CHANGES.txt
Zope Changes
This file contains change information for the current Zope release. Change information for previous versions of Zope can be found in the file HISTORY.txt.
Zope 2.6.4 rc 2
Bugs Fixed
- One of the 2.6.3 fixes added a previously missing security check
when binding
context
andcontainer
to Python Scripts. Because many existing scripts appear in containers that users cannot access, this caused a lot of unauthorized errors in existing (mostly CMF) sites, sincecontainer
is bound by default. The fix has been adjusted so that an unauthorized is only raised if the bound name is actually used in a script, making backward compatibility much better. - Collector #1154 / # 615: interaction with sessions could cause the security context to be discarded, potentially breaking scripts that depend on proxy roles.
- Collector #1203: ZTUtils.make_query broken under Python 2.3 due to missing handling of boolean types.
- A pre-existing bug that could cause subtly different results when calling the C vs. Python version of validate() through the authorize() method of a UserFolder was found and fixed.
- An inadvertant change to the behavior of Owned.getOwner was reverted.
Zope 2.6.4 rc 1
Bugs Fixed
- Collector #1182: Functions for handling decisions about unprotected subobjects were not passed "names" when doing unnamed (item) access. In 2.6.3 we changed access checks when doing item access to pass None rather than the key value when validating access. This broke some existing applications. We have reverted these changes.
- Collector #1074: Change Scripts' __name__ to None, added unit tests for the effect of __name__ on class definitions and imports.
- Collector #1186: some globals required to support certain operations in restricted code (e.g., list comprehensions in DTML expressions) were not propagated to all the right places.
- Fixed a serious bug in the new FileStorage pack implementation. If pack was called on the storage and passed a time earlier than a previous pack time, data could be lost. In other words, if there are any two pack calls, where the time argument passed to the second call was earlier than the first call, data loss could occur. The bug was fixed by causing the second call to raise a StorageError before performing any work.
- A bug in xml-rpc publishing that caused xml-rpc access to break has been fixed.
- A bug in PropertySheet objects could prevent property values from being updated.
- Some refcount problems in cAccessControl have been fixed.
- Toby Dickensons management_page_charset hack has been tweaked to allow management_page_charset to be a callable object.
- Some standard builtins were inadvertantly dropped from the DTML namespace in the refactoring during the security audit - these have been fixed.
- Collector #1177, #1190: fixed an overflow in mtime header generation in tar.py that caused product distribution creation to fail.
Zope 2.6.3 final
Bugs Fixed
- Browsers that do not escape html in query strings such as Internet Explorer 5.5 could potentially send a script tag in a query string to the ZSearch interface for cross-site scripting.
- FilteredSets (used within TopicIndex) are defined via an expression, which was naievely eval'ed.
- The ZTUtils SimpleTree decompressed tree state data from the request without checking for final size, which could allow for certain types of DoS attacks.
- Inadequate security assertions on administrative "find" methods could potentially be abused.
- Some improper security assertions on DTMLDocument objects could potentially allow access to members that should be protected.
- Class security was not properly intialized for PythonScripts, potentially allowing access to variables that should be protected. It turned out that most of the security assertions were in fact activated as a side effect of other code, but this fix is still appropriate to ensure that all security declarations are properly applied.
- The dtml-tree tag used an "eval" of user-supplied data; its efforts to prevent abuse were ineffective.
- XML-RPC marshalling of class instances used the instance __dict__ to marshal the object, and could include attributes prefixed with an underscore name. These attributes are considered private in Zope and should generally not be disclosed.
- Some property types were stored in a mutable data type (list) which could potentially allow untrusted code to effect changes on those properties without going through appropriate security checks in particular scenarios.
- Inadequate type checking could allow unicode values passed to RESPONSE.write() to be passed into deeper layers of asyncore, where an exception would eventually be generated at a level that would cause the Zserver main loop to terminate.
- The variables bound to page templates and Python scripts such as "context" and "container" were not checked adequately, allowing a script to potentially access those objects without ensuring the necessary permissions on the part of the executing user.
- Iteration over sequences could in some cases fail to check access to an object obtained from the sequence. Subsequent checks (such as for attributes access) of such an object would still be performed, but it should not have been possible to obtain the object in the first place.
- List and dictionary instance methods such as the get method of dictionary objects were not security aware and could return an object without checking access to that object. Subsequent checks (such as for attributes access) of such an object would still be performed, but it should not have been possible to obtain the object in the first place.
- Use of 'import as. in Python scripts could potentially rebind names in ways that could be used to avoid appropriate security checks.
- A number of newer built-ins (min, max, enumerate, iter, sum) were either unavailable in untrusted code or did not perform adequate security checking.
- Unpacking via function calls, variable assignment, exception variables and other contexts did not perform adequate security checks, potentially allowing access to objects that should have been protected.
- DTMLMethods with proxy rights could incorrectly transfer those rights via acquisition when traversing to a parent object.
- Backport Python 2.3 test fix to lib/python/Products/PluginIndexes/DateIndex: deal with the fact that in Python 2.3, int can return a long instead of throwing OverflowError.
- Backport Python 2.3 test fix to lib/python/Products/PageTemplates/tests: fix spurious error in PageTemplates; no longer rely on the str() of exception objects since the value of their str() is not part of their API, and can vary between Python releases.
- The compilezpy.py no longer dies when a file it tries to compile has errors.
- AccessControl.User used a misleading string exeception,
NotImplemented
, which shadowed the Python builtin. - Fixed startup code which masked some exceptions as "AttributeError: __error_log__".
- Backported
cleanup
method / function to ZODB/FileStorage.py. - Backported fix for Collector #387: "Changing base classes of ZClasses"
- Backported fix for Collector #1005: "dav__allprop and dav__propstat in PropertySheets.py"
- Reordered #includes in AccessControl/cAccessControl.c to silence warnings (due to including Python.h too late).
