Zope 2.9.10 (2008/10/24)
Bugs fixed
* Ensure that response header values cannot embed CRLF pairs,
which violate the HTTP spec (RFC 2616).
* Launchpad #282677: fixed implementation of guarded_map and
provided tests and implementation for guarded_zip
(RestrictedPython).
* AccessControl.ZopeGuards.guarded_import mapped some Unauthorized
exceptions onto ImportErrors: don't do that! Also, removed
mutable defaults from argument list, improved tests.
* LP #281156: AccessControl.SecurityInfo.secureModule dropped
ModuleSecurity for failed imports, obscuring later attempts to
import the same broken module.
* LP #142667: Updated to ZODB-3.6.4 to fix problem with product
auto-refresh.
* Launchpad #267545: DateTime(DateTime()) now preserves the
correct hour
* Launchpad #245649: the Products package is now a proper
"namespace package" under the rules specified by setuptools.
* Launchpad #239636: Ensure that HEAD requests lock an empty body
for NotFound errors.
* Launchpad #234209: De-tabify ZPublisher/HTTPRequest.py
* integrated Hotfix-2008-08-12
Zope 2.9.9 (2008/05/10)
Bugs fixed
Launchpad #142350: Display description for properties as row title, if present.
Launchpad #200007: DateTime(anotherDateTime) now preserves the timezone.
Launchpad #143813: zopectl now exits non-zero when child processes fail.
Launchpad #143748: remove broken use of logging module in Products.Five.fiveconfigure.handleBrokenProduct. Fixed by upgrading to Products.Five 1.3.11.
Launchpad #147201: treat container-class in zope.conf as a string, making it possible to use types from extra products directories.
Collector #2287: form :record objects did not implement enough of the mapping protocol.
Collector #2346: username logging in FCGI crashed the server
Collector #2332: SessionDataManger: don't swallow ConflictErrors
Collector #146408: fixed broken logger call in Transience.py
there, not in post-patch.
There's no need to use xargs -0: Solaris doesn't know that option, POSIX
doesn't require it, and all the filenames are sane anyway.
- Remove -quiet option from CONFIGURE_ARGS. This cause verbose output
but it prevent detect errors.
- use INSTALLATION_DIRS.
- Use ../zope/Makefile.common. and common files from ../zope/files.
- Don't install unused runzope.bat.in template file.
- take maintainership.
Bump PKGREVISION.
Zope 2.9.8 (2007/07/05)
Bugs fixed
- updated to ZODB 3.6.3
- updated to Zope 3.2.3 codebase
- Collector #1306: Missing acquisition context on local roles screen.
- The REQUEST no longer accepts holds after it has been closed.
- Collector #2153: Supporting unquoted cookies with spaces.
- Collector #2295: Comments in PythonScripts could lead to syntax
errors
- Collector #2307: ObjectCopiedEvent not dispatched to sublocations.
- Fixed ZClass test breakage due to non-pickleability of
'zope.interface.Implements'
N.B.: updated 'zope.interface' package to Zope 3.2 branch;
should be pinned to a tag or a release before releasing
2.9.8).
- Collector #2260: fixed a bug in Examples.zexp
- Collector #2321: Skip trusted proxies when extracting the client IP
address from the request.
- Collector #2318: Allow override of zopectl's control socket in
zope.conf
- Collector #2316: correctly unpack DateTimeIndex dates when browsing the
index.
- Collector #1866: a 304 HTTP status should not have a content length.
- Collector #2300: delimit *all* HTTP Response headers with CRLF.
Zope 2.9.7 (2007/03/25)
Bugs fixed
- Protected various security mutators with a new postonly decorator.
The decorator limits method publishing to POST requests only, and
is a backport from Zope 2.11's requestmethod decorator factory.
- Collector #2298: webdav.Resource.COPY and webdav.Resource.MOVE did
not send the expected copy/move events.
- Collector #2296: Fixed import of ZClass products, broken by removal
of BBB support for pasting objects whose meta_type info was
permission-free.
- Collector #2294: Protected DOS-able ControlPanel methods with the
same 'requestmethod' wrapper.
- Collector #2294: Protected various security mutators with a new
'postonly' decorator. The decorator limits method publishing to
POST requests only, and is a backport from Zope 2.11's requestmethod
decorator factory.
- Collector #2288: @ and + should not be quoted when forming
request URLs in BaseRequest and HTTPRequest
- Undeprectated 'zLOG' package, which is going to remain a
backward-compatibility shim for the Python logger.
- Collector #2263: 'field2ulines' did not convert empty string
correctly.
- Reverted backward-incompatible fix for Collector #2191.
- added Python 2.4.4 as optimal Python version to 'configure'
Zope 2.9.6 (2006-11-22)
Bugs fixed
- Collector #2191: extended DateTime parser for better support
to the ISO8601 specification.
- Reworking of _cached_result in Shared.DC.ZRDB.DA.DA:
- fixed KeyError reported in Collector #2212
- fixed two memory leaks that occurred under high load
- fixed broken cache keys for people using the obscure
Shared.DC.ZRDB.DA.DA.connection_hook
- fixed incorrect cache ordering resulting in newer results
being dumped when the cache became too large.
- Collector #2237: 'make' doesn't tell you to run 'make inplace'
before running 'make instance'.
- Collector #2235: A number of ZCatalog methods were doing boolean
evaluation of objects that implemented __len__ instead of checking
them against None. Replaced a number of "if not obj" with
"if obj is None".
- Collector #2218: fixed wrong logger argument in OFS/Cache.py
- Collector #2205: fixed wrong logger argument in ZRDB/Connection.py
- Collector #2208: rewriting/setting the 'charset' part of the
content-type HTTP header will be done only for 'text/*'
- Collector #2206: Set PYTHONPATH to include existing PYTHONPATH
in skel/bin/zopectl.in and skel/bin/runzope.in
Zope 2.9.5 (2006/10/03)
Bugs fixed
- Call setDefaultSkin on new requests created as the result of
ConflictError retries.
- Collector #2189: Fix logging of errors during product refresh.
- Collector #2185: Log username for FCGI requests.
- Collector #2152: Fixed MailHost documentation; simple_send does not
process or validate its arguments in any way.
- Collector #2175: ZTUtils.make_hidden_input did not escape double-quotes.
- Collector #1907: Moved 'alt' property from File to Image.
- Collector #1983: Specifying session-resolution-seconds >= 1200 caused
Zope startup to fail.
- Collector #2169: webdav.Resource.COPY did not send ObjectClonedEvent.
- Updated Five to bugfix release 1.3.7.
- Collector #2157: Expose name of broken class in SystemError raised
from '__getstate__' of a broken instance.
- Usage of 'urljoin' in 'webdav.davcmds' could lead to wrongly
constructed urls.
- Collector #2155: Fix wrong parameter being passed to
logger's error() method, with tests.
- Collector #2178: Fix ZopeTestCase doctest support for layers
- included Zope 3.2.2
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
