Zope Changes
This file contains change information for the current Zope release.
Change information for previous versions of Zope can be found in the
file HISTORY.txt.
To-do
- Renable C permission roles by implementing recent Python
changes in C, brining the Python and C implementations back in
sync. See lib/python/AccessControl/PermissionRole.py.
- Add cyclic-garbage collection support to C extension classes,
especially to acquisition wrappers.
- Renable C Zope security policy by implementing recent Python
changes in C, bringing the Python and C implementations back in
sync. See lib/python/AccessControl/ZopeSecurityPolicy.py.
- Change acquisition wrappers to implement the descr get slot
directly, thus speeding the use of the slot.
after Zope 2.8b1
Features added
- Included BTreeFolder2
Bugs fixed
- Collector #1233: ported ZOPE_CONFIG patch from Zope 2.7 to Zope 2.8
Zope 2.8b1 (2005/04/24)
Features added
- Added lazy: TAL expression and fixed defer: expression for python
expression
- ZCatalog.CatalogBrains: An _unrestrictedGetObject method has
been added.
- ZODB transactions now support savepoints. See
transaction/savepoint.txt. These will replace
subtransactions.
Bugs fixed
- Collector #1754: Fixed import of 'transaction' in
'zopectl adduser' (which wasy dying with a NameError).
- Collector #1750: StructuredText: fixed handling of image URLs
with query string
- Collector #1748: Fixed SIGSEGV in Acquisition
- Hotfix_20050405: classes defined in untrusted code could shadow
the roles of methods defined as protected by their bases.
- Collector #1656: Fixed enumeration within untrusted code
(forward-port from 2.7 branch).
- Collector #1721: Fixed handling of an empty indexed_attrs parameter
Zope 2.8a2 (2005/04/02)
Features added
- ZCatalog.CatalogBrains: 'getObject' now raises errors, rather than
returning None, in cases where the path points either to a nonexistent
object (in which case it raises NotFound) or to one which the user
cannot access (raising Unauthorized). Sites which rely on the old
behavior can restore setting a new zope.conf option,
'catalog-getObject-raises', to "off".
This compatibility option will be removed in Zope 2.10.
- PluginIndexes: the ZCatalog's "Indexes" tab now show the number of
distinct values indexed by each index instead of a mixture of indexed
objects versus number of distinct values. Indexes derived from UnIndex
show both values within their own ZMI screen. In addition most indexes
have now a "Browse" tab to browse through the list of indexed
values and their occurrences.
- FTPServer: a RNFR (rename from) request is now being responded
with a 550 error code if the source file does not exist
- Fixed ObjectManager to not swallow exceptions during object
deletion (in debug mode and if the user is not Manager). This
allows for better debugging, while still keeping the possibility
for a Manager to delete buggy objects.
- Added a ZConfig directive 'large-file-threshold' to control
the request content-size threshold at which a temporary file
gets created. Use the same value for deciding between reading
the whole request in memory or just a chunk inside
webdav.NullResource.PUT().
- RAMCacheManager: Allow invalidation of a cache entry from the
Statistics view in the ZMI
- Collector #1454/OFS.File: Accept content types ending with
"javascript" as editable through the File edit form, just like
text/<foo> types
- Zope X3 3.0.0's 'src/zope' package is included now.
- Five (Zope 3 integration technology for Zope 2) is included
now in Products/Five.
Bugs fixed
- Collector #1460: guarded_apply was too restrictive.
- OFS.Traversable still used a string 'NotFound' exception.
- ZPublisher would fail to recognize a XML-RPC request if the
content-type header included a 'charset' parameter.
- Forward-ported 'aq_acquire'-related fix and associated tests
from Zope 2.7.4.
- Collector #1730: XML page templates couldn't call aq_parent in
path expressions.
- Fixed brain.getObject() to correctly traverse to an object even
if one of its parents is not accessible, to be close to what the
Publisher does.
- Forward ported fix for OFS.CopySupport tests which corrected
signature of a faux security policy's 'validate' method.
- 'setup.py' did not install the 'Zope' compatibility module
(the old 'Zope' package has been renamed to 'Zope2').