- Backported fix for collector #761 / 338:
"
AccessControl.ClassSecurityInfo.declareProtected(perm)
behaves like 'AccessControl.ClassSecurityInfo.declareObjectProtected(perm)'" (tended to remove access in very confusing ways). - Backported a fix to ExtensionClass.subclass_compare(): As reported by Neil Schemenauer, instances of an ExtensionClass type that get into this code can raise RuntimeWarning under Python 2.3, because the comparison result may be outside the set {-1, 0, 1}. Worse, on a box where sizeof(ptrdiff_t) > sizeof(int) (all 64-bit platforms), comparison results across a set of objects could be inconsistent because the implicit cast of pointer subtraction to int loses the information-carrying sign bit.
- ConflictError was swallowed in ObjectManager by manage_beforeDelete and _delObject. This could break code expecting to do cleanups before deletion.
- Collector #1079: Fixed BaseRequest's traversal loop to avoid some infinite loop scenarios.
- Revert feature introduced in Zope 2.6.2 b3 of never updaing metadata if index is specified in catalog_object. This broke several applications. Instead, we provide the catalog_object method (and the Catalog.py's catalogObject method) with an update_metadata keyword argument. If the update_metadata keyword argument is set false (the default is true), metadata is not updated.
- Collector #851: Traversable.py: A bare try..except shadowed conflict errors
- Collector #1058: Several fixes for PropertySheets when used outside ZClasses (includes minor UI changes for DTMLMethod and DTMLDocument edit forms).
- Collector #1053: parseIndexRequest turned empty sequence of search terms into unrestricted search.
- changed some bare try: except:'s in Shared.DC.ZRDB.Connection so that they now log exceptions that occur.
Zope 2.6.2 beta 5
Bugs Fixed
- ZClasses that subclassed ObjectManager that were created in earlier versions of Zope would not load under 2.6, due to the new Interfaces package. Added back a simple stub module and changed a constructor to allow these ZClasses to work.
- Collector #823: XMLRPC exception string marshalling bug fix backported from head
Zope 2.6.2 beta 4
Bugs Fixed
- Collector: #964: standard_error_message refers to looking into the HTML code for more information which is deprecated. Referring to the error log now.
- Collector #959/#514: calling has_permission on a user object did not use the user object instance to check the permission; rather, it used the currently logged in user :(
- Fixed a potential bug in ZTUtils.Tree.decodeExpansion where a potentially empty string was tested for it's first character; used .startswith for safety.
Zope 2.6.2 beta 3
Backward incompatibilities
- We no longer honor local security settings that would allow someone to join or leave versions unless the location of the settings is a folder directly or indirectly containing the user's user folder.
Bugs Fixed
- Collector #893: Mailhost: munge_header has been broken for addresses containing the recipients full name
- Collector #953: fixed namespace collision with form_title in ZMI
- Collector #956: automatically installing Examples at startup could be a security risk. Examples now must be installed explicitly by the user (thanks to Jamie Heilman and day0).
- Collector #954: clear() method of TopicIndex removed all filter sets instead of clearing them.
- Collector #882: Fixed typo in PropertySheets
- Collector #939: Fixed typo in TopicIndexes
- Collector #937: UnicodeError exception available within PythonScripts
- Collector #902: recursive Scripts were broken due to shared globals.
- Product initialization would only consult a file named "version.txt" to read version information. Now it will check version.txt, VERSION.txt and VERSION.TXT.
- Make ZCTextIndex much less prone to generating conflict errors. Previously any concurrent updates would provoke a conflict.
- Fix query performance and scalability bug in ZCTextIndex.
- Collector #928: DateIndex ignored timezones when indexing and querying
- Any write request could be tricked into writing into a version be setting a version cookie or by including a version name in the request. Now we require the user to globally have permission to join or leave versions to run a request in a version.
- Fixed a problem with potentially mis-acquiring
func_code
in publisher BeforeTraverse hook. - Fix for issue 683: Image cache manager headers were not sent when an image request returned a 304 (in response to an if-mod-since request).
- Made all PluginIndexes and ZCTextIndex use
safe_callable
, which is aware of extension classes that filltp_callable
but don't define__call__
. - Made KeywordIndex be more robust about receiving a value that is not a string or an iterable type.
- Fixed incorrect docstring in OFSP/Image help.
- Fixed unhelpful signal description.
Zope 2.6.2 beta 2
Bugs Fixed
- TemporaryStorage (which is used by TemporaryFolder, and thus
the default sessioning configuration) no longer uses a
"LowConflictConnection" database connection. This fixes
a bug in which data structures used for session housekeeping
data could become desynchronized; the symptom for this was
KeyErrors being raised from TransientObjectContainer's
get
method. As a result, many more conflicts will be raised under high session load, but desynchronization will not occur. - Fix potential performance bug in PathIndex.
- Scored result sets from catalog (i.e., from text indexes) can now be merged and sorted together across queries like unscored results.
- Fixed a memory leak in TALES. If an exception propagated from a tal:repeat block, an uncollectable cycle held a reference to everything in the TALES context.
- If you're running in development mode, Zope will now raise an exception if a product cannot be initialized properly instead of silently continuing. This is to prevent a debugging frenzy in which you spelunk through one more more half-initialized modules wondering why the class you wanted isn't part of the module namespace. If not in development mode, the process continues silently.
- Though Python 2.2.2 is not officially supported, a potential issue was found when running under 2.2.2. Some built-in types gained docstrings in the 2.2.2 release, making them publishable where they weren't publishable before. A fix has been added to the publisher to ensure that the types of objects that are publishable do not change between 2.1 and 2.2.
Zope 2.6.2 beta 1
Bugs Fixed
- Fixed bug in Missing.Value object that caused a segfault when it was compared with certainly builtin types, like unicode.
