installations
on non-posix systems was fixed.
- An External Method error handling bug was fixed.
- The local 'Owner' role could be overwritten when an object
was copied, moved or renamed.
- Documented and fixed the creation of 'selection' and 'multiple
selection' properties.
- SECURITY: Fixed bug that allowed users with local roles gain
priviledges on acquired objects. getRolesInContext did not
used the correct context, as defined by the inner-most object
wrapping.
- SECURITY: The permissions for Find support methods were not
being properly initialized.
- SECURITY: Viewing existing user no long displays current password,
only space for putting in the new password. This will be more
critical as we move toward fully encrypted passwords.
- SECURITY: A bug that prevented setting permissions on External
Methods in ZClasses was fixed.
Zope 2.0.1
Bugs Fixed
- Fixed a bug which allowed unauthorized options to be displayed
when adding a Folder. Now you only see options to add an
index_document and/or a user folder if you have adequate
permissions.
Zope 2.0
Features Added
- Database conflict errors are now logged. Although conflict
errors are normally handled by retrying requests, frequent
conflict errors can degrade performance and should be dealt
with by redesigning applications.
Features Changed
- The process id displayed in the control panel now inclused
the thread id, in parentheses.
- Upload of image or file data *always* used
sub-transactions. Unfortunately, database adapters don't
support subtransactions. Images and files now use
subtransactions only of the image or file is greater than
128K bytes in size. Also, subtransactions are not used if
data are uploaded as a string by using the ':string'
ZPublisher type in the upload form.
More advanced DA's could, and probably should support
sub-transactions.
Bugs Fixed
- Attempting to cut an object then paste it into itself or
one of its subobjects would cause a recursion problem.
- Certain ZCatalog reindex operations could fail due to an
unintended transaction abort.
- Database connections were leaked when database conflict
errors occurred and handled by reexecuting requests. When 7
connections leaked, the site would accept no more web
requests.
- The transaction-integration for relational databases didn't
work properly. Aborting Zope transactions didn't abort
relational database transactions. What's worse, transactions
were not committed after a Zope transaction using a
relational database was aborted. This explains the reported
problems with Gadfly databases and transactions.
- Fixed a bug which prevented ZPublisher.Client from uploading
files to ZServer.
- Added some logic to the win32 binary installer to fix some
dll loading problems people were getting on international
versions of NT.
- Fixed a bug in cDocumentTemplate that could cause AttributeError
instances to be leaked in certain situations.
- 'reverse' option for the 'in' tag as well as the 'tree' tag
has been changed to deal with a copy of the data, rather
than the original. The database was being modified in
place. The side effect is that in large list situations
(with ZCatalog for example), sizable memory usage may
result.
- Missing values (as returned from SQL methods) were output as
empty strings by the DTML var tag, even when a numeric
format (e.g. "%5.3f") is used. Using a numeric format with
a missing value should generate an error, unless the null
attribute is used. Also, the null attribute had no effect
when outputing missing values.
- It was impossible to map some permissions to themselves, or
to other inherited, but not registered permissions in
products and in class methods. When this failed, a silly
error message ("Waaa" ;) was output.
- SQL methods had an unused method, getFindContent allowed
anonymous users to read SQL method source. This method was
renamed to PrincipiaSearchSource, and protected with a
permission.
- SQL methods could not be found with the find mechanism by
searching their source.
- The PrincipiaSearchSource method of DTML documents and
methods was not protected, so anonymous users could read
their source.
- Fixed a bug in ZOM which caused getElementsByTagName to fail
when using XML Document. Thanks to Andrew Kuchling.
- It was possible to hijak 'self' arguments for DTML and
External methods with request variables. This was especially
problematic for XML-RPC, which uses positional arguments.
- It was difficult or impossible to call External methods with
'self' arguments from XML-RPC.
Zope 2.0 beta 6
Features Added
- The control panel process id display now also includes the
thread id.
- The Zope start script, 'start', is now written in a
location-independent manner, making it a little easier to
move Zope sites around after installation.
Features Changed
Zope 2.0 introduces a new HTML DTML syntax that, among other
things, allows simple 'var' tags to be entered using the
entity-reference syntax, as in::
<input name=spam value="&dtml-spam;">
The entity reference syntax is mainly intended for use
when a var tag is used to insert text into an HTML tag. In
these cases, the text needs to be html-quoted. For this
reason, use of the entity reference syntax now implies html
quoting. For example, the DTML snippet above is equivalent to::
<input name=spam value="<dtml-var spam html_quote>">
(Note that when inserting text to be used in a URL, as in an A
tag HREF attribute, we need to url-quote the text. Zope 2.1
will provide a means to do this with the entity-reference
syntax.)
Bugs Fixed
- Missing values were not formatted correctly with numeric
formats and did not work properly with the 'null' attribute of
the DTML 'var' tag.
- It wasn't possible to map some permissions of objects in
Products. For example, it wasn't possible to enable a
permission by mapping it to itself. Attempts to do so lead
to a rather silly uninformative error message.
- When providing default values for input fields, few of the
built-in DTML methods used html quoting. This lead to
incorrect behavior when default values included markup or
quotes.
- View filtering failed to show tabs for views in some cases
where it should.
- Single-character variable names were'nt allowed in the
entity-reference DTML syntax.
- DTML batch processing didn't work properly.
- The DTML functions, '_.getattr', and '_.hasattr' incorrectly
acquired attributes even when explicit acquisition was used.
- Image dimensions were not autodetected for PNG 1.2 files.
- The "View" view didn't display correctly for images with ids
with characters that had special meaning in URLs.
- The 'optional' attribute in the 'sqltest' tag had no effect.
- With browsers (like lynx) that correctly implement RFC 1867
for file-upload support, non-file fields in file-upload
requests were treated as file fields.
Zope 2.0 beta 5
Features Removed
- The help system, which was primarily geared to DTML
programmers was removed.
Bugs fixed
- Database packing failed in certain cases where the data set
contained many version commits.
- Database packing generated spurious error logs indicating
that there were bad references for objects created in
ncommitted versions.
- A memory leak due to errors in managing request data.
- Zope sites became unresponsive (a.k.a. "Hung") due to an
error in managing ZODB 3 database connections.
- Only the top-level folder's standard_error_message was used.
- There were thread-safety and resouce consumption problems
in the implementation of thread-safe regex objects.
- Fixed bug where ZCatalog's not in the root folder did not
recognize the proper URL of objects using the 'Find'
machinery. This caused all the objects to mysteriously
disapear when you updated the catalog (because their paths
were wrong). The Catalog now works correctly anywhere in
the object hierarchy.
- Fixed a bug that caused error messages to be formatted
incorrectly if the standard_html_header did not begin
with an HTML tag.
- The undo form was accessible even to people who couldn't do
undo. This made it look like we were allowing undo in cases
where we were'nt supposed to.
- The undo form did not restrict undoable transactions to
just those transactions performed by users that were
authenticated at the same level. This made the new undo
less restrictive than the Zope 1 undo. Undo should probably
be *more* restrictive, but that will have to wait for 2.1
or later.
- Zope crashed under load for applications using ZCatalog due
to an ancient bug in handling loading of empty BTrees from
the database. This bug has only become effective with
ZCatalog.
Zope 2.0 beta 4
Features Removed
- Draft objects are no longer supported.
Features added
- The source release install script now checks to make sure that
the Python used has thread support.
- FileStorages can now habe quotas.
Bugs fixed
- This release fixes a socket listen-queue depth problem on
Win32 systems that caused poor performance and connection
refusals in ZServer.
- Fixes to the win32 installation were made to prevent a
potential conflict on systems that have an existing
installation of the Python win32 extensions.
- Some of the management views, including the
security/permission mapping views were not visible for
ExternalMethods.
- New SQL methods could bot be created.
- New mailhost objects could not be created.
- New Draft objects could be created.
- Draft objects could not be deleted.
- ZClasses could not be added as methods.
- Disk full errors could leave the object system
in an inconsistent state. The handling of this error
was made more robust. Also, when serious errors like this
occur late in the transaction commit process, the
transaction system switches to read-only mode.
The File-storage recovery process needs to change to make
disk full errors detectable earlier in the two-phase commit
process so that the system can recover without switching to
read-only mode. This change, which is expected in 2.1 will
also provide better write performance.
- Errors during commit of sub-transactions were not handled
correctly, leading to inconsistent object data.
- Packing not not mark all transactions performed before the
pack time as "packed". Undoing these transactions lead to a
broken database.
- On win9x systems, random data seems to be added to the end
of the file on system crashes, causing apparent file
corruption. Code has been added to check for this case and
recover by truncating the file with a log message.
- The Zope version was not shown in the control panel.
- The binary release had the PCGI wrapper program in the wrong
directory so PCGI installations were not successful.
Zope 2.0 beta 3
Features added
- Added a 'getobject' method to ZCatalog. This allows you to more
easily get at a cataloged object from 'searchResults'. For
example::
<!--#in searchResults-->
<!--#var "getobject(data_record_id_).title_or_id()"--><br>
<!--#/in-->
Bugs fixed
- This release fixes a bug in acquisition that caused creation of
ZClass instances to fail under some (common) circumstances.
- Copy and Paste validation machinary now takes local roles into
account.
- ZDOM now adheres more closely to the DOM spec with respect to
Document and DOMImplementation nodes.
- The main management screen will no longer show the 'Delete' or
'Export' buttons if the user doesn't have adequate permissions
to delete or export objects respectively.
Zope 2.0 beta 2
Features added
- Added a '-r' switch to z2.py for ZServer read-only mode.
- The 'null' attribute in the DTML 'var' tag is now used when
the value being output if the Python value 'None'. Some
people considered this to be a bug.
- Permission objects are automatically created for new ZClass
objects as part of the ZClass wizard.
- For Python programmers, there is a new convenience function for
debugging in the Zope package.
For example, to debug method spam in the Zope debugger::
python
import Zope
Zope.debug('spam', d=1)
Bugs fixed
- Changed the logic used to detect binary content types to
only look for control characters. The previous version
incorrectly considered certain Latin-1 characters as
binary.
- The ZService.py used to implement Zope as a Win32 service
on NT has been updated to handle a difference in the way
.dll files are found on internationalized versions of NT.
- The configure.in file used to build PCGI has been updated.
- Several fixes to DateTime were added to provide better
behavior on machines with unrecognized time zone names.
- Conflict errors, which occur when simultaneous writes occur
to the same object in multiple database connections, are now
handled correctly by re-executing (up to three times)
the requests that lost the race condition.
- Error formatting with standard_error_message has been moved
to the object publisher via a new published module hook,
'zpublisher_exception_hook'. In addition to enabling
conflict error handling, this fixed two other bugs:
- Error handling in ExternalMethods and in DTML methods or
documents called from other DTML documents or methods
caused errors to be propagated in ways that defeated use of
the try tag and other forms of error handling.
- Errors raised before or after calling published objects
were not formatted.
- Errors in processing form variables, such as missing or
miss-typed values resulted in server errors, rather than in
formatted error reports.
- Database browsing didn't work for ZGadflyDA database adapters.
- Transaction meta data were not captured correctly by
ZPublisher, which made the undo log look odd wrt the user
who performed the transaction.
- Permissions for version operations were not set correctly. This
made it hard to delegate work to be done in versions and to
separate version participation from version finalization.
To fix this, it was necessary to split the "Join/Leave" view
into separate "Join/Leave" and "Save/Discard" views.
- No remark could be entered when discarding versions.
- Fixed a ZServer kill_zombies bug which kept ZServer from killing
hung connections.
- Improved ZServer's handling of slightly broken HTTP requests.
- Fixed a properties setting permission bug.
- Fixed a product permissions registration bug that allowed
product permission data to get lost.
- Updated the MailHost product to use the new product initialization
procedure. This fixed a MailHost adding permissions bug.
- Made Z Class icons visible to everyone. This way you can view a
Z Class icon without having and permissions on the Z Class.
- Objects were sometimes incorrectly acquired do a bug in
detecting attribute errors during acquisition. This led to
errors getting covered up or obscured.
- There was a memory leak in acquisition.
- Some thread-safety problems were fixed.
- DTML entity references (e.g. '&dtml-spam;') with missing
semicolons (e.g. '&dtml-spam') caused infinite loops.
- Extra spaces around expressions in DTML caused syntax errors.
- Broken objects, which are used as surrogates for objects
that can no longer be instantiated due to missing product
installations, no longer use HTML markup in their text
representation, as this caused odd effects in HTML titles.
- A number of fixes were made to the new DOM support.
- Versions could be deleted by users working in the deleted
versions. This led to strange paradoxical effects. Attempts
to delete a version or an object containing a version by
someone working in a version now lead to errors.
- ZGadflyDA has been updated to use the current (as of this
release) version of Gadfly. (Note that this had been
incorrectly reported as a 2.0 beta 1 feature.)
- Using an sql method in a version sometimes caused the method
to be locked, making it unusable by non-version users. This
was due to the way that column meta-data was managed. Now
column meta-data, used by report creation wizards, is only
safed when sql methods are tested.
- In StructuredText, list items could not directly introduce
example code.
- Undoing transactions that discarded versions did not cause
versions to appear non-empty.
- Temporary files were created for file storages that were
opened in read-only mode.
- A bug in FileStorage and DemoStorage didn't show you more
than the first 20 previous transactions in the Undo log.
- An incorrect contents view was returned after adding a File
object.
- On the cache parameters page, the number of bytes, rather
than the number of objects in the database was shown.
Note:
The section for Zope 2.0 alpha 4 did not mention that ZCatalog
is now shipped with the Zope core.
Zope 2.0 beta 1
Backward incompatibility
- ZODB 2 is no longer supported or included!
- The utility script bbb.py, no longer supports
xml output.
Known problems
- Handling of conflict errors hasn't been implemented. When
two threads try to update the same object, one will get a
conflict error. By beta release 2, requests that get conflict
errors will be retried until they succeed (or fail without a
conflict error) or until a maximum number of retries is
exceeded.
Features added
- The default ports used by ZServer have been changed. The
new default ports are: 8080 for HTTP, 8021 for FTP and
8099 for the monitor server.
- ZServer now uses the zLOG logging mechanism for informational and
warning messages.