- Fixed Shared.DC.ZRDB.Results to behave with the new-style
ExtensionClass. Added a test.
- 'setup.py' did not install the new 'Zope' compatibility module
(the 'Zope' package has been renamedd to 'Zope2').
- Collector #1507: Zope now binds again to all available IP addresses if
ip-address is unset
- Use 'del' instead of 'list.remove()' in
Catalog.delColumn(). There can be only one column with the
same name, and it could potentially break catalog metadata as
remove() may remove more than one element from the list if
they have the same value. Also, we already have the list index
we are interested in deleting so it doesn't make sense to look
up the value and call 'list.remove()' on it.
- Collector #1628: FTP server has been broken (directory
listings did not work)
- Collector #1705: CopySource._postCopy is never called
- Collector #1617: Fixed crash in ZPT code (caused by improper
checks in cAccessControl)
- Collector #1683: fixing batching in the DA "Test" tab
- Collector #1648: Fix bug in Medusa FTP
- Collector #1667: allow 'max-number-of-session-objects 0' to have
the same effect as setting the value via the web interface (i.e.,
make the number of session objects unlimited, rather than falling
back to the default).
- Collector: #1651: removed compiler warning
- Collector #1661: make 'python-check-interval' setting in zope.conf
actually work as documented. This setting allows for important
tuning opportunities for production Zope servers.
- Collector #1657: Don't break host-based virtual hosting when
purging an HTTP accelerator.
- DTML Methods were not interoperable with the new filestream_iterator
and caches based on it (FileCacheManager).
- Collector #1655: fixed severe memory leak in TemporaryStorage
- Collector #1407: fixed XML escaping problem introduced in 2.7.4 b1
- Collector #1151: HTTP compression was broken on error pages
- The REQUEST now contains a new entry ACTUAL_URL which contains the
full URL without query string as it appears within the location bar of
the browser. The key has been added to provide a single key that is
available for vhosted and non-vhosted installations.
- Collector #1605: VHM did not quote URLs
- webdav.Resource: during COPY, manage_afterClone was called way
too early, thus the object wasn't bound to the database and
couldn't find a context. Changed to behave the same way as
CopySupport.
- RAMCacheManager: opimized performance by using cPickle instead
of pickle and by using the highest pickle protocol available
instead of using ASCII pickles (patch by Dieter Maurer)
- Collector #631: Image URLs in StructuredText containing port
numbers were not rendered correctly
- Collector #1498: Don't choke on malformed cookies. Cookies of
the form "foo=bar; hmm; baz=gee" will give an empty value for
'hmm' instead of silently discarding it and the rest of the
string. (Thanks to 'sirilyan' for the patch.)
- bin/zopectl test now uses os.execv, instead os os.system,
so that options with characters that needs shell quoting
doesn't break the command.
- Collector #1219: Make XML export sane again.
- Collector #945: Allow adding empty PythonScript instances
programmatically.
- Updated doc/UNITTEST.txt and lib/python/Testing/README.txt to
reflect progress made since UNITTEST.txt was originally written.
- Removed Version objects from the add menu. Versions are agreed to be a
feature that should not be used as it is not well implemented and
allows for data loss.
- Collector #1510: Allow encoding of application/xhtml+xml pages
according to the charset specified in the Content-Type header
(thanks to Jacek Konieczny for the patch).
- Collector #1599: made sqltest work with unicode strings (thanks
to Peter Sabaini for the patch).
- zopectl: fixed handling of child processes (patch by Dieter Maurer)
- Collector #1593: fixed dumb _get_id() implementation in
OFS.CopySupport that produced copy_of_copy_of....files (thanks
to Alexandre Boeglin for the patch).
- Collector #1450: files in utilities/ZODBTools are now installed
during the installation process in the 'bin' directory
- Collector #1003: added new 'http-header-max-length' directive
to zope.conf to specific the maximum length of a HTTP request
header before it is considered as a possible DoS attack and
discarded.