- Refactored interface check in ZCatalog indexes view so it is no longer broken by the new Zope3 interface logic.
- Setting multiple selection properties with nothing selected now stores an empty list instead of an empty string value.
- Database invalidations are processed atomically. Each transaction will see all the changes caused by an earlier transaction or none of them. Before this patch, it was possible for a transaction to see invalid data because it saw only a subset of the invalidations. This is the most likely cause of reported BTrees corruption, where keys were stored in the wrong bucket. When a BTree bucket splits, the bucket and the bucket's parent are both modified. If a transaction sees the invalidation for the bucket but not the parent, the BTree in memory will be internally inconsistent and keys can be put in the wrong bucket. The atomic invalidation fix prevents this problem.
- Trying to store an object of a non-integer type into an
IIBTree or OIBTree could leave the bucket in a variety of
insane states. For example, trying
b[obj] = "I'm a string, not an integer"
where b is an OIBTree. This manifested as a refcount leak in the test suite, but could have been much worse (most likely in real life is that a seemingly arbitrary existing key would "go missing").
When deleting the first child of a BTree node with more than one child, a reference to the second child leaked. This could cause the entire bucket chain to leak (not be collected as garbage despite not being referenced anymore).
Other minor BTree leak scenarios were also fixed.
- Collector #683: WeDAV request without XML preamble were not recognized by Zope and raised an exception.
- Fix small bug related to ZCTextIndex attempting to index the results of a callable. Do not attempt to index None.
- Fixed performance degradation when unindexing objects from ZCTextIndex.
- Improved failure mode of (un)restrictedTraverse to aid debugging.
- Collector #256 encrypted password bug routed to 2.6 branch
- Interface package: isImplementedBy() returned None instead of 0.
- Collector #814: PathIndexes now uses IITreeSet instead of IISet. This should result in less memory usage.
- Collector #816: dtml-sendmail corrupted header if message was left blank.
- Fixed a whitespace problem in Z2.log (AWStats failed to process Zope logfiles)
- It was possible for a transaction that failed in tpc_finish() to lose the traceback that caused the failure. The transaction code was fixed to report the original error as well as any errors that occur while trying to recover from the original error.
- Two small bugs were fixed in DemoStorage. undoLog() did not handle its arguments correctly and pack() could accidentally delete objects created in versions.
- Fixed trivial bug in fsrecover that prevented it from working at all.
- FileStorage will use fsync() on Windows starting with Python 2.2.3.
- FileStorage's commit version was fixed. It used to stop after the first object, leaving all the other objects in the version.
- Collector #892: misleading error msg when initializing an OIBTree from a dict with a float value. The message claimed that the dict's items didn't consist of 2-element tuples, but of course they do. The TypeError now says "expected integer value".
- Backport of ZODB fix for Colletor #875, where packing to a point before an UNDO transaction can lead to objects improperly being left out of the packed database (the UNDO maintained a history pointer to an object that had been deleted by pack).
Zope 2.6.1
Features added
- DateTime objects now have a tzoffset() method that returns the objects timezones offset from GMT in seconds.
- Fixed bug that caused problems for non-latin1 users who are not yet using unicode. plain string properties were always rendered as latin-1. The management_page_charset property is now an officially accepted migration tool. A disadvantage of this change is that it is no longer possible to supply an initial value to unicode properties. This fixes Collector #737, #598, and #623 This change was debated here: http://lists.zope.org/pipermail/zope-dev/2002-December/018261.html
- The Transaction "hosed" feature is disabled in this release. If a transaction fails during the tpc_finish() it is not possible, in general, to know whether the storage is in a consistent state. For example, a ZEO server may commit the data and then fail before sending confirmation of the commit to the client. If multiple storages are involved in a transaction, the problem is exacerbated: One storage may commit the data while another fails to commit. In previous versions of ZODB, the database would set a global variable "hosed" that prevented any other transaction from committing until an administrator could check the status of the various failed storages and ensure that the database is in a consistent state. This approach favors data consistency over availability. The new approach is to log a panic but continue. In practice, availability seems to be more important than consistency. The failure mode is exceedingly rare in either case.
- The BTrees-based fsIndex for FileStorage is enabled. This version of the index is faster to load and store via pickle and uses less memory to store keys. We had intended to enable this feature in an earlier release, but failed to actually do it; thus, it's getting enabled as a bug fix now.
- A value-based consistency checker for BTrees was added. See the module BTrees.check for the checker and other utilities for working with BTrees.
- The ZEO server has an optional timeout feature that will abort a connection that does not commit within a certain amount of time. The timeout works by closing the socket the client is using, causing both client and server to abort the transaction and continue. This is a drastic step, but can be useful to prevent a hung client or other bug from blocking a server indefinitely.
Bugs Fixed
- Collector #721: preserve syntactically valid character entities in attributes.
- I18n interpolation now tries to deal with the case where there is a mix of Unicode and non-ascii string that are incompatible (because the encoding of the latter is unknown) by substituting a representation of the non-ascii string.
- I18n interpolation doesn't fail anymore if a i18n:name is not provided, the ${string} in the translation is just left as is.
- Collector #696: tal:replace of a non-string (a number for example) associated with a i18n:name failed to be interpolated properly.
- If a client was disconnected during a transaction, the tpc_abort() call did not properly reset the internal state about the transaction. The bug caused the next transaction to fail in its tpc_finish().
- The performance of full cache verification has improved dramatically. XXX Get measurements from Jim -- somewhere in 2x-5x recall. The implementation was fixed to use the very-fast getSerial() method on the storage instead of the comparatively slow load().
- Two rare bugs were fixed in BTrees conflict resolution. The most probable symptom of the bug would have been a segfault. The bugs were found via synthetic stress tests rather than bug reports.