- ZServer now includes a fairly stable NT service ZService.py
- 'access' file now can use SHA-1 hashing, and now does by
default
- 'zpasswd.py' added to top directory to manage this
new 'access' file
- A number of changes have been made to enhance security
control in through-the-web-developed products:
- There are new "Permission" objects that can be added to
Products. Permission objects provide a mechanism for
defining new permissions. These new permissions show up in
folder security screens.
- Factory objects can have permission settings. This affects
whether items show up in add lists and who can use factories.
- Objects in products now have permission mapping rather
than direct permission settings just like ZClass methods.
- New permissions cannot be defined in ZClasses any longer.
Rather, ZClasses can select from global permissions,
including permissions defined with permission objects.
Here's a sample scenario:
1. Add a ZClass, "Container" with the option to create a
factory and constructor methods.
2. Add a permission object with the permission "Manage
Containers".
3. Change the permission of the factory created in step 1
to "Manage Containers".
4. Visit the ZClass created in step 1, view the "Define
Permissions" view and map the "Create class instances"
permission to "Manage Containers".
5. Visit the constructor DTML Methods created in step 1,
view the "Define Permissions" view and map the "View"
permission to "Manage Containers".
In this scenario, we created a ZClass and made it addable
only by users (roles) that have the "Manage Containers" permission.
- There is a new module, Shared.DC.THUNK
(lib/python/Shared/DC/THUNK.py) that provides a mix-in class
that implements ZODB 3 transaction protocols and that
provides course-grained locking logic that should allow many
non-thread-safe database adapters to be usable in
multi-threaded Zope applications. The Gadfly database
adapter has been updated to use this mix-in class.
- The transaction management mix-in classes (Shared.DC.TM.TM
and Shared.DC.THUNK.THUNKED_TM) now provide a lower-level
transaction management protocol. Database adapters that mix
these in should:
- Call 'self._register()' when performing database
queries, and
- If necessary, override methods:
_begin() -- Which is called to begin a transaction,
_finish() -- Which is called to finish a transaction,
and save changes, or
_abort() -- Which is called to abort (rollback) a transaction,
and discard changes, or
- Object export now provides an XML export option and import
files may be in Zope export format or XML format.
- Zope objects that support the Zope management framework now
support the DOM 1.0 read interfaces. This allows DOM read
methods and attributes to be usable with Zope objects and
Python DOM tools, like FourThought's 4XSL to work with Zope
objects.
Note that DOM-defined attributes are defined with "get"
methods. For example, to get the DOM-defined "parentNode"
attribute, use: 'object.getParentNode()'.
- The pyexpat extension module for using James Clark's
expat library for parsing XML is included in the
distribution as Shared.DC.pyexpat.
Bugs Fixed
- You can no longer cd to an acquired directory in ZServer FTP.
- A number of changes were made for thread safety. This was not as
hard as it sounds, since persistent objects are always
thread-safe. (Well, only one thread accesses any particular
copy of a persistent object.) The biggest issue here is
mutable global variables, mutable objects stored in classes,
mutable default Python function arguments, and global
variables in extensions.
Zope 2.0 alpha 4
Backward incompatibility
- The old ZopeHTTPServer is no longer supported or included.
Use ZServer.
Features added
- The let and return tags were added to DTML.
- Several new input form types were added:
:default -- allows you to specify default values
:record -- allows you to combine multiple form variables
into a single input variable.
For example::
<input name="date.year:record:int">
<input name="date.month:record:int">
<input name="date.day:record:int">
will result in a single variable, 'date', with
attributes 'year', 'month', and 'day'.
:records -- allows you to input a list of records (ie a
table)
:ignore-empty -- If the field if the value is an empty
string.
For more information, see the section on "Form variable
types" in http://www.zope.org/Documentation/Reference/Trinkets.
- In the startup script, z2.py:
- The startup script, z2.py, has additional documentation on
providing empty strings as arguments.
- Added a -P option to the startup script, z2.py, to specify a
base port for the various servers. For example::
python z2.py -P8000
is equivalent to:
python z2.py -w8080 -f8021 -m8099
This is a convenient short-hand for systems with many zserver
instances running.
- Added an -l option to the startup script, z2.py, to specify
the location of the ZServer hit log. If the location is a
relative path, then it is assumed to be rooted in the 'var'
directory.
- A progress indicator was added to the database conversion
utility, utilities/bbb.py.
- The PCGI installer now writes the PCGI info file to use ZODB 3
rather than ZODB 2.
- The default content is provided in both ZODB 2 and ZODB 3
format.
- There is a new logging framework for reporting errors from
Python-level code. See the module zLOG.py for details.
For the time being, to turn on logging, set the environment
variable STUPID_LOG_FILE to a file name or to an empty
string to log to standard error. We will eventually provide
a more formal and functional logging configuration
interface.
- The hooks used by objects that modify their environment were
changed. The new hooks are:
manage_addHook -- called after an object has been added
manage_beforeDelete -- called before an object is deleted
manage_afterClone -- called after an object has been
copied. This should only be used by object that
capture their identity is some way other than their
id attribute or persistent id. (It's really for
ZClasses, which have global ids.)
- Pack is now supported for ZODB3 File Storages.
- The header output by manage_tabs now shows whether the
current object has been modified or locked by a version and
shows the version if the version isn't the current working
version.
- The locked-in-version decoration in the object management
contents view shows the locking version if the version isn't
the current working version.
- Several demonstration ZODB Storage implementations have been
added. See lib/python/ZODB/DemoStorage.py and
lib/python/ZODB/dbmStorage.py.
- Subtransactions have been added (instead of temporary
versions). If a true argument is given in a transaction commit
or abort call (e.g. 'get_transaction().commit(1)'), then
the commit or abort applies to a subtransaction of the
current transaction. This is useful in a number of ways,
including:
o Subtransaction commits on requests that work with lots
of data can reduce memory usage because data can be
removed from memory after changes are saved in a
subtransaction,
o You can rollback changes due to a local error without
rolling back *all* of the changes made in a long
transaction.
- There is an advanced interface for specifying alternate
storages for Zope. Zope will try to import the module
'custom_zodb' from INSTANCE_HOME and use it's Storage
attribute.
For example, to use a Demo storage based on the standard
File storage, you might define a 'custom_zodb' module with::
import Globals, ZODB.FileStorage, ZODB.DemoStorage
name='%s/Data.fs' % Globals.data_dir
base=ZODB.FileStorage.FileStorage(name, read_only=1)
Storage=ZODB.DemoStorage.DemoStorage("Demo (%s)" % name, base)
- Find can now search text of SQL methods.
- DTML tree tags now have a reverse option.
- ZClasses now have class ids. These class ids are registered
in a central registry and are used when unpicking instances.
- Database connections now have a sync method for
synchronizing the connection with saved data. This is
useful for interactive connections to see database changes
made by other threads.
- Errors encountered when trying to unpickle object state are
now logged, if logging is enabled.
- Added an extra checkpoint to ZODB 3 FileStorage Transaction
commit to better handle system crashes.
- ZPublisher request objects now have a BODYFILE key to get
the request body as a file for non-form non-GET requests.
- Cookie support was added to the ZServer FTP server to make
FTP access compatible with cookie-based authentication.
- ZServer now includes a NT Service, 'ZServer.py' This service
requires the Python win32 extensions. It is not yet complete
and not yet integrated with the Zope installer. It does however
include a large doc string.
- ZServer is officially using the z2.py start script now. The old
start.py and zinit.py were removed. Note: z2.py will call zdaemon.py
for you, if you want to use ZServer in daemon mode on Unix.
- Added a 'has_permission' method to user objects. This facilitates
finding out if a user has access to a given object. For example::
<!--#if "AUTHENTICATED_USER.has_permissions('View',someObject)"-->
- The product add list is now filtered. This should keep
objects out of the product add list for which the user does
not have adequate permissions. This is implemented with a
new method, 'filtered_meta_types' which returns all the
meta_types for which a given user has permissions. Note:
Right now ZClasses do not associate permissions with
Products. Thus all Control Panel Products appear in the
product add list, no matter what roles the user has.
- HTTP REQUEST objects now use HTML in their string representation.
- The REQUEST keys of the form BASEx and URLx, where x is
an integer now allow x to be greater than 9.
- index_html is not longer used automatically for XML-RPC
requests.
- ZPublisher debugger, 'ZPublisher.test' now accepts a 'extra'
keyword argument with a dictionary giving extra variables to
be added to the request. This is handy for testing methods
that require large amounts of input data, such as file uploads.
- The load_site utility ('utilities/load_site.py') now accepts
a '-9' switch to make it work with Zope (and Principia)
sites at revisions 1.9 and lower.
Bugs fixed
- Got rid of some DOS line-endings in xmlrpclib.py that caused
install-time module compilation to fail.
- Fixed DOS line-endings in medusa/max_sockets.py
- Fixed a NameError (missing TupleType) definition in
the export/import (copy/paste) machinery.
- The startup script failed on Windows because it imported the
posix module without checking the os.
- ZServer crashed when the number of simultaneous connections
exceeded a system limit, especially on Windows. ZServer now
stops accepting new connections when the number of active
connections exceeds a threshold.
- Accessing cached results of items() (or values() or keys())
calls on BTrees caused core dumps if affected elements were
deleted. For example::
for k in abtree.keys():
del abtree[k]
Note that this code is still incorrect due to the fact that
the objects returned from abtree.items() (or values() or
keys()) have reference, rather than copy semantics.
- Compiling Acquisition.c caused (bogus) compiler errors on
SGI.
- zdeemun wus mispeled
- Local roles were not handled correctly when filtering
management views.
- Copying and pasting ZClass instances copied and pasted their
ZClasses too, effectively disconnecting them from their
managed ZClasses. The same thing happened when ZClass
instances were exported and imported.
- The Database area in the control panel was broken.
- Copy and paste of multiple objects was broken.
- Copy and paste of ZClass methods was broken.
- Copy and paste of ZClass properysheets was enabled and
broken. It is now disabled.
- Accidental import of BoboPOS in processes using ZODB (3)
caused strange errors.
- A bug in batch processing caused batch processing to hang or
give incorrect results.
- DocumentTemplate-based classes, like DTMLDocument and
DTMLMethod could not be subclassed correctly.
- There was a memeory leak in the DTML try tag.
- When adding folders with user databases, no check was made
to make sure the user was permitted to add a user database.
- Broken objects weren't created for objects whose class could
not be found when using ZODB 3.
- The 'self' argument wasn't properly passed to external
methods used in ZClasses.
- The Setup file in the SearchIndex package had an unneeded -I
option that caused compilation errors on some platforms.
- ZGadflyDA transactions were not committed.
- ZClasses didn't provide an interface to edit their titles.
- Propertysheets were broken for ZClasses that inherited from
built-in classes, like Folder and DTMLDocument.
- Propertysheets were disabled for instances by default. Now,
propertysheets have the "manage properties" permission by
default.
- The navigation pane wasn't updated when classes were added.
- Changes in ZClasses were not properly propagated to all
database connections using ZODB3.
- Database connections were not closed correctly under heavy
load when the number of application threads exceeded the
number of database connections in the connection pool. This
lead to Zope locking up under load if the application thread
count was increased using the z2.py -t option.
- undo in ZODB 3 didn't properly refresh objects.
- export and import was broken for ZODB 3.
- Fixed ZServer HTTP zombie killing. Now hung connections are
successfully closed.
- A bug in handling the case when a file was created on open
without the create flag caused weird errors on windows.
- The REQUEST BASE1 key was not computed correctly when
SCRIPT_NAME was an empty string.
- It was impossible to return an empty list or dictionary to
an XML-RPC request.
- The database conversion script fails when the first record
in the input file lacked properly-formatted transaction
data. The conversion script also didn't work on some
systems due to an incorrect 'flush' call on the *input*
file.
- Factories that were also ZClass methods didn't get
unregistered properly when they were deleted.
Zope 2.0 alpha 3
Features added
- XML-RPC support
All Zope objects are now XML-RPC servers.
- ZODB 2 (aka BoboPOS) to ZODB 3 FileStorage database conversion
An option has been added to the bbb.py script in the
utilities directory to convert ZODB 2 database files to ZODB
3 format. The bbb.py script now accepts an '-f' option that
takes an argument specifying an output file name. For
example, to convert the ZODB 2 data file, Data.bbb, in the
var directory, to ZODB 3 FileStorage format::
python utilities/bbb.py -f var/Data.fs var/Data.bbb
Note that version data are not converted.
- In Z Classes, Methods and Property Sheets now have a "Define
Permissions" management tab to map permissions. This tab used
to be labeled "Security".
- ZServer's FTP server now attempts to display an object's owner
as defined in local roles.
Bugs fixed
- The cache management screens were broken
- Local roles on DTML Methods and Documents were not persistent.
- ZServer's select trigger has been updated and now shouldn't give
errors when running ZServer as another users.
- The tree tag used persistent object ids in ways that were
not compatible with ZODB 3. This caused strange behavior
like weird content-types and invalid state messages.
- The DTML In tag no longer handled batch processing correctly,
and sometimes got into infinite loops. This was due to a very
old bug that was made effective by Python 1.5.2.
- Objects that could not be loaded because their implementing modules
(or packages) had been removed were not handled properly as
broken objects when ZODB 3 was used.
- The DTML Python string format did not allow expressions for
simple variable insertion. Expression insertion is now
allowed if the var tag name if the var tag name is supplied,
as in::
%(var expr="x+1")s
Note that, because of this change, the var tag name must
also be supplied when a variable named 'var' is inserted, as
in::
%(var var)s
Zope 2.0 alpha 2
Features added
- There is a new optional EXPERIMENTAL HTML DTML syntax. As
an alternative to SSI syntax, you can now use ordinary HTML
syntax, as in:
<dtml-in objectIds>
<dtml-var sequence-item>
</dtml-in>
You can also use an entity-reference syntax for the var tag
as an alternative to the tag syntax. For example::
&dtml-foo;
is equivalent to::
<dtml-var foo>
and is especially handy in attributes::
<a href="&dtml-foo;">
Both the new syntax and the SSI syntax are allowed in the
same document. In fact, if you were really twisted, you
could:
<dtml-in objectIds>
<dtml-var sequence-item>
<!--#/in-->
IMPORTANT
This feature really is EXPERIMENTAL. It could disappear
someday, depending on how people like it. We'd really like
to get feedback on how useful this feature is.
- reverse options were added to the in and tree tags.
- The startup script, z2.py, has a -D option to turn on
debugging mode.