- Collector #1371: added new 'cgi-maxlen' directive to zope.conf
to limit the amount of form data being processed by Zope
to prevent DoS attacks
- Collector #1407: changed WebDAV display name for objects
to title_or_id()
- the 'trusted-proxy' directive in zope.conf now also accepts
hostnames instead of IP addresses only (patch by Dieter Maurer)
- Fixed test.py to not over-resolve symbolic links. Needed to run
tests when the Products directory and a product are symlinks.
- Collector #1583/ZReST: Fixed handling of the title attribute
for non-ascii characters.
- Collector #1577: Fixed cryptic error message in ZPublisher if a
non-ASCII string is passed to a date, int, long or float property.
- Collector #1576: Fixed Z Search Interface to use proper HTML.
- Collector #1127: strftime did not take timezone into account.
- Collector #1569/DateTime: Added a new ISO8601-method that will
return correctly formatted ISO 8601-representations to augment
the ISO method which isn't compliant with ISO 8601.
- ZPublisher: changed some hardcoded 'latin1' arguments to 'iso-8859-15'
since latin1 is obsolete.
- Collector #1566: Installation of Zope on some older Solaris versions
could fail due to a broken "echo" implementation causing the
creation of a borked version.txt file.
- Collector #934: Image and File objects are now always internally
split into small chunks even when initialized from a string.
- docutils: updated to V 0.3.5. The Zope core now contains a full copy of
the docutils package except some GPLed files which can not be included
with the Zope distribution due to license constraints on svn.zope.org.
- docutils: moved from lib/python/docutils to
lib/python/third_party/docutils
- Collector #1557/OFS.Image: Introducing new 'alt' property. The 'alt'
attribute is no longer taken from the 'title' property but from the new
'alt' property. The border="0" attribute is no longer part of the HTML
output except specified otherwise.
- Set a default value of '' for the new 'alt' property as not to
break existing content.
- Collector #1511: made IPCServer show up in the Control Panel under
"Network Services"
- Collector #1443: Applied patch by Simon Eisenmann that reimplements
the XML parser used in WebDAV fixing a memory leak.
- Always unescape element contents on webdav.xmltools
- Use saxutils to escape/unescape values for/from
PROPFIND/PROPPATCH.
- Make OFS.PropertySheet use the escaping function from
webdav.xmltools.
- Escape/unescape " and '
- Don't escape properties stored as XML (ie: having a
__xml_attrs__ metadata set by PROPPATCH) when building a
PROPFIND response.
- If a PROPPATCH element value contains only a CDATA section,
store the CDATA contents only.
- Catch AttributeErrors and KeyErrors raised from
__bobo_traverse__ and convert them to NotFound. In debug mode
a more verbose error message is issued, the same way it's done
on attribute/item traversal.
- Collector #1523: replace the text field for importing .zexp/.xml
files with a selection list
- Stitch newly-created object into it's container *before*
calling it's PUT() method. This fixes an issue with
OFS.File/OFS.Image that would result into reading the whole
file in memory and wrapping it into a *single* Pdata object.
- Import ZServer.CONNECTION_LIMIT variable *inside* the method
that uses it. Before this, the variable was imported at the
module level, thus binding it too early which would cause the
ZConfig handler to have no real effect.
Zope 2.8a1 (2004/10/17)
Features added
- Included Stefan Holek's ZopeTestCase 0.9
- The SiteErrorLog allows you to acknowledge (or delete) exceptions,
so you can reduce or clear the list without restarting your
Zope server. Additionally the SiteErrorLog is covered by unit tests
now.
- Unit tests added for the SiteErrorLog.
- UI improvement for the ZCatalog. The "catalog contents" allow
you to filter the cataloged objects by path now.
- Made test.py follow symbolic links on POSIX systems.
- added utilities/reindex_catalog.py to perform ZCatalog maintenance
operations from the command line (through zopectl)
- RESPONSE.setBody and RESPONSE.setStatus now accept lock
parameters in the same way as RESPONSE.redirect. These prevent
further calls to the methods from overwriting the previous value.
This is useful when writing http proxies.
- DateTime: new DateTime instance can be constructed from a given
DateTime instance: d_new = DateTime(d_old)
- The DateTime parser now throws a SyntaxError upon any parsing errors.
- ZCatalog: added a new configuration option in the "Advanced" tab
to provide optional logging of the progress of long running
reindexing or recataloging operations.