- Transience's
_getCurrentBucket
implementation had a bug which could cause more work to be performed than necessary (incorrect computation of "plast" variable). - Role.py's get_valid_userids method (used by the local roles
machinery) mistakenly used the name
acl_users
to locate a user folder instead of the internal__allow_groups__
alias. - Collector #771: ZCatalog failed to index DTML Document if the name of a catalog metadata was identical with the name of an acquired object.
- Collector #740: DateTime now handles positive numerical timezones correcly.
- Collector #763: There was no error when you had a sendmail-tag without specifying a mailhost or smpthost. Also added a missing import.
- Fixed a bug in restrictedTraverse() that sometimes led to an AttributeError instead of prompting the user for credentials.
- Fixed a memory leak in ZODB related to product refresh: when the ZODB cache was reset, ZODB still held unnecessary references to the old cache.
- Collector #730: Exceptions are once more logged with their tracebacks.
- Collector #686: intSets no longer loose their values.
- Collector #685: Improved documentation explaining how, where and 2 why security assertions should be placed in: lib/python/Products/PythonScripts/README.txt lib/python/Products/PythonScripts/module_access_examples.py
- Collector #736: ZPublisher now allows marshalling tags to contain
a
-
. This is the first step towards a fix for Collector #737 - Collector #714: CopySupport's manage_clone now calls manage_afterClone in the same way that manage_pasteObjects does.
- Collector #322: made the error message you get when you try to
use
client
as a ZSQLMethod argument more meaningful. - Collector #479: ZCatalog catalog tab now shows "Unknown" in the type column when it doesn't have a meta_type metadata value for a cataloged object, rather than the type of the catalog itself.
- Fix bug concatenating Lazy result sets. Also made len potentially less expensive for LazyCat objects.
- Collector #697: Multiple selection properties were incorrectly marshalled. note than any non-ascii multiple selection properties modified in versions without this fix will have been corrupted in the zodb. (this fix was subsequently changed with the fix to #737, just before release of 2.6.1 beta 2. Thanks to Maik Jablonski)
- Collector #256: Added a check in _doChangeUser to make sure passwords isn't encrypted twice.
- Collector #700: History tab of Historical objects caused error in storages that did not support history.
- Collector #595: There was insufficient quoting in some dtml files.
- Collector #561: Ensured that all HTTP headers are sent as normal strings and not Unicode (thanks to Lalo Martins).
- Modify the ZRDB TM class to turn off warnings that Zope DAs do not have a sortKey() method.
Zope 2.6.1 beta 1
Bugs Fixed
- VirtualHostMonster handles empty Mapping paths properly.
- Fixed a bug in ZCTextIndex when trying to raise an error when finding the lexicon failed.
- Major speedups to Catalog sorting code. Sorting will consume less memory as well.
- Collector #597: ZCTextIndex splitters now honor the locale setting for proper splitting of non-english text.
- Deadlock prevention code added.
It was possible for earlier versions of ZODB to deadlock when using multiple storages. If multiple transactions committed concurrently and both transactions involved two or more shared storages, deadlock was possible. This problem has been fixed by introducing a sortKey() method to the transaction and storage APIs that is used to define an ordering on transaction participants. This solution will prevent deadlocks provided that all transaction participants that use locks define a valid sortKey() method. A warning is raised if a participant does not define sortKey(). For backwards compatibility, BaseStorage provides a sortKey() that uses __name__.
- Fixed bug in FileStorage related to object uncreation. An attempt to load an uncreated object now raises KeyError.
- Fixed a couple bugs in FileStorage recover() that wrote incorrect backpointers.
- Fixed data_txn attribute of iterator data records to use the transaction id of the previous transaction, even if it also has a data_txn field.
- Fixed conflict resolution bug that raised a NameError when a class involved in a conflict could not be loaded.
- Fixed C extensions that included standard header files before Python.h, which is not allowed.
- Added code to ThreadedAsync/LoopCallback.py to work around a bug in asyncore.py: a handled signal can cause unwanted reads to happen.
- Collector #651: WebDAV Lock Manager was broken.
- Collector #646: metal:slot was lost during the I18n merge.
- Collector #640: Fix security assertion on ZCTextIndex query method.
- Delayed opening the ZODB until after the "Zope" module has been imported, fixing a deadlock issue involving ZEO. The "Zope" module now has a "startup()" function.
- Fixed a NameError in the recent change to DateTime.rfc822().
- Made DateTime.rfc822() simpler and independent of local timezone.
- Fixed bug in Transience reported by kedai which caused spurious KeyErrors under heavy sessioning usage.
- Fixed bug in the Interface Verify package; base interfaces were not included in an interface compliancy test.
- Collector #650: Fixed implicit list marshalling for lists where the first two values are tainted.
- Collector #671: HTTP Ranges were broken for files and images whose length wasn't exactly divisible by 2**16.
- ModuleSecurityInfo declarations could be lost if further declarations were made after the Info object already had been applied. Such additional declarations could take place in Python trusted code run after Zope strartup or during a Product refresh.
- Collector #699: MailHosts created in 2.5 breaks in 2.6.
- Collector #694: dtml-sendmail mailto specification replaces "To:" header.
- Collector #703: KeyErrors raised when unindexing a PathIndex (and TopicIndexes) should be swallowed and logged.
Zope 2.6.0
Bugs Fixed
- Caused many places throughout the code base to use calls to user.getId() rather than user.getUserName(). With most (all?) user folder implementations today, this will have no behavioral change, as getId is always alised to getUserName. However, this makes it possible to write user folder implementations which make the distinction between the user's id and the user's name. These user folders will allow users to change names independent of their identity.
- WebDAV Lock Manager actually gives the user a chance to specify a starting path before searching for locks, shortening query times and memory usage in large Zope instances.