- Made environment variable settings work with the http
server. So now you can do things like ./z2.py -w 8888
SCRIPT_NAME=Zope and actually have the specified SCRIPT_NAME
override the normal SCRIPT_NAME. This is Useful for using ZServer
behind a proxy.
- Added support for the Medusa monitor server.
- There's a first cut at a ZServer NT service. This is Zope on
NT's answer to zdeamon.py
It actually seems to work, though there's still a fair
amount missing.
- The error messages for missing or miss-formatted access
files was improved.
- A new debugging method, manage_debug, has been added to
Control_Panel to monitor the Zope process for possible
memory leaks.
- The name, 'this', has been added to the namespace available
to construction methods to provide a function for computing
the destination object. The name, 'this' is essentially
equivalent to 'Destination' and 'Destination' will be
deprecated eventually.
- The title of the main Zope management interface now includes
a full URL.
- Folders that have (or acquire) index_html methods now have
view tabs for viewing index_html.
- On browsers that support Java Script, the "Add" button is
omitted and the add form is visited as soon as a selection
is made from the select list.
- The python-pickle format used to export data from ZODB 2 was
updated to handle string data differently.
- Update syslog clients to try for SOCK_DGRAM first, since newer
syslogd won't accept SOCK_STREAM connections (Collector #888).
Bugs fixed
- A number of bugs and features were left out of the
release notes for Zope 2.0 alpha 1. The notes for
Zope 2.0 alpha 1 have been updated substantially.
- There was a serious memory leak introduced when a security
bug was fixed in 1.10.0.
- There was a memory leak in ZODB 3 persistent objects, which
now manage object IDs as persistent objects.
- The Python 1.5.2 cgi module didn't work with Zope.
Zope now includes its own fixed version of the module.
This bug caused FTP, Netscape Publishing and WebDAV to fail.
- A bug in transaction management caused Gadfly requests to
fail. Other database adapters need to be updated.
- Running ZServer as nobody failed due to the order in which
the log file was opened.
- Added fix contributed by Brian Hooper for HTTP Clients which
don't always spell their HTTP headers correctly.
- A number of classes didn't get there reference-counts
reduced when instances were destroyed. This confused the
new memory allocation monitoring tool.
- New user folders had no effect because they did not get
properly registered in their containing folders.
- Changes made to factory objects were lost when a process was
restarted.
- Clicking on the 'Help' caused the help information to be
displayed in the current frame, rather than in a new
window.
- Shutting down Zope attempted to save the database index even
when Zope was run in read-only mode.
- A number of fixes were made in the Date-Time support.
- Batch processing in the in tag sometimes failed.
- Sites with custom roles in the top-level application
object did not pick up the new 'Owner' role.
- Content-type detection had problems in DTML documents and
methods.
- Some cookie expiration dates used 2-digit years.
- Error values for errors raised by ExternalMethods were lost.
- Values returned by absolute_url were not URL quoted.
- Extra newlines were prepended to documents when they were
edited.
- Objects ids were not properly quoted in a number of places,
because id quoting was unnecessary until recent relaxation
of the rules for ids.
- ExternalMethods are now automatically reloaded when running
in debug mode.
- Search interfaces generated by the search interface wizard
no longer include a "Cancel" button.
- Errors were masked by a bug in handling ZODB3 transaction
aborts.
- The ZODB 3 cache manager deactivated objects too quickly,
causing performance to degrade.
- BASEx request variables were not computed correctly when
SCRIPT_NAME was not empty.
- The URLx variables couldn't be computed in some cases when
using ZServer.
Zope 2.0 alpha 1
BACKWARD INCOMPATIBILITY
- A change was made to the way ZClasses are constructed.
Previously, the __call__ method was an alias for the
index_html method which took took an id and a request
and created a new instance and added the instance to
the destination.
Now, the __call__ method simply calls the underlying
managed class with the supplied arguments to create and
return an instance. The instance is not added to a
folder.
The index_html method is now an alias for the
createInObjectManager method, which does what the
index_html method did before.
There is a new method, fromRequest, that takes an id
and a request and creates a new instance. It does not
at the instance to a destination.
Features Added
- Integration of ZODB 3
- The ZClass construction interface has been cleaned up to
make construction of ZClasses a little easier from Python.
- When adding ZClasses, there is now an option to
automatically create construction methods and a factory.
- "Management" screens now *only* show tabs a user permitted
to see. Used in combination with carefully selected roles,
this change provides an adaptable management interface.
- Instance homes can now have local Products directories.
- There is a new ZServer start up script that can be used without
modification and that integrates process management. This
script replaces the ZServer 'start.py' and 'zinit.py' scripts.
- When the new startup script is used, then the control panel
shows a "Restart" button which causes the Zope process to
exit and be restarted and a "Shutdown" button that causes Zope
to exit and not be restarted.
- There is a *very* rough cut at a centralized version manager
in the control panel. This is only functional when the
ZODB3 database is used. This feature will mature
significantly before the final 2.0 release.
- A new Zope icon was added, and the "powered by Zope" icon
has been updated.
- Made DTMLDocuments, DTMLMethods, Images, Files and Folders
subclassable by ZClasses.
- ZClass property sheets can now have read and modify
permissions.
- An "add list" name can be specified when creating a ZClass.
If specified, then construction methods and a factory are
created. This makes the class immediately instantiatable and
provides construction method examples.
- The ZClass basic property sheet now shows base classes.
- Changed the string representation of HTTPRequest so that
<!--#var REQUEST--> is a lot friendlier.
- Added a Zope debugging short cut.
Now::
import ZPublisher
ZPublisher.Zope(path)
is a shortcut for::
import ZPublisher
ZPublisher.test('Zope', path)
Bugs Fixed
- ZClass permission setting interfaces didn't show inherited
permissions.
- A number of bugs arising from attempts to set
caching headers were fixed.
- Some default permissions were not set correctly.
- The unused non-functioning resource-consuming Scheduler has
been removed.
- Access was given to objects without roles even if access
would be denied to the container.
- Fix submitted by Martijn Pieters:
Any property type int or long, set to 0, showed up in the
Properties Management tab as blank. This resulted in errors
when trying to change values of other properties, etc.
- Version names were computed incorrectly.
- Delete and rename were broken for ZClasses.
- It wasn't possible to override inherited attributes with
methods in ZClasses.
- Property values were not removed from ZClasses when property
sheets were deleted. This made it impossible to re-add a
property from a deleted property sheet.
- Generated property view and edit forms for ZClass property
sheets had a number of problems.
- The propertysheets property sheet should only allow addition of
property sheets.
Zope 1.11.0 pr1, which should have been named Zope 2.0.0 alpha 0.
Lots has changed in this release. The major news is ZClasses and WebDAV.
Features Added
- Added WebDAV support. See http://webdav.zope.org/ for details.
- Added Z Classes. Documentation is forthcoming.
ZClasses might be viewed as somewhat experimental, although
we're using them aggressively for internal projects.
- Added Property Sheets. Documentation is forthcoming.
- ZServer now included in distribution.
- Added new product registration interface. Documentation is
forthcoming.
- Added local roles which allow for permission settings for
users on individual objects. This allows for 'ownership' of Zope
objects. Added 'Owner' role to default roles, and automatic
setting of the 'Owner' role on a created object to the user who
created it.
- Added hooks for XML-RPC support to ZPublisher. See the source
for details. XML-RPC support is not yet finished.
- Added automatic height/width detection for JPEG images.
- Revised Zope error messages.
- A new DTML 'try' tag added based on work by Jordan B. Baker.
See the source for details. Documentation is forthcoming.
- A new DTML 'mime' tag has been added. See the MIMETools README.txt
for more information.
- A new 'range' function added the the '_' DTML variable.
- A new 'utilities' directory is included in the distribution.
- A new flag attribute, 'only', of the DTML 'with' tag
prunes the DTML namespace to only the namespace created
with the with tag.
- Added contributed support for encoding options in the SendMail
tag and MailHost send method.
- Management tabs are now prettier and allow status messages with
the manage_tabs_message variable.
- Added a method of notifying users of changes without using a
MessageDialog. This makes editing DTML Documents and Methods
easier.
- Added more documentation to Product add screens.
- New icons for many Zope objects.
- Sessions are now known as Versions.
- Changed from using 'manage_main' as default management method to use
'manage_workspace' which is a reserved method that dispatches to the
default management interface which is the first interface defined
in manage_options
- Permission settings are now inherited by Products from their base
classes. This means when you build a Product you only need to specify
its particular permission settings.
- Changed ZPublisher.publish_module's interface so that instead of
providing a stdin, stdout, and stderr, you can provide a Request and
a Response object. ZServer makes extensive use of this feature.
- Added methods to HTTPRequest to allow access to ZPublishers object
traversal. HTTPRequest.clone and HTTPRequest.resolve_url. See the
source for more details.
- Added a new "builtin" function reorder to DTML.
reorder(s, [with, without]])
Reorder the items in s according to the order given in with
and with items mentioned in without removed. Items from s
not mentioned in with are removed.
s, with, and without are all either sequences if strings
or sequences of key-value tuples, with ordering done on the
keys.
This function is useful for constructing ordered select lists.
Bugs Fixed
- Added small fixes to ZopeHTTPServer in anticipation of DAV.
- Construction, upload, and edit methods did not consistently
support either string or file data. This caused really weird
behavior when file upload was used with out including the
':string' suffix in the argument name when doing a file upload.
This bug was previously (and incorrectly) reported as a
ZPublisher.Client problem.
- Errors in ExternalMethods were masked by bugs in error
reporting logic. The bugs were made far more effective
by Python 1.5.1.
- Databases (or export files) created in binary distributions
were not usable in source distributions due to cPickle
limitations in stock Python 1.5.1. We now link/copy the
cPickle extension to BoboPOS to make sure that it uses the
latest version.
- Fixed registration of MailHost settings and incorrect default
quoted-printable encoding of message bodies.
- Added contributed patch that fixes bug in copied-object id
generation.
- DTML Documents and Methods now attempt to determine their
content-type rather than assuming they are text/html.
- Fixed PUT bug in determining content-type of binary files.
- Added changes that allow the top level userfolder to be replaced by a
UserDB or other userfolder-like object.
- Fixed an FTP support bug that sometimes kept simple items from
producing FTP listings.
- Added URL1 instead of "." as the form target for the workspace forms --
using "." causes NS servers to intercept the request and report an
error, making Zope effectively unusable.
- Added ZPL 1.0 and credits to copyright link in management screen.
- Fixed a bug that prevented validate() from working if the top-level
object were accessed and no default object (index_html) existed.
- Fixed a logic bug in security validation that allowed access to
unacquired objects that didn't have __roles__ even if the
containing object was protected.
Zope 1.10.2
Bugs Fixed
- Fixed a permission problem with DTMLMethod objects that caused
errors when attempting to commit permission changes.
- Factories could not determine the available methods
when they were being edited, making them uneditable.
Zope 1.10.1
This is a Python 1.5.2 beta 2 compatibility release.
A Python C API change in Python 1.5.2 beta 2 broke
Zope. This release contains a fix.
Zope should work correctly with Python 1.5, 1.5.1 and
beta versions of 1.5.2.
Zope 1.10.0
New Features
- Added Import/Export interfaces to Folders.
Bugs Fixed
- Fixed a bug in ZopeHTTPServer which caused it to fail on POST
requests without content-type headers.
- PUT and file uploads would fail if the content-type could
not be determined. Now objects created via PUT and file
upload will default to either 'application/octet-stream'
for binary files or 'text/plain' for non-binary files if
no content-type can be determined from headers or filename
extensions.
- Fixed a permission bug left from a change to the Find support.
- Fixed misc typos in docstrings and docs.
- Fixed a bug that kept objects from being freed from the cache!
Basically, there was never a check for inactive objects.
- MailHost objects didn't do appropriate CRLF conversion or
recognize 4xx server responses.
Zope 1.10.0 pr1
New Features
- Documents generated by the search interface wizard
no longer use tab characters.
- Added a -s option to ZopeHTTPServer. This is useful
for emulating older sites when generating screen shots
for creating or updating documentation.
- Default bobobase now includes a Zope button along with a link
to the Zope site. This satisfies the ZPL attribution requirement.
The button is created by a new builtin method
'ZopeAttributionButton'. Also, both the source and the binary
distributions now have the same default bobobase.
- Made the logic for getting SOFTWARE_HOME a bit more robust, so that
it handles relative paths and paths starting with '.' and '..'.
This is useful when simply importing Main from the Python
prompt in the lib/python directory.
- The ThreadLock module has been changed to reflect changes
in the Python API in Python 1.5.2.
- The '_' variable in DTML now has the random module
as an attribute and DateTime.DateTime as the attribute DateTime.
- Added keys() and items() methods to the REQUEST object.
- Added get_header() method to the REQUEST object for retrieving
HTTP headers.
- New SearchIndex package and BTree component have been added to
the distribution, providing low-level support for products with
built-in searching such as Tabula and Confera.
- Documents have now been split into two distinct object types:
DTML Documents and DTML Methods. DTML Methods behave exactly
as Document objects did. DTML Documents are similar except that
the "client" or "self" of a DTML Document is the DTML Document
itself rather than its parent, and DTML Documents can have
properties.
- DTML Documents, Image and File objects can now have properties.
- A new PropertyManager mixin class allows developers to easily
add properties and property management to non-Folder objects.
- Added a new absolute_url method which can generate an absolute
url for the object on which the method is called.
- GIF and PNG Images now figure out their own dimensions when
uploaded. Image height and width properties are now editable.
- Images now generate themselves as html IMG tags, using an absolute
url and correct height and width tags if possible.
- There is a new form input type, boolean, for inputing boolean
data.
- Added a read_only option to the SimpleDB.MultipleRevision and
PickleDictionary constructors to open a database in read_only
mode.
- Added an environment variable, ZOPE_READ_ONLY, used by the
Zope framework. If this variable is set, then the database
is opened in read only mode. If this variable is set to a
string parsable by DateTime.DateTime, then the database is
opened read-only as of the time given. Note that changes
made by another process after the database has been opened
are not visible.
- Added a database_quota option to the SimpleDB.MultipleRevision and
PickleDictionary constructors and a
SimpleDB.MultipleRevision.set_quota method to set a database
quota. The quota is given as either an integer number of
bytes, or a function taking an integer number of bytes
argument and returning whether the quota has been exceeded.