- made Zope.configure return the starter instance to enable other
methods to be called, such as starter.setupConfiguredLoggers()
- Improved Unicode handling in Page Templates. Template contents
and title will now be saved as a Unicode string if
the management_page_charset variable can be acquired and is true.
The character set of an uploaded file can now be specified.
- zopectl now accepts the -m argument to set a umask for files created
by the managed process (e.g. -m 002 or --umask 002).
- AccessControl/permission_settings() now has a new optional parameter
'permission' to retrieve the permission settings for a particular
permission.
- The obsolete 'SearchIndex' package has been removed
- Traversal now supports a "post traversal hook" that get's run
after traversal finished and the security context is established.
- Using "_usage" parameters in a ZCatalog query is deprecated and
logged as DeprecationWarning.
- MailHost now has two additional properties, a user id and a
password. These are used to attempt ESMTP authentication
before sending a mail.
- Folder listings in FTP now include "." as well as "..".
- When a VHM is activated, it adds the mapping
'VIRTUAL_URL_PARTS': (SERVER_URL, BASEPATH1, virtual_url_path)
to the request's 'other' dictionary. If BASEPATH1 is empty, it
is omitted from the tuple. The joined parts are also added
under the key 'VIRTUAL_URL'. Since the parts are evaluated
before traversal continues, they will not reflect modifications
to the path during traversal or by the addition of a default
method such as 'index_html'.
- Extension Classes, a key Zope foundation, have been totally
rewritten based on Python new-style classes.
This change provides a number of advantages:
o Use of new-style class features (e.g. slots, descriptors,
etc.) in Zope objects. Support for object protocols (special
__ methods) added since Python 1.4.
o Support for cyclic garbage collection.
o Ability to use new-style classes as base classes of Zope objects.
o Pave the way for sharing code between Zope 2 and Zope 3.
Note -- Extension classes with __of__ methods are made into
Python read descriptors.
If an extension classes is used to implement a descriptor,
indirectly by implementing __of__ or directly by implementing
__get__, the behavior of the descriptor will differ from
ordinary descriptors in an important way. The descriptors
__get__ method will be called *even if* the descriptor is
stored on an instance of an extension class. Normally
descritor __get__ methods are called only of the descriptor
is stored in a class.
- ZODB 3.3
This is the first version of ZODB that does not require
ExtensionClass.
- Add 'parity' method to ZTUtils Iterators.
- Allow untrusted code to mutate ZPublisher record objects.
- Added a "mime-types" configuration value which names a file
giving additional MIME type to filename extension mappings.
The "mime-types" setting may be given more than once in the
configuration file; the files have the same format at the
mime.types file distributed with Apache.
- Changed the ZEO server and control process to work with a
single configuration file; this is now the default way to
configure these processes. (It's still possible to use
separate configuration files.) The ZEO configuration file can
now include a "runner" section used by the control process and
ignored by the ZEO server process itself. If present, the
control process can use the same configuration file.
- ZConfig was updated to version 2.0. The new version includes
two new ways to perform schema extension; of particular
interest in Zope is the ability for a configuration file to
"import" new schema components to allow 3rd-party components
(such as storages, databases, or logging handlers) to be used.
- The testrunner.py script has been replaced with test.py which
is now installed into the 'bin' folder.
Bugs fixed
- Removed Python 2.3.3 as valid option. ZODB 3.3 requires Python
2.3.4 or later.
- Collector #1332: Added in-place migration of the Catalog.__len__
attribute to avoid new-style class caching problems. Instances of
ZCatalog or instances of classes with ZCatalog as base class will be
migrated automatically. Instances of Catalog or classes with Catalog
as base class must be migrated manually by calling the migrate__len__()
method on the every instance. In addition old BTree migration code
(for pre-Zope 2.5 instances) has been removed. If you want to migrate
from such an old version to Zope 2.8, you need to clear and reindex
your ZCatalog).
- Collector #1595: same as in Collector #1132 for indexes derived from
UnIndex. Exisiting ZCatalog instances must be converted manually
by calling the "manage_convertIndexes" method through-the-web for
every single ZCatalog instance. See also doc/FAQ.txt (Installation,
question #4)
- Collector #1457: ZCTextIndex's QueryError and ParseError
are now available for import from untrusted code.