- PageTemplateFiles were previously owned by whatever object contained them. This resulted in very hard bugs if the user who owned the container was removed. Since PageTemplateFiles come from the filesystem, they are now "unowned", similar to DTMLFiles. Security is still applied, but now it is applied correctly.
- Collector #411: DateTime.rfc822 is not rfc822 compliant
Zope 2.6.0 beta 2
Bugs Fixed
- The ability to add multiple select properties to PropertyManagers was broken (issue 612).
- Removed the signal handler hung off USR1 for packing the database. This feature proved dangerous as the pack operation would happen in the main thread, causing all asyncore operations to stop until it was finished.
- Collector #372: tal:attributes failed when combined with tal:replace.
- Don't try to close network connections in the signal handler for shutdown. This hosed ZEO clients.
- Collector #292: PythonScript.write() didn't properly refresh bindings.
- Dumb bug in zdaemon fixed in which it would try to kill process numbers 1, 2, 3, 10, 12, and 15 when it caught a signal related to any of these signal numbers. Instead, it actually tries now to kill its child process with the same signal.
- Write pidfiles out with trailing newlines.
- Fix setVirtualRoot in the face of unicode paths (such as occur during an XML-RPC request.
- Collector #539: Fixed rendering of TAL namespace tags with an
on-error
statement. - Collector #586: Generated
start
scripts had a nonsensical export of an "INST_HOME" environment variable. - Collector #580: TALES evaluateBoolean() was squishing
default
. - Collector #581: TALES Path traversal should not special-case a blank
string in the second element position. It now skips directly
to item access when a path element is blank or has a leading
_
. - Fixed inconsistent attribute access in TALES Paths.
- Deprecated hasRole alias failed to return result.
- Collector #538: Hybrid path expressions no longer attempt to call a value returned by the final, non-path alternate.
- Collector #573: ZTUtils Iterator didn't catch AttributeError.
- Collector #517: The properties page incorrectly rendered properties with non-latin1 values if there were no unicode properties defined, and incorrectly processed properties with non-ascii names.
- ZTUtils.SimpleTree could not build a tree with a root other than the ZODB root object. Also, filter functions didn't work at all, let alone in accordance with the documentation in the code.
- Collector #603: ZTUtils.Tree.encodeExpansion encoded depth with '.
characters, but decodeExpansion could possibly see an encoded node id as an encoded depth when that encoded id started with a
.'. - Collector #605: ZTUtils.Tree.decodeExpansion set no limits on the string to be decoded, allowing for a DoS attack with very large strings.
- The fix for issue #144 broke the ability to create an empty Image or File object. This functionality is now reenabled again.
- ZTUtils.Zope.TreeSkipMixin allows you to skip unauthorized objects in the tree, but the filter wasn't applied when trying to filter candidate child nodes through a custom setChildAccess filter.
- Emails sent through MailHost now automatically include a Date header if not already present, in compliance with RFC822 and RFC2822.
Features Added
- Add optional
relative
argument to getURL the method in CatalogBrains. This allows it to generate site relative URLs like absolute_url can. - ZTUtils.Tree.encodeExpansion now will use zlib compression by default, allowing for a far larger number of open tree states to be encoded. decodeExpansion handles compressed expansion states automatically.
- ZTUtils.Tree.TreeMaker now has additional methods for setting various flags and attributes that influence how the tree is built, making these aspects accessible to PythonScripts.
- ZTUtils.Tree.TreeMaker has a new method setStateFunction, which allows you to set a callback function that can influence the state (open, closed, leaf) of each node in the tree.
- Pidfile handling improved. When Zope is started under
zdaemon, it no longer writes its own pidfile. Instead, it
passes in the path to Z2.pid to zdaemon as its pidfile name.
The
zProcessManager.pid
file is no longer ever written. This caused a change to the -Z option of z2.py which should be mostly backwards-compatible (unless people were relying on zProcessManager.pid to be written). Now the -Z option is a boolean. -Z1 means use a daemon. -Z0 means dont. The default is -Z1.
Zope 2.6.0 beta 1
Bugs Fixed
- Collector #587: fixed wrong migration to string methods in DTMLMethod.py
- Collector #583: Searching for
/
with PathIndexes failed. - Fixed bug in manage_editProperties which used an incorrect default for several types of property when they were not found in the REQUEST.
- Collector #574: Fixed write on HEAD requests caused by overzealous ETag support.
- Fixed bug in z2.py where it would eat certain socket error exceptions at startup.
- Collector #550: Exceptions in XML-RPC requests no longer envoke standard_error_message. Plain text error messages are instead added to the fault string. In debug mode, a full traceback is also included since access to the error log is not a given for XML-RPC developers.
- Collector #512,541: Fixed broken WebDAV compatiblity with Cadaver 0.20.X due to a missing Lock-Token header.
- Zope Page Templates set a
content-type
header even if the result of their execution was not rendered to the browser. We now check to make sure a content-type header is not already set before allowing a page template to set its own. - The title_or_id attribute of browser id managers and session data managers is now accessible publically.
- Collector #510: When Python scripts and other "Script" objects were acquired during URL traversal, the __before_publishing_traverse__ code did not properly stop traversal at the script and populate traverse_subpath with the remaining url path elements.
- Collector #238: Version Save and Discard buttons were too close to each other in Version management screens.
- The "Add Browser ID Manager" permission was renamed to "Add Browser Id Manager".
- Collector #437: dtml-sqltest now renders
v not in (b,c)
when used as. Previously, a sqltest for inequality would render v <> b
when a single value was submitted, but would rendera in (b,c)
when multiple values were present and themultiple
switch was set. - Collector #478: Z Search Interfaces with no parameters are now generating correct HTML.
- Collector #448: Z Search Interfaces created as PageTemplates have a correct title, not a fragment of dtml.