- Added an environment variable, ZOPE_DATABASE_QUOTA, used by the
Zope framework. If this variable is set, it should be set to
an integer number of bytes. Additions to the database are
not allowed if the database size exceeds the quota.
- Added size and last modification time to DTML Method and DTML
Document edit interface.
- Added a new module, BoboPOS.winlock, that provides file
locking on windows. This should prevent many cases of data
corruption.
- Added FTP support to Documents, Files, Images, and Folders.
FTP interface is detailed in OFS/FTPInterface.py though it may
change. Basic FTP support was also added to SimpleItem to make
it easier for Zope objects to support FTP.
Bugs Fixed
- Permissions for manage_clone method were wrong, meaning that
essentially only managers could use it.
- File paths that showed up in tracebacks reflected the paths the
files had when they were compiled (at distribution build-time).
The compiled-in paths have been changed to be relative to the
Zope installation directory.
- Fixed a bug in ZPublisher's special handling the "cancel"
submit buttons. The test for the cancel button was case
sensitive. I changed it so it would accept any case, as
well as extra spaces.
Cancel buttons should probably be handled using the new
:method form type, but this would require the presense of an
appropriate redirect method. Perhaps there should be
a :redirect form type.
- Date strings with years < 31 were not accepted, even
through the documentation says they should be.
- If Zope crashed or was unable to completely write a database
record, then on restart, a data corruption error was reported.
Now, truncated records are removed if necessary on start up.
If necessary, other records are removed as well to avoid
partially-written transactions.
- Lack of sys.argv in the win32 service version of Zope caused
it to raise errors under certain conditions.
- Several HTTP PUT related bugs were fixed.
- Simple items did not have an objectValues method, which caused
odd behavior in certain tree tags since the method would be
acquired from the parent of the simple item.
- The Find form in the management interface depended on javascript
to function properly.
- Added a fix to compensate for the fact that Apache servers may
rename the entire cgi environment when mod_rewrite rules are
used in .htaccess files.
- If system clocks were changed, so that database records
had records in the "future", then database corruption could
either occur or be incorrectly reported. Now this situation
results in an informative error message and corruption does
not occur.
Zope 1.9.0
New Features
- Zope now provides better information about products. If a
Product has a README.txt, then it will be readable through
the product management interface.
If a product encounters an error during startup, the
traceback is available through the product management
interface.
- Cache statistics are displayed in minutes, rather than
seconds.
- Products can define the attribute '__module_aliases__' in
their '__init__' modules that specifies aliases for modules
used in the product. This is useful if module names have
changed and the database contains pickles refering to the
old modules. The attribute should be a sequence of
tuples. Each tuple has a (dotted) module name and a module.
Bugs Fixed
- Development on ZopeHTTPServer has been frozen in anticipation
of the switch to Medusa. Therefor ZopeHTTPServer still does
support PUT. Sorry.
- ZPublisher.Client used the obsolete rand module.
- Errors occuring during product import caused Zope to fail to come
up.
- Product version information was not displayed correctly.
- ZGadflyDA cached table meta-data which lead to missleading
information when browsing databases.
Zope 1.9 beta 3
New Features
- Z SQL Methods (FKA Aqueduct) and the Z Gadfly Database Adapter
are now included.
- The argument handling for ZopeHTTPServer has been changed to
be a bit more flexible wrt the order of argumements.
While options must still come first, environment settings
can be given in any order. This makes startup scripts loke
serve.py quite a bit simpler.
- ZopeHTTPServer now sports preliminary support for PUT publishing.
- ZopeHTTPServer now serves from port 9673 by default, not 8080.
Bugs fixed
- The start.bat file used to start ZopeHTTPServer on win32 was
misnamed and didn't correctly pass command-line arguments.
- Win32 machines without an existing Python installation had problems
due to PYTHONPATH bootstrapping.
- The included ZopeHTTPServer was failing to start correctly on
win32 machines that were not connected to the network.
Zope 1.9 beta 2
In addition to various documentation updates, this release includes:
New Features
- Changed serve.py to accept ZopeHTTPServer command-line options.
- Added a -P option to the ZopeHTTPServer to specify a file
to contain the process ID. This allows a script to stop
the process on Unix.
- Added support for the environment variables, Z_REALM and
Z_DEBUG_MODE to set an authentication realm and to
enable debug mode.
Bugs fixed
- External methods were broken due to differences in
Python 1.4 and Python 1.5 comparison semantics.
- ZopeHTTPServer command-line environment settings
were not available in os.environ.
- Some class references were wrong in examples in the ExtensionClass
documentation.
- INSTANCE_HOME was not set correctly when the debugger was run
with a relative path to the published module.
- The #! line in the ZopeHTTPServer was hidden by the copyright
statement and didn't have the right path.
- A bug in pcgi_publisher.py caused file uploads larger than 1 MB
to fail.
Zope 1.9 beta 1
Bugs fixed:
- pcgi did not build correctly on Solaris 2.6
- links in headers were broken when Zope was reached with
/, as is the case when the ZopeHTTPServer is used.
- Python sources used tabs and spaces for indentation, which
made some people unhappy.
- Copyright statements were missing or out of date.
- Added better instructions for building and running Zope.
- Added new Zope License and attribution information.
- Merged BoboHTTPServer updates with ZopeHTTPServer. Including
socket changes to allow easier stopping and starting.
- Shutting down the ZopeHTTPServer from the application
caused an empty document to be returned.
- The install scripts failed if run more than once when attempting
to create a var directory.
Features
- Added (and old version of) the zlib module to make
installation simpler.
- Zope requires an access file. The install scripts now create
one.
Zope 1.9 alpha 1
This was the inital Zope test release.
Futures
Things we plan to happen real soon (maybe next release)
Features
- include a serve shell script along the lines of:
#!/bin/sh
python serve.py > var/serve.log 2> var/serve.errors &
Note that this script should be written by the installers
and use sys.executable.
(Brian)
Bugs
- Chase down weird bugs reported by Michel Pelletier.
Things to do sometime
Features
- Better deamon management for ZopeHTTPServer, Medusa,
and pcgi-LRP (when pcgi wrapper gets out of process
management business).
(Note that there is some experimental code along these
lines in principia main.)
- Need make_clean.py that:
- runs make clobber for the extensions
- runs make clean in pcgi
- prints an message reminding user to manually remove var
(brian)
- The default access file should be handled a little differently.
The installer should make people enter values, the default
should have a randomly generated password, or the default should
be ommitted.
Bugs
doc/HISTORY.txt
0 → 100755
View file @
eb3c8bf9
Zope history
This file contains change information for previous versions of
Zope. Change information for the current release can be found
in the file CHANGES.txt.
Zope 2.2.0 alpha 1
Features Changed
- Added a new security policy architecture and object ownership
to address the server side trojan issue. The new architecture
cleaned up various places where Zope code did authorization
checks. A side effect of the new policy is that it is a bit
more strict than it used to be - objects without explicit
protection to which access was previously allowed will now
be denied. There is a new declarative method for providing
access to such objects, which has been applied to certain
previously unprotected Zope objects that DTML writers are
accustomed to having access to. See the SecurityPolicy
wiki pages on Zope.org for further information.
- Added a new online help system. Help is now available for
standard Zope objects. Zope developers can add help for their
Python Products and Control Panel Products. See HELPSYS.txt
- Added logic to increase the Python interpreter "check interval"
that should provide at least a 20% performance improvement for
most Zope sites. Also added a new -i option to z2.py so that
Zope users can pass in alternate values (the default is 120)
for the check interval. This lets users experiment and tune
the interval for the best results in their particular system
environments.
- The message returned when an empty result set is returned
from a ZSQL Method has been clarified.
- In the load_site utility:
o Added logic to try and figure out a path to ZPublisher if
one was not provided.
o Added an option, -I, to automatically add an index_html
method that redirects to index.html or index.htm.
- Record objects returned by ':record' form-marshalling tag have
been enhanced to act like mapping objects.
- The ZServer startup script, z2.py, now allows all servers to be
disabled with a single option,
- The ZServer startup script, z2.py, now allows all multiple
HTTP, FTP, or monitor servers to be run.
- The ZServer startup script, z2.py, now allows separate IP
addresses to be specified for each HTTP, FTP, or monitor
server.
- Added 'urlparam' attribute to tree tag to allow propagation
of extra parameters through tree URL's (Collector #1045).
- When renaming objects, the old id is provided as the
default value for the new id.
- Allow non-sliceable keys in PersistentMappings (Collector #1064).
- Use smtplib in implementing MailHost/sendmail (Collector #1005).
- Allow call to get() w/o explicit default in PersistentMapping
(Collector #1182).
- Allow rename of multiple items (Collector #1065).
- Allow expr syntax in <dtml-mime/boundary> for type, disposition,
encode, name, filename; add skip_expr (Collector #892).
Bugs Fixed
- Fixed problem with extra PermissionMapping objects being in
the aq_parents hierarchy during traversal when a method was
being accessed a ZClass defined instance method.
- Fixed ZCatalog 'Find to ZCatalog' with expressions problem.
- Fixed broken links in ZCatalog 'Cataloged objects' view.
- FTP directory listings were not sorted.
- Improved FCGI support in ZServer.
- Improved ZServer streaming, including fixing chunking and
keep-alive support. Chunking is now done by default with
HTTP 1.1 clients. Fixed possible problems with large responses.
Thanks to Toby Dickenson.
- ZServer's FTP server no longer binds to all interfaces.
- Fixed a bug which caused File objects of type 'text/html' be
have the wrong Content-Length set.
- A bug in SQL methods could caused results to be returned without
an acquisition context. This could cause methods provided
via ZClass brains to be inaccessable due to the dependence of
ZClass method security on a correct acquisition environment.
- Fixed tree tag so that expand_all and branches_expr play nice
(Collector #919).
- Suppressed "private" names from catalog indexes/meta-data
(Collector #1076).
- Allowed strings with linebreaks as data in Gadfly queries
(Collector #972).
- Added note to WEBSERVER.txt pointing out security issues with
REMOTE_USER mode (Collector #733).
- Fixed colspan counting in tree tag (Collector #913).
- Logging enabled with the -D option to the z2.py script did
not include traceback information and was not performed
during Zope startup. This made finding startup errors
difficult.
- The logic for reparsing the dtml files used for the Zope management
screens while in development mode was broken - it was reparsing
system dtml files on every request.
- Correct DateTime docstring to remove spurious 'negative offset'
language (Collector #1074).
- Clean up pointer cast to suppress compiler warning in zlib.c
(Collector #1190).
- Guarantee null-terminated buffer in Record_init() so
Record_compare() doesn't UMR (Collector #1012).
- Clean up use of PData for large images (Collector #1061).
- Fix overflow exception in statistics of <dtml-in> (Collector #1089).
- Check for invalid characters in whole id, not just first character
(Collector #1131).
- Prevent unintentional exceptions from blocking manage_beforeDelete;
added OFS.ObjectManager.BeforeDeleteException to allow an object
to veto its deletion (Collector #1183).
Zope 2.1.6
Bugs Fixed
- Some bits from the 2.2 line inadvertantly got into the ZRDB
package during the SQL Methods update which caused errors
for certain database adapters.
- A fix to the logic in Acquisition for aq_acquire caused a bug
in the handling of inner ZClasses.
Zope 2.1.5
Bugs Fixed
- Fixed a problem with the permission declarations for the Image
and File classes. The problem made it impossible to change the
'View' permission for File objects.
- Added logic to setgid() to the user's primary group if z2.py
is run by root.
- Fixed a bug in TimeStamp objects that produced a wrong
date/time representation for bobobase_modification_time.
- Changed _checkId in ObjectManager to disallow REQUEST as an
object id.
- Fixed a bug that could allow someone with a lot of Zope zen
to change the apparent AUTHENTICATED_USER to access things
that they shouldn't.
- Fixed a bug in ZServer that could cause server hangs under
certain heavy load conditions.
- Fixed a remaining '.' form target that we missed in the Zope
rename form. This caused rename to fail for Zope installations
running behind Netscape servers.
- Fixed a potential buffer bug in PCGI reported by Larry Luther.
- In the load_site utility, binary files were misshandled on
windows.
- Fixed manage_renameObject to be willing to get the REQUEST
via acquisition, making it easier to use from DTML.
- Changed the expireCookie method of FTPResponse to fail
gracefully when attempting to delete a cookie that does
not exist.
- Fixed a bug that caused a traceback when all members of a
multiple select property were deselected.
- The _validTime method of DateTime objects rejected time values
with fractional seconds between 59 and 60 (which caused problems
with some database date conversions).
- Changed id checking logic to disallow '/' in an object id.
- Structured Text had problems with '~' characters in URLs.
- Fixed a potential security hole that could allow users with
permission to add Folders and edit DTML (and a who have a
lot of Zope zen) to get access to things that they shouldn't.
- The internal templates used by SQL methods weren't correctly
applying the same access control constraints as standard DTML
objects.
- Fixed ZopeAttributionButton to open in the top-level of the
web browser.
- Fixed a problem with using the "scale" arguments to the tag
method of Image objects.
- Fixed a problem in the Acquisition module that could cause
objects accessed via aq_acquire to not be wrapped correctly.
- Fixed If-Modified-Since header handling for Images and Files.
Zope 2.1.4
Bugs Fixed
- Removed the "feature" that allowed the REQUEST object to be
traversed through the web. While useful for debugging, this
could be a security issue.
Zope 2.1.3
Bugs Fixed
- A race condition in the logic for managing Zope database
connections caused Zope to hang on very busy sites.
- A bug in the packing code that caused records to be
nreadable after:
o someone did work in a version
o Someone did an (unrelated) undo
o the version was committed
and the database was packed to a time before the work was done
in the version.
- Fixed a bug that caused packing to raise an
error in the following situation:
o someone modifies and then deletes an object
in a version.
o they commit the version
o the database is packed between the time the
object is deleted and the time the version
is committed.
- Fixed a bug that caused Zope to sometimes hang instead of
shutting down or restarting when accessed over a fast network.
- It wasn't possible to use a ZClass instance as a method of a
ZClass.
Zope 2.1.2
Bugs Fixed
- Thanks to Kevin Littlejohn's sleuthing, a sizable problem in
the security machinery in DTML has been brought to our
attention and resolved. The problem is most acute in
situations where untrusted people can edit DTML documents or
methods.
Zope 2.1.1
Bugs Fixed
- Conflict errors (multiple threads trying to modify the same
object) were not handled correctly for requests with
bodies (e.g. POST requests).