- Collector #1473: zpasswd.py can now accept --username
without --password
- Collector #1491: talgettext.py did not create a proper header
for the generated .pot file if multiple pagetemplate files
were processed.
- Collector #1477: TaintedString.strip() now implements the
same signature as str.strip()
- TAL: tal:on-error does not trap ConflictError anymore.
- OFS.CopySupport: Enforced "Delete objects" permission during
move (CMF Collector #259).
- Removed DWIM'y attempt to filter acquired-but-not-aceessible
results from 'guarded_getattr'.
- Collector #1267: applied patch to fix segmentation faults on
x86_64 systems
- ZReST: the charset used in the rendered HTML was not set to the
corresponding output_encoding property of the ZReST instance. In addition
changing the encodings through the Properties tab did not re-render
the HTML.
- Collector #1234: an exception triple passed to LOG() was not
propagated properly to the logging module of Python
- Collector #1441: Removed headers introduced to make Microsoft
webfolders and office apps happy, since they make a lot of
standards-compliant things unhappy AND they trick MS Office
into trying to edit office files stored in Zope via WebDAV even
when the user isn't allowed to edit them and is only trying to
download them.
- Collector #1445: Fixed bad interaction between -p and -v(v)
options to test.py that resulted in exceptions being printed
when they shouldn't have been.
- Collector #729: manage_main doesn't display the correct page title
most of the time. It is not completely fixed but using title_or_id
makes folders display the correct id as a fallback.
- Collector #1370: Fixed html generated by Z Search interface.
- Collector #1295: Fixed minor niglet with the Elvis tutorial.
- added "version.txt" to setup.py to avoid untrue "unreleased version"
messages within the control panel
- Collector #1436: applied patch to fix a memory leak in
cAccessControl.
- Collector #1431: fixed NetBSD support in initgroups.c
- Collector #1406: fixed segmentation fault by acquisition
- Collector #1392: ExternalMethod ignored management_page_charset
- unrestrictedTraverse() refactored to remove hasattr calls (which mask
conflict errors) and for greater readability and maintainability.
- Zope can now be embedded in C/C++ without exceptions being raised
in zdoptions.
- Collector #1213: Fixed wrong labels of cache parameters
- Collector #1265: Fixed handling of orphans in ZTUtil.Batch
- Collector #1293: missing 'address' parameters within one of the server
sections raise an exception.
- Collector #1345: AcceleratedHTTPCacheManager now sends the
Last-Modified header.
- Collector #1126: ZPublisher.Converters.field2lines now using
splitlines() instead of split('\n').
- Collector #1322: fixed HTML quoting problem with ZSQL methods
in DA.py
- Collector #1124: The ZReST product now uses the same reST encoding
parameters from zope.conf as the low-level reStructuredText
implementation.
- Collector #1259: removed the "uninstall" target from the Makefile
since the uninstall routine could also remove non-Zope files. Because
this was to dangerous it has been removed completely.
- Collector #1299: Fixed bug in sequence.sort()
- Collector #1159: Added test for __MACH__ to initgroups.c so the
initgroups method becomes available on Mac OS X.
- Collector #1004: text,token properties were missing in
PropertyManager management page.
- Display index name on error message when index can't be used as
'sort_on'.
- PUT would fail if the created object had a __len__ = 0 (eg:
BTreeFolder2) and fallback to _default_put_factory. Fix by
checking if the returned object is None instead.
- Collector #1160: HTTPResponse.expireCookie() potentially didn't
when an 'expires' keyword argument was passed.
- Collector #1289: Allow ZSQL methods to be edited via WebDAV.
- WebDAV property values were not being properly escaped on
'propstat'.
- WebDAV 'supportedlock' was not checking if the object did
implement the WriteLockInterface before returning it's
value.
- reStructuredText ignored the encoding settings in zope.conf
- ObjectManager no longer raises string exceptions
- Collector #1260: Testing/__init__.py no longer changes the
INSTANCE_HOME.