- Fixed brokenness of session data manager hasSessionData method. The old method created a session data object as a result of the call; it does not now.
- Collector #458: Fixed broken reindex_all in CatalogAwareness classes.
- The default "start" script now causes the event log to be sent to standard output unless the "EVENT_LOG_FILE" or "STUPID_LOG_FILE" environment variable is found in the environment.
- The much-hated name "STUPID_LOG_FILE" now has a preferred alias: "EVENT_LOG_FILE".
- Collector #454: The "default" session_data transient object container was not created if an object named "session_data" existed in the root.
- Restored behavior of ZCatalog when arguments with empty string are passed in to searchResults. These values are now ignored. If only empty string values are passed to searchResults, then it returns all results (it is assuming what was passed is essentially an empty filter).
- Collector #160: Allow TemporaryStorages to participate when a version is active.
- Collector #446: Fixed management security assertions on ZCatalogIndexes class.
- The BTree module functions weightedIntersection() and weightedUnion() now treat negative weights as documented. It's hard to explain what their effects were before this fix, as the sign bits were getting confused with an internal distinction between whether the result should be a set or a mapping.
- New "Transience" (session data storage) implementation. More reliable under high load.
- Collector #402: PythonScript recompile utility should only be usable by Manager to prevent abuse.
- Collector #433: Fixed broken Splitter backwards compatiblity issue caused by code cleanup.
- Collector #151: The Python 2.1 / 2.2 fcntl compatibility hacks were bypassed when using medusa directly without importing ZServer first (as when using monitor_client.py).
- Collector #72: Start on Windows 95 machines with no network devices installed.
- Collector #79: Don't swallow App.FindHomes exceptions.
- The set operation difference(X, None) was returning None instead of returning X, contradicting the docs and common sense. difference(None, X) continues to return None.
- Fix bug in ISO_8859_1 splitter which corruped storage on initialization.
- Collector #421: Storage leak in cAccessControl
- FileLibrary and GuestBook example applications gave anonymous users the Manager proxy role when uploading files - a potential vulnerability on production servers.
- Exceptions that use untrusted information from a REQUEST object in the exception message now html-quote that information.
- Stop leaking FastCGI Authorization header in environment to prevent password compromise
- #178: Don't compile PythonScripts in skins directories
- Fixed the help registration system and Zope tutorial to honor the environment variables, FORCE_PRODUCT_LOAD, and ZEO_CACHE, that affect whether products are installed in the database at application startup.
- Collector #547: xmlrpclib SlowParser should also handle CDATA sections.
- Collector #525: Don't mask Unautorized exceptions as XML-RPC faults. Fix based on patch from Brad Clements.
- Collector #465: Allow XML-RPC requests with no
tag. - Collector #528: Don't clear REQUEST_METHOD for XML-RPC requests; instead check for an XML-RPC Response objetc in BaseRequest.traverse.
Features Added
- Browser ids can now be encoded in the URL and Zope can be instructed to automatically include the browser id in its generated URLs.
- Browser Id Managers now provide a saner way to obtain a hidden form element which encodes the browser id name and browser id. An interface method named "getHiddenFormField" on browser id managers now exists which returns a snippet of HTML as a hidden form field that encodes these values.
- A Site Error Log object is now created in the root at Zope startup time.
- Added
url_unquote
andurl_unquote_plus
modifiers to DTML (also fmt=url-unquote and fmt=url-unquote-plus), and made the same functions available in the PythonScripts.standard module. - Collector #186: Added urlencode to the standard importables for Python scripts.
and &dtml.-name; will now automatically HTML-quote unsafe data taken implictly from the REQUEST object. Data taken explicitly from the REQUEST object is not affected, as well as any other data not originating from REQUEST. This can be disabled (at your own risk!) by setting the environment variable ZOPE_DTML_REQUEST_AUTOQUOTE to one of no
,0
, ordisabled
.- ZCatalog index management ui is now integrated into ZCatalog rather than being a subobject managment screen with different tabs.
- ZCTextIndexes can now be instantiated without constructing a silly "extra" record object if desired.
- SimpleItem class now passes a new argument "error_log_url" to the standard_error_message template on error. If the site contains an error log object, this will contain the url to the applicable log entry for the error.
- The IOBTree module also supports multiunion() now.
- BTrees and TreeSets are complex objects, with parent->child pointers, sibling pointers, and multi-level parent->descendant pointers. About half the pointers are formally redundant, but speed operations. BTrees and TreeSets now support a ._check() method, which does a thorough job of examining all these pointers for consistency. It raises AssertionError if it finds any problems, else returns None. In Zope 2.5, in rare cases a key deletion could leave these internal pointers in an inconsistent state (what was supposed to be redundant information became conflicting information). The most likely symptom was that tree.keys() would yield an object that disgreed with the tree about how many keys there are. tree._check() can be used if you suspect such a problem (and if you find one, rebuilding the tree is the best solution for now).
- Added support for the ZOPE_HOME environment variable, which points to the Zope root, where the ZServer package and default imports may be found.
- Collector #516 -- "title" property on image tags
- Collector #117 -- change External Method DTML to name="id" vs unquoted id
- Collector #61 -- now manage_PasteObjects return a list of dictionaries containing {'id':original_id,'new_id':newly_pasted_obj_id} when called with REQUEST=None
- Changed FORCE_PRODUCT_LOAD so that if it is set, it determines
whether products are installed regardless of whether ZEO_CACHE is
set. This means that you can disable product installation by setting
FORCE_PRODUCT_LOAD to an empty string even if you are not using a
ZEO persistent cache.
Documented FORCE_PRODUCT_LOAD
- xmlrpclib has been updated to the Python 2.2 version, which includes support for the Expat parser for unmarshalling data, which speeds up things considerably.