- ZODB FileStorage index files could become out of date after
an undo. This could lead to strange results and apparent
database corruption if Zope was shut down ungracefully and
restarted. Now index files are removed when undoing
records.
- Saving or discarding versions failed if a transaction that
added a new object in the version was undone.
- There was circumstantial evidence that a failure of an OS to
correctly delay writing to data to disk after Zope had
written it led to a corrupted database. Zope now makes an
'fsync' system call (where available on Unix systems) to
force data to be written to phusical storage when
transactions are committed.
- Some applicataions were writing empty transactions. The
FileStorage now checks for and avoids writing empty
transactions in this case.
- Multiple-selection properties didn't work in regular
property views, even though they did work in ZClass property
sheets.
- The Win32 WISE installer did not create a default Zope.cgi
PCGI resource file.
- The Win32 WISE installer script is now included in the /inst
directory of win32 installations by popular demand.
- An import problem caused the name "BTree" to be incorrectly
overwritten in TextIndex.py and UnTextIndex.py in the
SearchIndex package, which caused problems for some third-
party product authors.
- There were a number of problems with the load-site utility
(utilities/load_site.py):
o A recent change caused HTML files to have their headers and
footers replaced with var tags for standard headers and
footers. While this is sometimes very useful, it is
sometimes disastrous. This feature is now enabled with the
-D option.
o Handling of files with a '.dtml' extension was broken. These
are now handled correctly. Files with '.dtml' suffixes now
get uploaded as methods.
o A workaround for old sites that had a bug in Document (aka
DTMLMethod) upload has been disabled. This workaround is now
enabled when the -9 option is used.
The following bug fixes were accidentially excluded from 2.1.0:
- Redefining the "views" on a ZClass could incorrectly affect
the views available on instances of base classes of the ZClass.
- The new 'url' option to DTML 'var' tags did not work properly
for DTML and other callable objects.
Zope 2.1.0
Features Changed
- Enabled preliminary support for FastCGI to ZServer. This
allows Zope to communicate with web servers that support
FastCGI. Use z2.py's -F switch to configure FastCGI support
in ZServer. See WEBSERVER.txt for more information.
Bugs Fixed
- Redefining the "views" on a ZClass could incorrectly affect
the views available on instances of base classes of the ZClass.
- The new 'url' option to DTML 'var' tags did not work properly
for DTML and other callable objects.
Zope 2.1.0 beta 2
Features Added
- Added Oleg Broytmann's patches to utilities/load_site.py
that provide automatic parsing of title and property
information and inclusion of std headers and footers.
- Added Martijn Pieters' patches to DT_Try.py to implement
try/except/else and try/finally constructs.
- Virtual Hosting and SiteObjects. Virtual Hosting allows a
server that can multi-host, like Apache, to serve different
hosts from different Zope folders. 'SiteObjects' act as a
placeholder for a virtualhost.
Bugs Fixed
- Some problems with the product distribution machinery that
prevented product distributions from installing correctly
have been fixed.
- Description lines on the Undo screen were not HTML quoted,
which could cause problems rendering the Undo log if any
of the descriptions contained stray HTML tags.
- Bugs in the way that ZClass instances were pickled have
been fixed.
- Some long-standing indentation problems with the tree tag
have been fixed.
- The Zope database lock file was not properly closed.
- Linux and Solaris binary distributions did not contain the
python _locale module required for locale support.
Zope 2.1.0 beta 1
Features Added
- The ZCatalog now supports relevance ranking. Instead of
search results being returned in an essentially random
order, results are now sorted by 'score'. For text indexes,
the score is the number of occurrences of the search term in
a document. The score can be accessed by an attribute on
Catalog results 'data_record_score_' and
'data_record_normalized_score_' contain the score and
normalized score for the result object.
- Added Keyword Indexes to the Catalog. Keyword indexes allow
you to index a sequence of 'keywords' as an atomic property
of an object. This is useful for buiding catagorical
hierarchies.
- Z SQL Methods arguments list is now a TEXTAREA widget to
ease editing long aruments lists.
- SQL Database Adapters now have a 'test' tab where arbitrary
SQL may be entered and executed immediately through the
connection object. DTML is not supported in this tab.
- SQL Methods now support an option 'op' parameter on the DTML
method <dtml-sqltest> which allows you to choose the
operator used for comparison.
- WebDAV support has been modified to support MS Office 2000
applications. The changes _emulate_ aspects of DAV level 2
locking but do _not_ provide actual locking support at the
present time.
- Files and Images now can be served without loading themselves
into memory. This is automatically done for large Files and
Images. As a by product, RESPONSE.write now works better in
ZServer.
- Most if not all of the default DTML generated by Zope and its
built-in products is now generated in the new <dtml-var ...>
syntax. The DTML sources for Zope's built-in management
interfaces have also been converted to the new syntax.
- DTML entity references can now include dot-separated
var tag *options*, as in: '&dtml.url_quote-foo;'
- There is a new 'url' option on the DTML var tag that causes
absolute_url to be called on the displayed value. This
allows entity references like: '&dtml.url-foo;'
- There is a new 'url_quote_plus' option on the DTML var tag that
acts like the standard url_quote option but uses '+' to encode
blank spaces.
- There is a new 'missing' option in the DTML var tag that
allows you to provide a value to be used if the variable is
missing, rather than raising a KeyError. This will work in
the entity reference syntax as well. If it is used without
an argument, it will provide an empty string.
- The DTML built-in function, getattr, now accepts an additional
argument providing a default value.
- The tag() method of Image objects now support optional 'scale',
'xscale' and 'yscale' arguments that will automatically scale
the output height and width tag attributes.
- The Products folder in the Control Panel now has an 'Import/Export'
tab to allow easier importing and exporting of Control Panel
Products.
Features Changed
- ZCatalog uses subtransactions to keep memory consuption low
at the expense of indexing speed. Subtransactions can now
be disabled through the management interface for use with
non subtransactions compatible objects like ZSQL Methods (or
for raw speed if you have lots of RAM).
- Added a coptimizations module. The first optimization is
to provide an implementation of persistent_id in C. This
routine, which is called extremely often while pickling was
found to be a significant bottleneck.
- More flexible cache management methods were added to ZODB
Connection objects so that apps that want to move objects
out of memory can force aggressive cache behavior.
- Added the beginnings of internationalization support to Zope.
The Zope startup script (z2.py) now supports a "-L" option
that can be used to pass a locale name (such as "en" or "de")
to Zope at startup. If specified, Zope will attempt to set the
locale using the locale module if it is available. This change
will allow Zope to better handle international characters in
a number of places such as searching and indexing.
- Logging from ZServer modified to produce Common Log Format
in a Combined format, where user-agent and referer are also
logged.
- xmlrpclib was updated to relect the current version (0.9.8)
from Pythonware.
- Add button returned to the management interface, although
the Javascript auto-select is still in place. This resolves
some problems with browsers on certain platforms.
- Added small explanation on Image/File add form that if the
'id' is not provided, it will be autogenerated based on the
file name.
Bugs Fixed
- The build procedure for source checkouts now sets the
directory structure permissions to something (775) readable
by anyone, including, e.g., the web server running under a
different user id and group than the installer...
- A bug in the DTML tree tag that prevented expand_all from
working correctly has been fixed.
- ZCatalog now actually saves memory when using
subtransactions. Plugged a couple memory leaks doing this.
- Added ALT text fixed nested anchor tags produced by the Tree
tag to ensure that valid HTML is produced, and fixed the
reverse option to the Tree tag.
- A bug in FTP cookie authentication was fixed.
- Fixed a bug that caused External Methods to be reloaded every
time they were used in development mode.
- Fixed a permission typo in ZCatalog and a sort_on bug.
- Fix for missing REQUEST in a method signature in the
CatalogAwareness module.
- Changed to propagate errors raised by _begin for thunked
database adapters. Also changed completion code to check
registered status and avoid completion logic if not registered,
which would be the case if _begin failed.
- A memory leak in cPersistence has been fixed, and a bug in
object deactivation that prevented deactivation of BTrees
was fixed.
- A problem in BTrees that caused unintended db writes on
Catalog searches was fixed.
- Some unnecessary debug mode overhead eliminated - external
methods are now automatically reloaded only when the .py
files are changed.
- A thread-safety problem with PCGI handling was fixed.
- A bug that caused installation of through-the-web product
distributions to fail.
- A bug in the handling of long int properties was fixed.
- Some bugs in the generation and verification of CRYPT based
passwords was fixed.
- A bug in the earliestTime method of DateTime objects was fixed.
- A bug in determination of the ZServer version string was fixed.
- Height and width detection for some PNG images did not work
properly.
- A bug that caused proxy role machinery to ignore local roles
was fixed.
- Added a fix for PCGI to make sure binary IO is used on win32.
- A javascript fix for IE5 was made for the folder add list.
- A bug in sequence multiplication in DTML was fixed.
- A ZServer bug that prevented running multiple Zope2 installations
on non-posix systems was fixed.
- An External Method error handling bug was fixed.
- The local 'Owner' role could be overwritten when an object
was copied, moved or renamed.
- Documented and fixed the creation of 'selection' and 'multiple
selection' properties.
- SECURITY: Fixed bug that allowed users with local roles gain
priviledges on acquired objects. getRolesInContext did not
used the correct context, as defined by the inner-most object
wrapping.
- SECURITY: The permissions for Find support methods were not
being properly initialized.
- SECURITY: Viewing existing user no long displays current password,
only space for putting in the new password. This will be more
critical as we move toward fully encrypted passwords.
- SECURITY: A bug that prevented setting permissions on External
Methods in ZClasses was fixed.
Zope 2.0.1
Bugs Fixed
- Fixed a bug which allowed unauthorized options to be displayed
when adding a Folder. Now you only see options to add an
index_document and/or a user folder if you have adequate
permissions.
Zope 2.0
Features Added
- Database conflict errors are now logged. Although conflict
errors are normally handled by retrying requests, frequent
conflict errors can degrade performance and should be dealt
with by redesigning applications.
Features Changed
- The process id displayed in the control panel now inclused
the thread id, in parentheses.
- Upload of image or file data *always* used
sub-transactions. Unfortunately, database adapters don't
support subtransactions. Images and files now use
subtransactions only of the image or file is greater than
128K bytes in size. Also, subtransactions are not used if
data are uploaded as a string by using the ':string'
ZPublisher type in the upload form.
More advanced DA's could, and probably should support
sub-transactions.
Bugs Fixed
- Attempting to cut an object then paste it into itself or
one of its subobjects would cause a recursion problem.
- Certain ZCatalog reindex operations could fail due to an
unintended transaction abort.
- Database connections were leaked when database conflict
errors occurred and handled by reexecuting requests. When 7
connections leaked, the site would accept no more web
requests.
- The transaction-integration for relational databases didn't
work properly. Aborting Zope transactions didn't abort
relational database transactions. What's worse, transactions
were not committed after a Zope transaction using a
relational database was aborted. This explains the reported
problems with Gadfly databases and transactions.
- Fixed a bug which prevented ZPublisher.Client from uploading
files to ZServer.
- Added some logic to the win32 binary installer to fix some
dll loading problems people were getting on international
versions of NT.
- Fixed a bug in cDocumentTemplate that could cause AttributeError
instances to be leaked in certain situations.
- 'reverse' option for the 'in' tag as well as the 'tree' tag
has been changed to deal with a copy of the data, rather
than the original. The database was being modified in
place. The side effect is that in large list situations
(with ZCatalog for example), sizable memory usage may
result.
- Missing values (as returned from SQL methods) were output as
empty strings by the DTML var tag, even when a numeric
format (e.g. "%5.3f") is used. Using a numeric format with
a missing value should generate an error, unless the null
attribute is used. Also, the null attribute had no effect
when outputing missing values.
- It was impossible to map some permissions to themselves, or
to other inherited, but not registered permissions in
products and in class methods. When this failed, a silly
error message ("Waaa" ;) was output.
- SQL methods had an unused method, getFindContent allowed
anonymous users to read SQL method source. This method was
renamed to PrincipiaSearchSource, and protected with a
permission.
- SQL methods could not be found with the find mechanism by
searching their source.
- The PrincipiaSearchSource method of DTML documents and
methods was not protected, so anonymous users could read
their source.
- Fixed a bug in ZOM which caused getElementsByTagName to fail
when using XML Document. Thanks to Andrew Kuchling.
- It was possible to hijak 'self' arguments for DTML and
External methods with request variables. This was especially
problematic for XML-RPC, which uses positional arguments.
- It was difficult or impossible to call External methods with
'self' arguments from XML-RPC.
Zope 2.0 beta 6
Features Added
- The control panel process id display now also includes the
thread id.
- The Zope start script, 'start', is now written in a
location-independent manner, making it a little easier to
move Zope sites around after installation.
Features Changed
Zope 2.0 introduces a new HTML DTML syntax that, among other
things, allows simple 'var' tags to be entered using the
entity-reference syntax, as in::
<input name=spam value="&dtml-spam;">
The entity reference syntax is mainly intended for use
when a var tag is used to insert text into an HTML tag. In
these cases, the text needs to be html-quoted. For this
reason, use of the entity reference syntax now implies html
quoting. For example, the DTML snippet above is equivalent to::
<input name=spam value="<dtml-var spam html_quote>">
(Note that when inserting text to be used in a URL, as in an A
tag HREF attribute, we need to url-quote the text. Zope 2.1
will provide a means to do this with the entity-reference
syntax.)
Bugs Fixed
- Missing values were not formatted correctly with numeric
formats and did not work properly with the 'null' attribute of
the DTML 'var' tag.
- It wasn't possible to map some permissions of objects in
Products. For example, it wasn't possible to enable a
permission by mapping it to itself. Attempts to do so lead
to a rather silly uninformative error message.
- When providing default values for input fields, few of the
built-in DTML methods used html quoting. This lead to
incorrect behavior when default values included markup or
quotes.
- View filtering failed to show tabs for views in some cases
where it should.
- Single-character variable names were'nt allowed in the
entity-reference DTML syntax.
- DTML batch processing didn't work properly.
- The DTML functions, '_.getattr', and '_.hasattr' incorrectly
acquired attributes even when explicit acquisition was used.
- Image dimensions were not autodetected for PNG 1.2 files.
- The "View" view didn't display correctly for images with ids
with characters that had special meaning in URLs.