- App.config.setConfiguration() did not update the legacy source
for debug_mode, Globals.DevelopmentMode.
- Script (Python) objects now have a _filepath attribute, also
used as the '__file__' global at runtime. This prevents an
import problem caused by the fix to #1074.
- Minor usability tweaks:
* Increased FindSupport meta type selection widgets
height to 8 lines
- The DateTime module did not recognize the settings for
"datetime-format".
- Stop testrunner.py from recursing into the 'build-base' directory
created by setup.py.
- Collector #1074: Change Scripts' __name__ to None
- Range searches with KeywordIndexes did not work with record-style
query parameters
- Item_w__name__ now has a working getId() method
- PageTemplateFile now using Item_w__name__ mixin, fixing
its getId() and absolute_url() methods.
- Only one VirtualHostMonster is allowed per container.
- Collector #1133: TreeTag choked on Ids of type long.
- Collector #1012: A carefully crafted compressed tree state
could violate size limit. Limit is no longer hardcoded.
- Collector #1139: tal:attributes didn't escape double quotes.
- Management interface of TopicIndexes has been completely broken
- Collector #1129: Improper parsing of ISO8601 in DateTime.
- Removed pervasive use of string exceptions (some may still be
hiding in the woodwork, but all raise's with string literals are
gone).
- AccessControl.User used a misleading string exeception,
'NotImplemented', which shadowed the Python builtin.
- Collector #426: Inconsistent, undocumented error() method.
- Collector #799: Eliminate improper uses of SCRIPT_NAME.
- Collector #445: Add internal global declaration for Script bindings.
- Collector #616: Make CONTEXTS available to TALES Python expressions.
- Collector #1074: Give Script execution context a __name__
- Collector #1095: Allow TAL paths starting with '/varname' as a
preferred spelling for 'CONTEXTS/varname'.
- Collector #391: Cut and paste now requires delete permissions.
- Collector #331: Referenses to URL in manage_tabs was changed
to REQUEST.URL to prevent accidental overriding.
- Made the control panel properly reflect the cache-size setting
of ZODB's object cache once again.
- ConflictError was swallowed in ObjectManager by
manage_beforeDelete and _delObject. This could break code
expecting to do cleanups before deletion.
- Python 2.3 BooleanType wasn't handled properly by ZTUtils
marshalling and ZPublisher's converters.
- Collector #1065: bin/ scripts didn't export HOME envars.
- Collector #572: WebDAV GET protected by 'FTP Access' permission.
Two new methods have been added to WebDAV resources, "manage_DAVget"
and "listDAVObjects". These are now used by WebDAV instead of the
earlier "manage_FTPget" and "objectValues". This separates the
permissions, and allows WebDAV specific overriding of these methods.
- Collector #904: Platform specific signals in zdaemon/Daemon.py
(fixed by removing the "fossil" module from 2.7 branch and head).
- Workaround for Collector #1081: The 'title' property for objects
derived from OFS.Folder or PropertyManager can now be
removed and replaced with a ustring property. This allows the usage
of non-ISO-8859-1 or ASCII charsets
- Collector #951: DateTime(None) is now equal to DateTime()
- Collector #1056: aq_acquire() ignored the default argument
- Collector #1087: ZPT: "repeat/item/length" did not work as documented
in the Zope Book.
- Collector #721: Entities in tal:attribute values weren't
properly escaped.
- Collector #851: Traversable.py: A bare try..except shadowed
conflict errors
- Collector #1058: Several fixes for PropertySheets when used
outside ZClasses
- Collector #1053: parseIndexRequest turned empty sequence of search
terms into unrestricted search.
- manage_tabs had a namespace problem with the acquisition of names from
the manage_options variable resulting to acquire "target" and "action"
from objects above in the hierachy.
- PathIndex and TopicIndex are now using a counter for the number
of indexed objects instead of using a very expensive calculation
based on the keys of their indexes.
- Collector #1039: Whitespace problem in Z2.log fixed
- changed some bare try: except:'s in Shared.DC.ZRDB.Connection
so that they now log exceptions that occur.
- ObjectManager will now attempt to set Owner local role keyed
to the user's id, rather than username.