- Binary builds for Linux are now built against glibc 2.1.3 with large file support enabled.
- Binary builds for Solaris are now built against Solaris 8 with large file support enabled.
- Added i18n support in TAL processing
Zope 2.6.0 alpha 1
Features Added
- The IIBTree module has a new multiunion function. It accepts a sequence of sets, treesets, etc, and returns the union of the keys of these objects, as an IISet. It's designed for peak speed when the input sequence contains many objects.
- Set the default sys checkinterval to a higher value (500) to
take better advantage of faster processors. Since there is no
way to scientifically determine a number that works best for
everyone, this at least should err on the side of better
performance "out of the box" for higher-end production
systems.
Note that you can always use the -i argument to z2 to change the check interval.
- Added support for gzip content compression for clients that support it. See lib/python/ZPublisher/HTTPResponse.py for more details.
- Added ZCTextIndex plug-in index product. A replacement for TextIndex.
- Removed the venerable but senile QuickStart folder from the default FileStorage. "Alas, poor Yorick! I knew him, Horatio."
- Signal handling and log rotation
All Zope process will respond to signals in the specified manner:
SIGHUP - close open database connections and sockets, then restart the process
SIGTERM - close open database connections and sockets, then shut down.
SIGINT - same as SIGTERM
SIGUSR2 - rotate all Zope log files (z2.log, event log, detailed log)
The common idiom for doing automated logfile rotation will become:
kill -USR2 `cat /path/to/var/z2.pid`
The common idiom for doing "prophylactic" restarts will become:
kill -HUP `cat /path/to/var/z2.pid`
When a process is interrupted via ctrl-C or via a TERM signal (INT, TERM), all open database connections and sockets will be closed before the process dies. This will speed up restart time for sites that use a FileStorage as its index will be written to the filesystem before shutdown.
Unspecified signals kill the process without doing cleanup.
- ZCatalog no longer has a hand in managing text index vocabularies. The cruft associated with this functionality has been exorcised. No default indexes or metadata elements are defined for you when you create a new ZCatalog. Since we now have many new kinds of plug-in indexes it no longer made sense to do this anymore.
- A new permission "Copy or Move" was added. This permission may be used respective to an object to prevent objects from being copyable or movable while within the management interface. The "old" behavior stipulated that users whom possessed the "View management screens" permission to an object's container could copy or move the object arbitrarily, even if they had limited access to the object itself. Once the object was moved or copied, the user became the owner of the new object, allowing them to see potentially sensitive information in the management interface for the object itself. This permission is granted to Manager and Anonymous by default, and must be revoked on an object-by-object basis if site managers intend to provide management screen access to folders which contain sensitive subobjects. This patch came as a result of Collector #376 (thanks to Chris Deckard).
- Structured Text's "DocumentWithImages" class did not recognize image filenames with underscores.
- The getElementsByTagName method of STDOM (used by Structured Text) would croak on most documents, especially those containing unwrapped text nodes. Fixed.
- FileUpload objects now evaluate false when the have an empty file name. Making it easier to check for omitted file upload form fields.
- ZClasses now use a python script as their constructor method instead of a DTML method. Also, ZClasses inherit from CatalogPathAwareness now instead of CatalogAwareness.
- added browser_default hook to ZPublisher. This allows objects to
specify the path to the default method that the publisher calls
when the object is published. The default for objects not defining
browser_default is still
index_html
for bw compatibility. A ZMI configurable browser_default implementation has been added to ObjectManager. You can configure browser_default for OMs via a new "settings" management tab. - added TopicIndexes: a TopicIndex is a container for so-called FilteredSet. A FilteredSet consists of an expression and a set of internal ZCatalog document identifiers that represent a pre-calculated result list for performance reasons. Instead of executing the same query on a ZCatalog multiple times it is much faster to use a TopicIndex instead.
- requestprofiler: added new --daysago option and added support for reading gzipped detailed logfiles
- DateTime: new functions JulianDay() and week() to perform calculation of the week number based on the Julian calendar.
- WebDAV: the new environment variable WEBDAV_SOURCE_PORT_CLIENTS enables retrieval of the document source for dedicated WebDAV clients (see ENVIRONMENT.txt for usage)
- Collector #272: Optimizations for RESPONSE.write
- Collector #271: New environment variables are now used to send the access log into syslog. ZSYSLOG_ACCESS, ZSYSLOG_ACCESS_FACILITY, and SYSLOG_ACCESS_SERVER now do the same job as the old environment variables without _ACCESS in their name. Those old environment variables still do the same job of sending the event log to syslog.
- When run as a daemon on Unix, Zope will now redirect stdin/stdout/stderr to /dev/null
- Nicer formatting for the increasingly tall permissions table.
- TextIndex: Enhanced splitter functionality now allows the TextIndex to index numbers, single characters. It is also possible to enable case-sensitive indexing. The new configuration options are available through the addForm of the Vocabulary object.
- ICP server support. For more information see http://www.zope.org/Members/htrd/icp/intro
- STXNG: added new env. variable STX_DEFAULT_LEVEL to change
the default level for
elements (see doc/ENVIRONMENT.txt) - Collector #304: several catalog optimisations
- New implementation of ZODB object cache. The new
implemenation is more likely to keep the size of the object
cache close to the target size. This change means that memory
consumption may be reduced. Some users will need to increase
the default cache size, because a too small setting is more
likely to hurt performance than it did in the past.
Third-party C extensions that use the persistence API must be recompiled, and may need to be updated to work correctly with the new cache; see PER_GHOSTIFY().
- The ZODB Connection is now resposible for registering changed objects with the current transaction.
- Implementation of RestrictedCreation fishbowl proposal; Product registration can now include a function used to determine whether that product constructor want to allow objects to be created in the specified container object.