- The 'optional' attribute in the 'sqltest' tag had no effect.
- With browsers (like lynx) that correctly implement RFC 1867
for file-upload support, non-file fields in file-upload
requests were treated as file fields.
Zope 2.0 beta 5
Features Removed
- The help system, which was primarily geared to DTML
programmers was removed.
Bugs fixed
- Database packing failed in certain cases where the data set
contained many version commits.
- Database packing generated spurious error logs indicating
that there were bad references for objects created in
ncommitted versions.
- A memory leak due to errors in managing request data.
- Zope sites became unresponsive (a.k.a. "Hung") due to an
error in managing ZODB 3 database connections.
- Only the top-level folder's standard_error_message was used.
- There were thread-safety and resouce consumption problems
in the implementation of thread-safe regex objects.
- Fixed bug where ZCatalog's not in the root folder did not
recognize the proper URL of objects using the 'Find'
machinery. This caused all the objects to mysteriously
disapear when you updated the catalog (because their paths
were wrong). The Catalog now works correctly anywhere in
the object hierarchy.
- Fixed a bug that caused error messages to be formatted
incorrectly if the standard_html_header did not begin
with an HTML tag.
- The undo form was accessible even to people who couldn't do
undo. This made it look like we were allowing undo in cases
where we were'nt supposed to.
- The undo form did not restrict undoable transactions to
just those transactions performed by users that were
authenticated at the same level. This made the new undo
less restrictive than the Zope 1 undo. Undo should probably
be *more* restrictive, but that will have to wait for 2.1
or later.
- Zope crashed under load for applications using ZCatalog due
to an ancient bug in handling loading of empty BTrees from
the database. This bug has only become effective with
ZCatalog.
Zope 2.0 beta 4
Features Removed
- Draft objects are no longer supported.
Features added
- The source release install script now checks to make sure that
the Python used has thread support.
- FileStorages can now habe quotas.
Bugs fixed
- This release fixes a socket listen-queue depth problem on
Win32 systems that caused poor performance and connection
refusals in ZServer.
- Fixes to the win32 installation were made to prevent a
potential conflict on systems that have an existing
installation of the Python win32 extensions.
- Some of the management views, including the
security/permission mapping views were not visible for
ExternalMethods.
- New SQL methods could bot be created.
- New mailhost objects could not be created.
- New Draft objects could be created.
- Draft objects could not be deleted.
- ZClasses could not be added as methods.
- Disk full errors could leave the object system
in an inconsistent state. The handling of this error
was made more robust. Also, when serious errors like this
occur late in the transaction commit process, the
transaction system switches to read-only mode.
The File-storage recovery process needs to change to make
disk full errors detectable earlier in the two-phase commit
process so that the system can recover without switching to
read-only mode. This change, which is expected in 2.1 will
also provide better write performance.
- Errors during commit of sub-transactions were not handled
correctly, leading to inconsistent object data.
- Packing not not mark all transactions performed before the
pack time as "packed". Undoing these transactions lead to a
broken database.
- On win9x systems, random data seems to be added to the end
of the file on system crashes, causing apparent file
corruption. Code has been added to check for this case and
recover by truncating the file with a log message.
- The Zope version was not shown in the control panel.
- The binary release had the PCGI wrapper program in the wrong
directory so PCGI installations were not successful.
Zope 2.0 beta 3
Features added
- Added a 'getobject' method to ZCatalog. This allows you to more
easily get at a cataloged object from 'searchResults'. For
example::
<!--#in searchResults-->
<!--#var "getobject(data_record_id_).title_or_id()"--><br>
<!--#/in-->
Bugs fixed
- This release fixes a bug in acquisition that caused creation of
ZClass instances to fail under some (common) circumstances.
- Copy and Paste validation machinary now takes local roles into
account.
- ZDOM now adheres more closely to the DOM spec with respect to
Document and DOMImplementation nodes.
- The main management screen will no longer show the 'Delete' or
'Export' buttons if the user doesn't have adequate permissions
to delete or export objects respectively.
Zope 2.0 beta 2
Features added
- Added a '-r' switch to z2.py for ZServer read-only mode.
- The 'null' attribute in the DTML 'var' tag is now used when
the value being output if the Python value 'None'. Some
people considered this to be a bug.
- Permission objects are automatically created for new ZClass
objects as part of the ZClass wizard.
- For Python programmers, there is a new convenience function for
debugging in the Zope package.
For example, to debug method spam in the Zope debugger::
python
import Zope
Zope.debug('spam', d=1)
Bugs fixed
- Changed the logic used to detect binary content types to
only look for control characters. The previous version
incorrectly considered certain Latin-1 characters as
binary.
- The ZService.py used to implement Zope as a Win32 service
on NT has been updated to handle a difference in the way
.dll files are found on internationalized versions of NT.
- The configure.in file used to build PCGI has been updated.
- Several fixes to DateTime were added to provide better
behavior on machines with unrecognized time zone names.
- Conflict errors, which occur when simultaneous writes occur
to the same object in multiple database connections, are now
handled correctly by re-executing (up to three times)
the requests that lost the race condition.
- Error formatting with standard_error_message has been moved
to the object publisher via a new published module hook,
'zpublisher_exception_hook'. In addition to enabling
conflict error handling, this fixed two other bugs:
- Error handling in ExternalMethods and in DTML methods or
documents called from other DTML documents or methods
caused errors to be propagated in ways that defeated use of
the try tag and other forms of error handling.
- Errors raised before or after calling published objects
were not formatted.
- Errors in processing form variables, such as missing or
miss-typed values resulted in server errors, rather than in
formatted error reports.
- Database browsing didn't work for ZGadflyDA database adapters.
- Transaction meta data were not captured correctly by
ZPublisher, which made the undo log look odd wrt the user
who performed the transaction.
- Permissions for version operations were not set correctly. This
made it hard to delegate work to be done in versions and to
separate version participation from version finalization.
To fix this, it was necessary to split the "Join/Leave" view
into separate "Join/Leave" and "Save/Discard" views.
- No remark could be entered when discarding versions.
- Fixed a ZServer kill_zombies bug which kept ZServer from killing
hung connections.
- Improved ZServer's handling of slightly broken HTTP requests.
- Fixed a properties setting permission bug.
- Fixed a product permissions registration bug that allowed
product permission data to get lost.
- Updated the MailHost product to use the new product initialization
procedure. This fixed a MailHost adding permissions bug.
- Made Z Class icons visible to everyone. This way you can view a
Z Class icon without having and permissions on the Z Class.
- Objects were sometimes incorrectly acquired do a bug in
detecting attribute errors during acquisition. This led to
errors getting covered up or obscured.
- There was a memory leak in acquisition.
- Some thread-safety problems were fixed.
- DTML entity references (e.g. '&dtml-spam;') with missing
semicolons (e.g. '&dtml-spam') caused infinite loops.
- Extra spaces around expressions in DTML caused syntax errors.
- Broken objects, which are used as surrogates for objects
that can no longer be instantiated due to missing product
installations, no longer use HTML markup in their text
representation, as this caused odd effects in HTML titles.
- A number of fixes were made to the new DOM support.
- Versions could be deleted by users working in the deleted
versions. This led to strange paradoxical effects. Attempts
to delete a version or an object containing a version by
someone working in a version now lead to errors.
- ZGadflyDA has been updated to use the current (as of this
release) version of Gadfly. (Note that this had been
incorrectly reported as a 2.0 beta 1 feature.)
- Using an sql method in a version sometimes caused the method
to be locked, making it unusable by non-version users. This
was due to the way that column meta-data was managed. Now
column meta-data, used by report creation wizards, is only
safed when sql methods are tested.
- In StructuredText, list items could not directly introduce
example code.
- Undoing transactions that discarded versions did not cause
versions to appear non-empty.
- Temporary files were created for file storages that were
opened in read-only mode.
- A bug in FileStorage and DemoStorage didn't show you more
than the first 20 previous transactions in the Undo log.
- An incorrect contents view was returned after adding a File
object.
- On the cache parameters page, the number of bytes, rather
than the number of objects in the database was shown.
Note:
The section for Zope 2.0 alpha 4 did not mention that ZCatalog
is now shipped with the Zope core.
Zope 2.0 beta 1
Backward incompatibility
- ZODB 2 is no longer supported or included!
- The utility script bbb.py, no longer supports
xml output.
Known problems
- Handling of conflict errors hasn't been implemented. When
two threads try to update the same object, one will get a
conflict error. By beta release 2, requests that get conflict
errors will be retried until they succeed (or fail without a
conflict error) or until a maximum number of retries is
exceeded.
Features added
- The default ports used by ZServer have been changed. The
new default ports are: 8080 for HTTP, 8021 for FTP and
8099 for the monitor server.
- ZServer now uses the zLOG logging mechanism for informational and
warning messages.
- ZServer now includes a fairly stable NT service ZService.py
- 'access' file now can use SHA-1 hashing, and now does by
default
- 'zpasswd.py' added to top directory to manage this
new 'access' file
- A number of changes have been made to enhance security
control in through-the-web-developed products:
- There are new "Permission" objects that can be added to
Products. Permission objects provide a mechanism for
defining new permissions. These new permissions show up in
folder security screens.
- Factory objects can have permission settings. This affects
whether items show up in add lists and who can use factories.
- Objects in products now have permission mapping rather
than direct permission settings just like ZClass methods.
- New permissions cannot be defined in ZClasses any longer.
Rather, ZClasses can select from global permissions,
including permissions defined with permission objects.
Here's a sample scenario:
1. Add a ZClass, "Container" with the option to create a
factory and constructor methods.
2. Add a permission object with the permission "Manage
Containers".
3. Change the permission of the factory created in step 1
to "Manage Containers".
4. Visit the ZClass created in step 1, view the "Define
Permissions" view and map the "Create class instances"
permission to "Manage Containers".
5. Visit the constructor DTML Methods created in step 1,
view the "Define Permissions" view and map the "View"
permission to "Manage Containers".
In this scenario, we created a ZClass and made it addable
only by users (roles) that have the "Manage Containers" permission.
- There is a new module, Shared.DC.THUNK
(lib/python/Shared/DC/THUNK.py) that provides a mix-in class
that implements ZODB 3 transaction protocols and that
provides course-grained locking logic that should allow many
non-thread-safe database adapters to be usable in
multi-threaded Zope applications. The Gadfly database
adapter has been updated to use this mix-in class.
- The transaction management mix-in classes (Shared.DC.TM.TM
and Shared.DC.THUNK.THUNKED_TM) now provide a lower-level
transaction management protocol. Database adapters that mix
these in should:
- Call 'self._register()' when performing database
queries, and
- If necessary, override methods:
_begin() -- Which is called to begin a transaction,
_finish() -- Which is called to finish a transaction,
and save changes, or
_abort() -- Which is called to abort (rollback) a transaction,
and discard changes, or
- Object export now provides an XML export option and import
files may be in Zope export format or XML format.
- Zope objects that support the Zope management framework now
support the DOM 1.0 read interfaces. This allows DOM read
methods and attributes to be usable with Zope objects and
Python DOM tools, like FourThought's 4XSL to work with Zope
objects.
Note that DOM-defined attributes are defined with "get"
methods. For example, to get the DOM-defined "parentNode"
attribute, use: 'object.getParentNode()'.
- The pyexpat extension module for using James Clark's
expat library for parsing XML is included in the
distribution as Shared.DC.pyexpat.
Bugs Fixed
- You can no longer cd to an acquired directory in ZServer FTP.
- A number of changes were made for thread safety. This was not as
hard as it sounds, since persistent objects are always
thread-safe. (Well, only one thread accesses any particular
copy of a persistent object.) The biggest issue here is
mutable global variables, mutable objects stored in classes,
mutable default Python function arguments, and global
variables in extensions.
Zope 2.0 alpha 4
Backward incompatibility
- The old ZopeHTTPServer is no longer supported or included.
Use ZServer.
Features added
- The let and return tags were added to DTML.
- Several new input form types were added:
:default -- allows you to specify default values
:record -- allows you to combine multiple form variables
into a single input variable.
For example::
<input name="date.year:record:int">
<input name="date.month:record:int">
<input name="date.day:record:int">
will result in a single variable, 'date', with
attributes 'year', 'month', and 'day'.
:records -- allows you to input a list of records (ie a
table)
:ignore-empty -- If the field if the value is an empty
string.
For more information, see the section on "Form variable
types" in http://www.zope.org/Documentation/Reference/Trinkets.
- In the startup script, z2.py:
- The startup script, z2.py, has additional documentation on
providing empty strings as arguments.
- Added a -P option to the startup script, z2.py, to specify a
base port for the various servers. For example::
python z2.py -P8000
is equivalent to:
python z2.py -w8080 -f8021 -m8099
This is a convenient short-hand for systems with many zserver
instances running.
- Added an -l option to the startup script, z2.py, to specify
the location of the ZServer hit log. If the location is a
relative path, then it is assumed to be rooted in the 'var'
directory.
- A progress indicator was added to the database conversion
utility, utilities/bbb.py.
- The PCGI installer now writes the PCGI info file to use ZODB 3
rather than ZODB 2.
- The default content is provided in both ZODB 2 and ZODB 3
format.
- There is a new logging framework for reporting errors from
Python-level code. See the module zLOG.py for details.
For the time being, to turn on logging, set the environment
variable STUPID_LOG_FILE to a file name or to an empty
string to log to standard error. We will eventually provide
a more formal and functional logging configuration
interface.
- The hooks used by objects that modify their environment were
changed. The new hooks are:
manage_addHook -- called after an object has been added
manage_beforeDelete -- called before an object is deleted
manage_afterClone -- called after an object has been
copied. This should only be used by object that
capture their identity is some way other than their
id attribute or persistent id. (It's really for
ZClasses, which have global ids.)
- Pack is now supported for ZODB3 File Storages.
- The header output by manage_tabs now shows whether the
current object has been modified or locked by a version and
shows the version if the version isn't the current working
version.
- The locked-in-version decoration in the object management
contents view shows the locking version if the version isn't
the current working version.
- Several demonstration ZODB Storage implementations have been
added. See lib/python/ZODB/DemoStorage.py and
lib/python/ZODB/dbmStorage.py.
- Subtransactions have been added (instead of temporary
versions). If a true argument is given in a transaction commit
or abort call (e.g. 'get_transaction().commit(1)'), then
the commit or abort applies to a subtransaction of the
current transaction. This is useful in a number of ways,
including:
o Subtransaction commits on requests that work with lots
of data can reduce memory usage because data can be
removed from memory after changes are saved in a
subtransaction,
o You can rollback changes due to a local error without
rolling back *all* of the changes made in a long
transaction.
- There is an advanced interface for specifying alternate
storages for Zope. Zope will try to import the module
'custom_zodb' from INSTANCE_HOME and use it's Storage
attribute.
For example, to use a Demo storage based on the standard
File storage, you might define a 'custom_zodb' module with::
import Globals, ZODB.FileStorage, ZODB.DemoStorage
name='%s/Data.fs' % Globals.data_dir
base=ZODB.FileStorage.FileStorage(name, read_only=1)
Storage=ZODB.DemoStorage.DemoStorage("Demo (%s)" % name, base)
- Find can now search text of SQL methods.
- DTML tree tags now have a reverse option.
- ZClasses now have class ids. These class ids are registered
in a central registry and are used when unpicking instances.
- Database connections now have a sync method for
synchronizing the connection with saved data. This is
useful for interactive connections to see database changes
made by other threads.
- Errors encountered when trying to unpickle object state are
now logged, if logging is enabled.
- Added an extra checkpoint to ZODB 3 FileStorage Transaction
commit to better handle system crashes.
- ZPublisher request objects now have a BODYFILE key to get
the request body as a file for non-form non-GET requests.
- Cookie support was added to the ZServer FTP server to make
FTP access compatible with cookie-based authentication.
- ZServer now includes a NT Service, 'ZServer.py' This service
requires the Python win32 extensions. It is not yet complete
and not yet integrated with the Zope installer. It does however
include a large doc string.
- ZServer is officially using the z2.py start script now. The old
start.py and zinit.py were removed. Note: z2.py will call zdaemon.py
for you, if you want to use ZServer in daemon mode on Unix.
- Added a 'has_permission' method to user objects. This facilitates
finding out if a user has access to a given object. For example::
<!--#if "AUTHENTICATED_USER.has_permissions('View',someObject)"-->
- The product add list is now filtered. This should keep
objects out of the product add list for which the user does
not have adequate permissions. This is implemented with a
new method, 'filtered_meta_types' which returns all the
meta_types for which a given user has permissions. Note:
Right now ZClasses do not associate permissions with
Products. Thus all Control Panel Products appear in the
product add list, no matter what roles the user has.
- HTTP REQUEST objects now use HTML in their string representation.
- The REQUEST keys of the form BASEx and URLx, where x is
an integer now allow x to be greater than 9.
- index_html is not longer used automatically for XML-RPC
requests.
- ZPublisher debugger, 'ZPublisher.test' now accepts a 'extra'
keyword argument with a dictionary giving extra variables to
be added to the request. This is handy for testing methods
that require large amounts of input data, such as file uploads.
- The load_site utility ('utilities/load_site.py') now accepts
a '-9' switch to make it work with Zope (and Principia)
sites at revisions 1.9 and lower.
Bugs fixed
- Got rid of some DOS line-endings in xmlrpclib.py that caused
install-time module compilation to fail.
- Fixed DOS line-endings in medusa/max_sockets.py
- Fixed a NameError (missing TupleType) definition in
the export/import (copy/paste) machinery.
- The startup script failed on Windows because it imported the
posix module without checking the os.
- ZServer crashed when the number of simultaneous connections
exceeded a system limit, especially on Windows. ZServer now
stops accepting new connections when the number of active
connections exceeds a threshold.
- Accessing cached results of items() (or values() or keys())
calls on BTrees caused core dumps if affected elements were
deleted. For example::
for k in abtree.keys():
del abtree[k]
Note that this code is still incorrect due to the fact that
the objects returned from abtree.items() (or values() or
keys()) have reference, rather than copy semantics.
- Compiling Acquisition.c caused (bogus) compiler errors on
SGI.
- zdeemun wus mispeled
- Local roles were not handled correctly when filtering
management views.
- Copying and pasting ZClass instances copied and pasted their
ZClasses too, effectively disconnecting them from their
managed ZClasses. The same thing happened when ZClass
instances were exported and imported.
- The Database area in the control panel was broken.
- Copy and paste of multiple objects was broken.
- Copy and paste of ZClass methods was broken.
- Copy and paste of ZClass properysheets was enabled and
broken. It is now disabled.
- Accidental import of BoboPOS in processes using ZODB (3)
caused strange errors.
- A bug in batch processing caused batch processing to hang or
give incorrect results.
- DocumentTemplate-based classes, like DTMLDocument and
DTMLMethod could not be subclassed correctly.
- There was a memeory leak in the DTML try tag.
- When adding folders with user databases, no check was made
to make sure the user was permitted to add a user database.
- Broken objects weren't created for objects whose class could
not be found when using ZODB 3.
- The 'self' argument wasn't properly passed to external
methods used in ZClasses.
- The Setup file in the SearchIndex package had an unneeded -I
option that caused compilation errors on some platforms.
- ZGadflyDA transactions were not committed.
- ZClasses didn't provide an interface to edit their titles.
- Propertysheets were broken for ZClasses that inherited from
built-in classes, like Folder and DTMLDocument.
- Propertysheets were disabled for instances by default. Now,
propertysheets have the "manage properties" permission by
default.
- The navigation pane wasn't updated when classes were added.
- Changes in ZClasses were not properly propagated to all
database connections using ZODB3.
- Database connections were not closed correctly under heavy
load when the number of application threads exceeded the
number of database connections in the connection pool. This
lead to Zope locking up under load if the application thread
count was increased using the z2.py -t option.
- undo in ZODB 3 didn't properly refresh objects.
- export and import was broken for ZODB 3.
- Fixed ZServer HTTP zombie killing. Now hung connections are
successfully closed.
- A bug in handling the case when a file was created on open
without the create flag caused weird errors on windows.
- The REQUEST BASE1 key was not computed correctly when
SCRIPT_NAME was an empty string.
- It was impossible to return an empty list or dictionary to
an XML-RPC request.
- The database conversion script fails when the first record
in the input file lacked properly-formatted transaction
data. The conversion script also didn't work on some
systems due to an incorrect 'flush' call on the *input*
file.
- Factories that were also ZClass methods didn't get
unregistered properly when they were deleted.
Zope 2.0 alpha 3
Features added
- XML-RPC support
All Zope objects are now XML-RPC servers.
- ZODB 2 (aka BoboPOS) to ZODB 3 FileStorage database conversion
An option has been added to the bbb.py script in the
utilities directory to convert ZODB 2 database files to ZODB
3 format. The bbb.py script now accepts an '-f' option that
takes an argument specifying an output file name. For
example, to convert the ZODB 2 data file, Data.bbb, in the
var directory, to ZODB 3 FileStorage format::
python utilities/bbb.py -f var/Data.fs var/Data.bbb
Note that version data are not converted.
- In Z Classes, Methods and Property Sheets now have a "Define
Permissions" management tab to map permissions. This tab used
to be labeled "Security".
- ZServer's FTP server now attempts to display an object's owner
as defined in local roles.
Bugs fixed
- The cache management screens were broken
- Local roles on DTML Methods and Documents were not persistent.
- ZServer's select trigger has been updated and now shouldn't give
errors when running ZServer as another users.
- The tree tag used persistent object ids in ways that were
not compatible with ZODB 3. This caused strange behavior
like weird content-types and invalid state messages.
- The DTML In tag no longer handled batch processing correctly,
and sometimes got into infinite loops. This was due to a very
old bug that was made effective by Python 1.5.2.
- Objects that could not be loaded because their implementing modules
(or packages) had been removed were not handled properly as
broken objects when ZODB 3 was used.
- The DTML Python string format did not allow expressions for
simple variable insertion. Expression insertion is now
allowed if the var tag name if the var tag name is supplied,
as in::
%(var expr="x+1")s
Note that, because of this change, the var tag name must
also be supplied when a variable named 'var' is inserted, as
in::
%(var var)s
Zope 2.0 alpha 2
Features added
- There is a new optional EXPERIMENTAL HTML DTML syntax. As
an alternative to SSI syntax, you can now use ordinary HTML
syntax, as in:
<dtml-in objectIds>
<dtml-var sequence-item>
</dtml-in>
You can also use an entity-reference syntax for the var tag
as an alternative to the tag syntax. For example::
&dtml-foo;
is equivalent to::
<dtml-var foo>
and is especially handy in attributes::
<a href="&dtml-foo;">
Both the new syntax and the SSI syntax are allowed in the
same document. In fact, if you were really twisted, you
could:
<dtml-in objectIds>
<dtml-var sequence-item>
<!--#/in-->
IMPORTANT
This feature really is EXPERIMENTAL. It could disappear
someday, depending on how people like it. We'd really like
to get feedback on how useful this feature is.
- reverse options were added to the in and tree tags.
- The startup script, z2.py, has a -D option to turn on
debugging mode.
- Made environment variable settings work with the http
server. So now you can do things like ./z2.py -w 8888
SCRIPT_NAME=Zope and actually have the specified SCRIPT_NAME
override the normal SCRIPT_NAME. This is Useful for using ZServer
behind a proxy.
- Added support for the Medusa monitor server.
- There's a first cut at a ZServer NT service. This is Zope on
NT's answer to zdeamon.py
It actually seems to work, though there's still a fair
amount missing.
- The error messages for missing or miss-formatted access
files was improved.
- A new debugging method, manage_debug, has been added to
Control_Panel to monitor the Zope process for possible
memory leaks.
- The name, 'this', has been added to the namespace available
to construction methods to provide a function for computing
the destination object. The name, 'this' is essentially
equivalent to 'Destination' and 'Destination' will be
deprecated eventually.
- The title of the main Zope management interface now includes
a full URL.
- Folders that have (or acquire) index_html methods now have
view tabs for viewing index_html.
- On browsers that support Java Script, the "Add" button is
omitted and the add form is visited as soon as a selection
is made from the select list.
- The python-pickle format used to export data from ZODB 2 was
updated to handle string data differently.
- Update syslog clients to try for SOCK_DGRAM first, since newer
syslogd won't accept SOCK_STREAM connections (Collector #888).
Bugs fixed
- A number of bugs and features were left out of the
release notes for Zope 2.0 alpha 1. The notes for
Zope 2.0 alpha 1 have been updated substantially.
- There was a serious memory leak introduced when a security
bug was fixed in 1.10.0.
- There was a memory leak in ZODB 3 persistent objects, which
now manage object IDs as persistent objects.
- The Python 1.5.2 cgi module didn't work with Zope.
Zope now includes its own fixed version of the module.
This bug caused FTP, Netscape Publishing and WebDAV to fail.
- A bug in transaction management caused Gadfly requests to
fail. Other database adapters need to be updated.
- Running ZServer as nobody failed due to the order in which
the log file was opened.
- Added fix contributed by Brian Hooper for HTTP Clients which
don't always spell their HTTP headers correctly.
- A number of classes didn't get there reference-counts
reduced when instances were destroyed. This confused the
new memory allocation monitoring tool.
- New user folders had no effect because they did not get
properly registered in their containing folders.
- Changes made to factory objects were lost when a process was
restarted.
- Clicking on the 'Help' caused the help information to be
displayed in the current frame, rather than in a new
window.
- Shutting down Zope attempted to save the database index even
when Zope was run in read-only mode.
- A number of fixes were made in the Date-Time support.
- Batch processing in the in tag sometimes failed.
- Sites with custom roles in the top-level application
object did not pick up the new 'Owner' role.
- Content-type detection had problems in DTML documents and
methods.
- Some cookie expiration dates used 2-digit years.
- Error values for errors raised by ExternalMethods were lost.
- Values returned by absolute_url were not URL quoted.
- Extra newlines were prepended to documents when they were
edited.
- Objects ids were not properly quoted in a number of places,
because id quoting was unnecessary until recent relaxation
of the rules for ids.
- ExternalMethods are now automatically reloaded when running
in debug mode.
- Search interfaces generated by the search interface wizard
no longer include a "Cancel" button.
- Errors were masked by a bug in handling ZODB3 transaction
aborts.
- The ZODB 3 cache manager deactivated objects too quickly,
causing performance to degrade.
- BASEx request variables were not computed correctly when
SCRIPT_NAME was not empty.
- The URLx variables couldn't be computed in some cases when
using ZServer.
Zope 2.0 alpha 1
BACKWARD INCOMPATIBILITY
- A change was made to the way ZClasses are constructed.
Previously, the __call__ method was an alias for the
index_html method which took took an id and a request
and created a new instance and added the instance to
the destination.
Now, the __call__ method simply calls the underlying
managed class with the supplied arguments to create and
return an instance. The instance is not added to a
folder.
The index_html method is now an alias for the
createInObjectManager method, which does what the
index_html method did before.
There is a new method, fromRequest, that takes an id
and a request and creates a new instance. It does not
at the instance to a destination.
Features Added
- Integration of ZODB 3
- The ZClass construction interface has been cleaned up to
make construction of ZClasses a little easier from Python.
- When adding ZClasses, there is now an option to
automatically create construction methods and a factory.
- "Management" screens now *only* show tabs a user permitted
to see. Used in combination with carefully selected roles,
this change provides an adaptable management interface.
- Instance homes can now have local Products directories.
- There is a new ZServer start up script that can be used without
modification and that integrates process management. This
script replaces the ZServer 'start.py' and 'zinit.py' scripts.
- When the new startup script is used, then the control panel
shows a "Restart" button which causes the Zope process to
exit and be restarted and a "Shutdown" button that causes Zope
to exit and not be restarted.
- There is a *very* rough cut at a centralized version manager
in the control panel. This is only functional when the
ZODB3 database is used. This feature will mature
significantly before the final 2.0 release.
- A new Zope icon was added, and the "powered by Zope" icon
has been updated.
- Made DTMLDocuments, DTMLMethods, Images, Files and Folders
subclassable by ZClasses.
- ZClass property sheets can now have read and modify
permissions.
- An "add list" name can be specified when creating a ZClass.
If specified, then construction methods and a factory are
created. This makes the class immediately instantiatable and
provides construction method examples.
- The ZClass basic property sheet now shows base classes.
- Changed the string representation of HTTPRequest so that
<!--#var REQUEST--> is a lot friendlier.
- Added a Zope debugging short cut.
Now::
import ZPublisher
ZPublisher.Zope(path)
is a shortcut for::
import ZPublisher
ZPublisher.test('Zope', path)
Bugs Fixed
- ZClass permission setting interfaces didn't show inherited
permissions.