- Collector 196: manage_page_style.css is now cacheable. Added freshness information to ImageFile, to improve cacheability of management interface
- Collector 358: added a new parameter no_push_item to dtml-in, to inhibit automatically pushing sequence-item onto the namespace stack.
- STXNG: Structured Text now supports images by default by using the HTMLWithImages class (has been disabled prior to Zope 2.6)
- new option --force-http-connection-close for z2.py to prevent clients from maintaing pipelined connections to the Zope server (Collector #412)
- Updated the Interface package to be compatible with Zope 3 Interfaces. This included changing some interface APIs that may affect existing products.
- Added a database activity monitoring graph to the control panel, making it easier to tune the ZODB cache size.
Bugs Fixed
- External methods didn't properly setup func_defaults and func_code when they were first loaded. This meant mapply couldn't properly map arguments on the first try.
- Fixed bug #96: Narrower/Wider buttons now work on both CSS and non-CSS compliant browsers. This allows better control for browsers that have a hard time knowing what 100% means.
- Fix for Collector #319: filtered_manage_options didn't correctly filter tabs based on permission.
- Made repr of an HTTPRequest.record eval'able as a dict (Collector #89).
- Fixed bug #144: Upload button on dtml, py scripts, images, files and pts now raises an error if the file is not specified rather than clearing the source.
- Fixed bug #275: setPermissionDefault didn't actually set the right permission -> role mappings.
- Fixed bug reported on maillist during EWOULDBLOCK when using FTP server (http:// lists.zope.org/pipermail/zope/2002-March/111521.html).
- App/FindHomes.py now computes the "real" path for SOFTWARE_HOME and
INSTANCE_HOME, resolving any symlinks in any element within paths
passed in via the INSTANCE_HOME or SOFTWARE_HOME envvars. Paths that
are computed by "dead reckoning" from os.getcwd and module paths are
also "realpathed". So for instance, if you use
/home/chrism/Instance
as your INSTANCE_HOME, and/home/chrism
is a symlink to/other/home/chrism
, your INSTANCE_HOME will be computed as/other/home/chrism/Instance
. This is necessary to avoid weirdnesses while using "dead reckoning" from INSTANCE_HOME and SOFTWARE_HOME in other parts of the code. POSIX systems only. - Fixed PropertyManager/PropertySheets so that you can safely add a
property named
ids
without breaking your properties page. - Removed spurious
self
from scarecrow interfaces; updated method-generation in Interface package to ignore self when source is a method (rather than a function). - Collector #32: Use difflib instead of ndiff
- Fixed long standing bug in PythonScript where get_size returned the incorrect length. This broke editing using EMACS via FTP or WebDAV. Thanks to John Glavin at South River Technologies for help finding the bug.
- Collector #207: fixed problem with inner links in STXNG
- Collector #210: HTML() function of StructuredText produced wrong
tags. - Collector #166: ObjectManger.all_meta_types() implemented only an incomplete filter based on interfaces.
- FTP: Downloading files through FTP has been broken since 2.4.0 because the downloaded file has been stored with a HTTP header at the beginning of the file. Fixed!
- FTP: Spaces in usernames inside a FTP file listing are now replaced by underscores to avoid confusion with some FTP clients.
- Collector #227: improved handling of unicode string in TextIndex.py with unmodified default encoding in site.py.
- Collector #227: z2.py, TextIndex/dtml/manage_vocab.dtml modified to display unicode strings in the vocabulary properly (now using UTF-8 encoding for display purposes)
- Collector #250: applied several patches for TextIndex for better unicode support for the GlobbingLexicon
- Collector #254: return owner object from getOwner wrapped in its context
- Collector #259: walkandscrub.py did not delete all .pyc and .pyo files during installation. Fixed.
- Collector #231: BTrees ignoring errors from comparison function
- Collector #278: DocumentWithImages could not handle URLs with underscores
- Collector #279: changed exception handling for safegmtime() to provide a more intuitive traceback for operating systems with a limited gmtime() implementations
- Collector #285: Zope changes its working directory to the var directory at startup
- WebDAV: removing an non-existing property now returns a HTTP 200-OK response instead of 404 (now compliant with RFC 2518)
- Fixed a bug in TM.py that would cause database adapters to hang on errors in the second phase of the two-phase commit.
- Collector #291: ZCatalog not unindexing deleted properties
- Collector #266: Retried requests losing track of http request headers, causing Connection:Close requests to stall
- Collector #17: Fixed broken links in StandardCacheManagers help
- Collector #1: UNIX security fixes: make starting Zope as
root
secure, stop usingnobody
, warn of insecure umasks - Collector #303: Properties of type
long
got truncated - Collector #325: adding a new TextIndex to an existing Catalog cleared the standard Vocabulary.
- Collector #373: content_type property for Image objects are no longer deletable to prevent malfunction.
- Collector #343: The ZCatalogs
Indexes
view showed the wrong number of indexed objects for FieldIndexes. - FTP server: replaced
System_Process
bySysproc
to avoid breaking some FTP clients and the output format with overlong usernames. - Fixed a potential bug with cAccessControl's permission role deallocator which would try to decref things which may not have been set, due to a change in the initializer (which will bail out if it doesnt get called with a tuple argument)
- Collector #185, 341: PCGIServer and FCGIServer logs corrected and now output extended information like HTTPServer does.
- Propertysheets: Ids like
values
anditems
are now forbidden as they break WebDAV functionality. Existing Propertysheets are not affected - Collector #348: decapitate() now recognizes both \r\n and \n\n to be compliant with the HTTP RFC
- Collector #386: workaround for hanging FTP connections with NcFTP
- Collector #419: repaired off-by-1 errors and IndexErrors when slicing BTree-based data structures. For example, an_IIBTree.items()[0:0] had length 1 (should be empty) if the tree wsan't empty.