- A number of bugs arising from attempts to set
caching headers were fixed.
- Some default permissions were not set correctly.
- The unused non-functioning resource-consuming Scheduler has
been removed.
- Access was given to objects without roles even if access
would be denied to the container.
- Fix submitted by Martijn Pieters:
Any property type int or long, set to 0, showed up in the
Properties Management tab as blank. This resulted in errors
when trying to change values of other properties, etc.
- Version names were computed incorrectly.
- Delete and rename were broken for ZClasses.
- It wasn't possible to override inherited attributes with
methods in ZClasses.
- Property values were not removed from ZClasses when property
sheets were deleted. This made it impossible to re-add a
property from a deleted property sheet.
- Generated property view and edit forms for ZClass property
sheets had a number of problems.
- The propertysheets property sheet should only allow addition of
property sheets.
Zope 1.11.0 pr1, which should have been named Zope 2.0.0 alpha 0.
Lots has changed in this release. The major news is ZClasses and WebDAV.
Features Added
- Added WebDAV support. See http://webdav.zope.org/ for details.
- Added Z Classes. Documentation is forthcoming.
ZClasses might be viewed as somewhat experimental, although
we're using them aggressively for internal projects.
- Added Property Sheets. Documentation is forthcoming.
- ZServer now included in distribution.
- Added new product registration interface. Documentation is
forthcoming.
- Added local roles which allow for permission settings for
users on individual objects. This allows for 'ownership' of Zope
objects. Added 'Owner' role to default roles, and automatic
setting of the 'Owner' role on a created object to the user who
created it.
- Added hooks for XML-RPC support to ZPublisher. See the source
for details. XML-RPC support is not yet finished.
- Added automatic height/width detection for JPEG images.
- Revised Zope error messages.
- A new DTML 'try' tag added based on work by Jordan B. Baker.
See the source for details. Documentation is forthcoming.
- A new DTML 'mime' tag has been added. See the MIMETools README.txt
for more information.
- A new 'range' function added the the '_' DTML variable.
- A new 'utilities' directory is included in the distribution.
- A new flag attribute, 'only', of the DTML 'with' tag
prunes the DTML namespace to only the namespace created
with the with tag.
- Added contributed support for encoding options in the SendMail
tag and MailHost send method.
- Management tabs are now prettier and allow status messages with
the manage_tabs_message variable.
- Added a method of notifying users of changes without using a
MessageDialog. This makes editing DTML Documents and Methods
easier.
- Added more documentation to Product add screens.
- New icons for many Zope objects.
- Sessions are now known as Versions.
- Changed from using 'manage_main' as default management method to use
'manage_workspace' which is a reserved method that dispatches to the
default management interface which is the first interface defined
in manage_options
- Permission settings are now inherited by Products from their base
classes. This means when you build a Product you only need to specify
its particular permission settings.
- Changed ZPublisher.publish_module's interface so that instead of
providing a stdin, stdout, and stderr, you can provide a Request and
a Response object. ZServer makes extensive use of this feature.
- Added methods to HTTPRequest to allow access to ZPublishers object
traversal. HTTPRequest.clone and HTTPRequest.resolve_url. See the
source for more details.
- Added a new "builtin" function reorder to DTML.
reorder(s, [with, without]])
Reorder the items in s according to the order given in with
and with items mentioned in without removed. Items from s
not mentioned in with are removed.
s, with, and without are all either sequences if strings
or sequences of key-value tuples, with ordering done on the
keys.
This function is useful for constructing ordered select lists.
Bugs Fixed
- Added small fixes to ZopeHTTPServer in anticipation of DAV.
- Construction, upload, and edit methods did not consistently
support either string or file data. This caused really weird
behavior when file upload was used with out including the
':string' suffix in the argument name when doing a file upload.
This bug was previously (and incorrectly) reported as a
ZPublisher.Client problem.
- Errors in ExternalMethods were masked by bugs in error
reporting logic. The bugs were made far more effective
by Python 1.5.1.
- Databases (or export files) created in binary distributions
were not usable in source distributions due to cPickle
limitations in stock Python 1.5.1. We now link/copy the
cPickle extension to BoboPOS to make sure that it uses the
latest version.
- Fixed registration of MailHost settings and incorrect default
quoted-printable encoding of message bodies.
- Added contributed patch that fixes bug in copied-object id
generation.
- DTML Documents and Methods now attempt to determine their
content-type rather than assuming they are text/html.
- Fixed PUT bug in determining content-type of binary files.
- Added changes that allow the top level userfolder to be replaced by a
UserDB or other userfolder-like object.
- Fixed an FTP support bug that sometimes kept simple items from
producing FTP listings.
- Added URL1 instead of "." as the form target for the workspace forms --
using "." causes NS servers to intercept the request and report an
error, making Zope effectively unusable.
- Added ZPL 1.0 and credits to copyright link in management screen.
- Fixed a bug that prevented validate() from working if the top-level
object were accessed and no default object (index_html) existed.
- Fixed a logic bug in security validation that allowed access to
unacquired objects that didn't have __roles__ even if the
containing object was protected.
Zope 1.10.2
Bugs Fixed
- Fixed a permission problem with DTMLMethod objects that caused
errors when attempting to commit permission changes.
- Factories could not determine the available methods
when they were being edited, making them uneditable.
Zope 1.10.1
This is a Python 1.5.2 beta 2 compatibility release.
A Python C API change in Python 1.5.2 beta 2 broke
Zope. This release contains a fix.
Zope should work correctly with Python 1.5, 1.5.1 and
beta versions of 1.5.2.
Zope 1.10.0
New Features
- Added Import/Export interfaces to Folders.
Bugs Fixed
- Fixed a bug in ZopeHTTPServer which caused it to fail on POST
requests without content-type headers.
- PUT and file uploads would fail if the content-type could
not be determined. Now objects created via PUT and file
upload will default to either 'application/octet-stream'
for binary files or 'text/plain' for non-binary files if
no content-type can be determined from headers or filename
extensions.
- Fixed a permission bug left from a change to the Find support.
- Fixed misc typos in docstrings and docs.
- Fixed a bug that kept objects from being freed from the cache!
Basically, there was never a check for inactive objects.
- MailHost objects didn't do appropriate CRLF conversion or
recognize 4xx server responses.
Zope 1.10.0 pr1
New Features
- Documents generated by the search interface wizard
no longer use tab characters.
- Added a -s option to ZopeHTTPServer. This is useful
for emulating older sites when generating screen shots
for creating or updating documentation.
- Default bobobase now includes a Zope button along with a link
to the Zope site. This satisfies the ZPL attribution requirement.
The button is created by a new builtin method
'ZopeAttributionButton'. Also, both the source and the binary
distributions now have the same default bobobase.
- Made the logic for getting SOFTWARE_HOME a bit more robust, so that
it handles relative paths and paths starting with '.' and '..'.
This is useful when simply importing Main from the Python
prompt in the lib/python directory.
- The ThreadLock module has been changed to reflect changes
in the Python API in Python 1.5.2.
- The '_' variable in DTML now has the random module
as an attribute and DateTime.DateTime as the attribute DateTime.
- Added keys() and items() methods to the REQUEST object.
- Added get_header() method to the REQUEST object for retrieving
HTTP headers.
- New SearchIndex package and BTree component have been added to
the distribution, providing low-level support for products with
built-in searching such as Tabula and Confera.
- Documents have now been split into two distinct object types:
DTML Documents and DTML Methods. DTML Methods behave exactly
as Document objects did. DTML Documents are similar except that
the "client" or "self" of a DTML Document is the DTML Document
itself rather than its parent, and DTML Documents can have
properties.
- DTML Documents, Image and File objects can now have properties.
- A new PropertyManager mixin class allows developers to easily
add properties and property management to non-Folder objects.
- Added a new absolute_url method which can generate an absolute
url for the object on which the method is called.
- GIF and PNG Images now figure out their own dimensions when
uploaded. Image height and width properties are now editable.
- Images now generate themselves as html IMG tags, using an absolute
url and correct height and width tags if possible.
- There is a new form input type, boolean, for inputing boolean
data.
- Added a read_only option to the SimpleDB.MultipleRevision and
PickleDictionary constructors to open a database in read_only
mode.
- Added an environment variable, ZOPE_READ_ONLY, used by the
Zope framework. If this variable is set, then the database
is opened in read only mode. If this variable is set to a
string parsable by DateTime.DateTime, then the database is
opened read-only as of the time given. Note that changes
made by another process after the database has been opened
are not visible.
- Added a database_quota option to the SimpleDB.MultipleRevision and
PickleDictionary constructors and a
SimpleDB.MultipleRevision.set_quota method to set a database
quota. The quota is given as either an integer number of
bytes, or a function taking an integer number of bytes
argument and returning whether the quota has been exceeded.
- Added an environment variable, ZOPE_DATABASE_QUOTA, used by the
Zope framework. If this variable is set, it should be set to
an integer number of bytes. Additions to the database are
not allowed if the database size exceeds the quota.
- Added size and last modification time to DTML Method and DTML
Document edit interface.
- Added a new module, BoboPOS.winlock, that provides file
locking on windows. This should prevent many cases of data
corruption.
- Added FTP support to Documents, Files, Images, and Folders.
FTP interface is detailed in OFS/FTPInterface.py though it may
change. Basic FTP support was also added to SimpleItem to make
it easier for Zope objects to support FTP.
Bugs Fixed
- Permissions for manage_clone method were wrong, meaning that
essentially only managers could use it.
- File paths that showed up in tracebacks reflected the paths the
files had when they were compiled (at distribution build-time).
The compiled-in paths have been changed to be relative to the
Zope installation directory.
- Fixed a bug in ZPublisher's special handling the "cancel"
submit buttons. The test for the cancel button was case
sensitive. I changed it so it would accept any case, as
well as extra spaces.
Cancel buttons should probably be handled using the new
:method form type, but this would require the presense of an
appropriate redirect method. Perhaps there should be
a :redirect form type.
- Date strings with years < 31 were not accepted, even
through the documentation says they should be.
- If Zope crashed or was unable to completely write a database
record, then on restart, a data corruption error was reported.
Now, truncated records are removed if necessary on start up.
If necessary, other records are removed as well to avoid
partially-written transactions.
- Lack of sys.argv in the win32 service version of Zope caused
it to raise errors under certain conditions.
- Several HTTP PUT related bugs were fixed.
- Simple items did not have an objectValues method, which caused
odd behavior in certain tree tags since the method would be
acquired from the parent of the simple item.
- The Find form in the management interface depended on javascript
to function properly.
- Added a fix to compensate for the fact that Apache servers may
rename the entire cgi environment when mod_rewrite rules are
used in .htaccess files.
- If system clocks were changed, so that database records
had records in the "future", then database corruption could
either occur or be incorrectly reported. Now this situation
results in an informative error message and corruption does
not occur.
Zope 1.9.0
New Features
- Zope now provides better information about products. If a
Product has a README.txt, then it will be readable through
the product management interface.
If a product encounters an error during startup, the
traceback is available through the product management
interface.
- Cache statistics are displayed in minutes, rather than
seconds.
- Products can define the attribute '__module_aliases__' in
their '__init__' modules that specifies aliases for modules
used in the product. This is useful if module names have
changed and the database contains pickles refering to the
old modules. The attribute should be a sequence of
tuples. Each tuple has a (dotted) module name and a module.
Bugs Fixed
- Development on ZopeHTTPServer has been frozen in anticipation
of the switch to Medusa. Therefor ZopeHTTPServer still does
support PUT. Sorry.
- ZPublisher.Client used the obsolete rand module.
- Errors occuring during product import caused Zope to fail to come
up.
- Product version information was not displayed correctly.
- ZGadflyDA cached table meta-data which lead to missleading
information when browsing databases.
Zope 1.9 beta 3
New Features
- Z SQL Methods (FKA Aqueduct) and the Z Gadfly Database Adapter
are now included.
- The argument handling for ZopeHTTPServer has been changed to
be a bit more flexible wrt the order of argumements.
While options must still come first, environment settings
can be given in any order. This makes startup scripts loke
serve.py quite a bit simpler.
- ZopeHTTPServer now sports preliminary support for PUT publishing.
- ZopeHTTPServer now serves from port 9673 by default, not 8080.
Bugs fixed
- The start.bat file used to start ZopeHTTPServer on win32 was
misnamed and didn't correctly pass command-line arguments.
- Win32 machines without an existing Python installation had problems
due to PYTHONPATH bootstrapping.
- The included ZopeHTTPServer was failing to start correctly on
win32 machines that were not connected to the network.
Zope 1.9 beta 2
In addition to various documentation updates, this release includes:
New Features
- Changed serve.py to accept ZopeHTTPServer command-line options.
- Added a -P option to the ZopeHTTPServer to specify a file
to contain the process ID. This allows a script to stop
the process on Unix.
- Added support for the environment variables, Z_REALM and
Z_DEBUG_MODE to set an authentication realm and to
enable debug mode.
Bugs fixed
- External methods were broken due to differences in
Python 1.4 and Python 1.5 comparison semantics.
- ZopeHTTPServer command-line environment settings
were not available in os.environ.
- Some class references were wrong in examples in the ExtensionClass
documentation.
- INSTANCE_HOME was not set correctly when the debugger was run
with a relative path to the published module.
- The #! line in the ZopeHTTPServer was hidden by the copyright
statement and didn't have the right path.
- A bug in pcgi_publisher.py caused file uploads larger than 1 MB
to fail.
Zope 1.9 beta 1
Bugs fixed:
- pcgi did not build correctly on Solaris 2.6
- links in headers were broken when Zope was reached with
/, as is the case when the ZopeHTTPServer is used.
- Python sources used tabs and spaces for indentation, which
made some people unhappy.
- Copyright statements were missing or out of date.
- Added better instructions for building and running Zope.
- Added new Zope License and attribution information.
- Merged BoboHTTPServer updates with ZopeHTTPServer. Including
socket changes to allow easier stopping and starting.
- Shutting down the ZopeHTTPServer from the application
caused an empty document to be returned.
- The install scripts failed if run more than once when attempting
to create a var directory.
Features
- Added (and old version of) the zlib module to make
installation simpler.
- Zope requires an access file. The install scripts now create
one.
Zope 1.9 alpha 1
This was the inital Zope test release.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment