.. image:: https://github.com/zopefoundation/Zope/actions/workflows/tests.yml/badge.svg
:target: https://github.com/zopefoundation/Zope/actions/workflows/tests.yml
.. image:: https://coveralls.io/repos/github/zopefoundation/Zope/badge.svg?branch=master
:target: https://coveralls.io/github/zopefoundation/Zope?branch=master
.. image:: https://readthedocs.org/projects/zope/badge/?version=latest
:target: https://zope.readthedocs.org/en/latest/
:alt: Documentation Status
.. image:: https://img.shields.io/pypi/v/Zope.svg
:target: https://pypi.org/project/Zope/
:alt: Current version on PyPI
.. image:: https://img.shields.io/pypi/pyversions/Zope.svg
:target: https://pypi.org/project/Zope/
:alt: Supported Python versions
.. |nbsp| unicode:: 0xA0
:trim:
|nbsp|
.. image:: https://zopefoundation.github.io/Zope/artwork/Zope.svg
:alt: Zope logo
:width: 300px
**Zope is an open-source web application server.**
This document provides some general information about Zope and provides
links to other documents. The full documentation can be found at
https://zope.readthedocs.io.
.. contents::
:local:
:depth: 1
Installation
============
Please visit the installation documentation at
https://zope.readthedocs.io/en/latest/INSTALL.html for detailed installation
guidance.
License
=======
Zope is licensed under the OSI-approved `Zope Public License` (ZPL), version
2.1. The full license text is included in ``LICENSE.txt``.
Bug tracker
===========
Bugs reports should be made through the Zope bugtracker at
https://github.com/zopefoundation/Zope/issues. A bug report should
contain detailed information about how to reproduce the bug.
Change log
==========
These are all the changes for Zope 5, starting with the alpha releases,
since the branch point at Zope 4.1.2.
The change log for the previous version, Zope 4, is at
https://github.com/zopefoundation/Zope/blob/4.x/CHANGES.rst
5.11.1 (2024-11-03)
-------------------
- Update to newest compatible versions of dependencies.
- Define ``request["PARENTS"]`` before request parameter processing
such that request failure subscribers (such as that of
``Products.SiteErrorLog``) can determine the error context
for exceptions raised during request parameter processing
(see `#1235 <https://github.com/zopefoundation/Zope/issues/1235>`_).
5.11 (2024-10-11)
-----------------
- Add support for Python 3.13.
- Drop support for Python 3.7.
- Update to newest compatible versions of dependencies.
- Added CC-BY 4.0 license to the Zope logo.
- Fix ``IndexError`` on traversal past the root using `..`.
(`#1218 <https://github.com/zopefoundation/Zope/issues/1218>`_)
5.10 (2024-05-18)
-----------------
- Recognize Page Templates by file extension for WebDAV.
(`#1212 <https://github.com/zopefoundation/Zope/issues/1212>`_)
- Clean up and fix installation documentation.
- Officially support Python 3.12.1.
(`#1188 <https://github.com/zopefoundation/Zope/issues/1188>`_)
- Fix redirections to URLs with host given as IP-literal with brackets.
Fixes `#1191 <https://github.com/zopefoundation/Zope/issues/1191>`_.
- Introduce the decorator ``ZPublisher.zpublish`` to explicitly
control publication by ``ZPublisher``.
For details see
`#1197 <https://github.com/zopefoundation/Zope/pull/1197>`_.
- Fix ``Content-Disposition`` filename for clients without rfc6266 support.
(`#1198 <https://github.com/zopefoundation/Zope/pull/1198>`_)
- Support ``Chameleon`` ``structure`` expression type.
Fixes `#1077 <https://github.com/zopefoundation/Zope/issues/1077>`_.
- Fix authentication error viewing ZMI with a user defined outside of zope root.
Fixes `#1195 <https://github.com/zopefoundation/Zope/issues/1195>`_ and
`#1203 <https://github.com/zopefoundation/Zope/issues/1195>`_.
- Work around ``Products.CMFCore`` and ``Products.CMFPlone`` design bug
(registering non callable constructors).
For details, see
`#1202 <https://github.com/zopefoundation/Zope/issues/1202>`_.
5.9 (2023-11-24)
----------------
- Support form data in ``PUT`` requests (following the ``multipart`` example).
Fixes `#1182 <https://github.com/zopefoundation/Zope/issues/1182>`_.
- Separate ZODB connection information into new ZODB Connections view.
- Move the cache detail links to the individual database pages.
- Fix the auto refresh functionality on the Reference Count page
- Update the Ace editor in the ZMI.
- Restrict access to static ZMI resources.
- Update to newest compatible versions of dependencies.
- Add ``paste.filter_app_factory`` entry point ``content_length``.
This WSGI middleware component can be used with
WSGI servers which do not follow the PEP 3333 recommendation
regarding input handling for requests with
``Content-Length`` header.
Allows administrators to fix
`#1171 <https://github.com/zopefoundation/Zope/pull/1171>`_.
- Officially support Python 3.12.
5.8.6 (2023-10-04)
------------------
- Make sure the object title in the ZMI breadcrumbs is quoted
to prevent a cross-site scripting issue.
- Update to newest compatible versions of dependencies.
- Base the inline/attachment logic developed for CVE-2023-42458
on the media type proper (ignore parameters and
whitespace and normalize to lowercase)
(`#1167 <https://github.com/zopefoundation/Zope/pull/1167>`_).
5.8.5 (2023-09-21)
------------------
- Allow only some image types to be displayed inline. Force download for
others, especially SVG images. By default we use a list of allowed types.
You can switch a to a list of denied types by setting OS environment variable
``OFS_IMAGE_USE_DENYLIST=1``. You can override the allowed list with
environment variable ``ALLOWED_INLINE_MIMETYPES`` and the disallowed list
with ``DISALLOWED_INLINE_MIMETYPES``. Separate multiple entries by either
comma or space. This change only affects direct URL access.
``<img src="image.svg" />`` works the same as before. (CVE-2023-42458)
See `security advisory <https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v>`_.
- Tighten down the ZMI frame source logic to only allow site-local sources.
Problem reported by Miguel Segovia Gil.
- Added image dimensions to SVG file properties
`#1146 <https://github.com/zopefoundation/Zope/pull/1146>`_.
- Fix username not in access log for error requests, see issue
`#1155 <https://github.com/zopefoundation/Zope/issues/1155>`_.
- Update to newest compatible versions of dependencies.
- Add preliminary support for Python 3.12rc3.
5.8.4 (2023-09-06)
------------------
- Disable a ``ZCatalog`` (more precisly: ``Products.PluginIndexes``)
performance test which occasionally fails on GitHub.
For details, see
`#1136 <https://github.com/zopefoundation/Zope/issues/1136>`_.
- Restore filename on code objects of objects returned from
``App.Extensions.getObject()``. This got lost in 4.0a6.
- Update to newest compatible versions of dependencies.
- Add preliminary support for Python 3.12rc1.
- Make ``mapply`` ``__signature__`` aware.
This allows to publish methods decorated via a decorator
which sets ``__signature__`` on the wrapper to specify
the signature to use.
For details, see
`#1134 <https://github.com/zopefoundation/Zope/issues/1134>`_.
Note: ``mapply`` still does not support keyword only, var positional
and var keyword parameters.
- Make Zope's parameters for denial of service protection configurable
`#1141 <https://github.com/zopefoundation/Zope/issues/1141>`_.
- Update ``RestrictedPython`` to version 6.2 to mitigate a security problem.
(CVE-2023-41039)
- Update ``AccessControl`` to version 6.2 to mitigate a security problem.
(CVE-2023-41050)
5.8.3 (2023-06-15)
------------------
- Fix handling of a request parameter of type ``file`` if no value
has been specified;
fixes `#1132 <https://github.com/zopefoundation/Zope/issues/1132>`_.
- Fix adding Page Templates without valid file input from the ZMI
(`#1130 <https://github.com/zopefoundation/Zope/issues/1130>`_)
- Update to newest compatible versions of dependencies.
5.8.2 (2023-05-22)
------------------
- Allow ``ZPublisher`` to handle both a query string and a request body;
the request parameters from the query string are made available
in the request attribute ``form`` (a ``dict``),
the request body can be accessed via the request keys ``BODY``
(a ``bytes`` object) or ``BODYFILE`` (a file like object).
Fixes `#1122 <https://github.com/zopefoundation/Zope/issues/1122>`_.
- Support access to the request's ``BODY`` key for WSGI servers
which hand over an unseekable request body (such as e.g.
``Gunicorn``).
Fixes `#1125 <https://github.com/zopefoundation/Zope/issues/1125>`_.
- Do not break on GET requests that pass a query string
and a `Content-Type` header.
For details see `#1117 <https://github.com/zopefoundation/Zope/pull/1117>`_.
- Implement code change suggestions from CodeQL scanning.
- Added Japanese translations for some Sphinx docs
(`#1109 <https://github.com/zopefoundation/Zope/issues/1109>`_)
- Update to newest compatible versions of dependencies.
- Update zope.ini.in skel to support log paths that use backslashes.
(`#1106 <https://github.com/zopefoundation/Zope/issues/1106>`_)
5.8.1 (2023-03-17)
------------------
- Sanitize tainting fixing
`#1095 <https://github.com/zopefoundation/Zope/issues/1095>`_
- Replace ``cgi.FieldStorage`` by ``multipart`` avoiding
the ``cgi`` module deprecated by Python 3.11.
Mark binary converters with a true ``binary`` attribute.
Fix encoding handling and ``:bytes`` converter.
See `#1094 <https://github.com/zopefoundation/Zope/pull/1094>`_.
- Clean out and refactor dependency configuration files.
- Update to newest compatible versions of dependencies.
- Support the (non standard) ``charset`` parameter for
content type ``application/x-www-form-urlencoded``.
This is required (e.g. for ``Plone``) because
``jquery`` constructs content types of the form
```application/x-www-form-urlencoded; charset=utf-8``.
For details see
`plone/buildout.coredev#844
<https://github.com/plone/buildout.coredev/pull/844>`_.
5.8 (2023-01-10)
----------------
- Only set response header Content-Type as text/html on exception views when
the response has content.
(`#1089 <https://github.com/zopefoundation/Zope/issues/1089>`_)
- Drop support for Python 3.6, it has been in end-of-life status for a while.
- Update to newest compatible versions of dependencies.
- Fix history page for classes modifying instances in ``__setstate__``,
such as ``Products.PythonScripts.PythonScript`` instances.
See `launchpad issue 735999
<https://bugs.launchpad.net/zope2/+bug/735999>`_.
5.7.3 (2022-12-19)
------------------
- Explicitly serve ``App.Dialogs.MessageDialog`` and exception views as HTML
due to the changed default content type from `#1075
<https://github.com/zopefoundation/Zope/pull/1075>`_.
5.7.2 (2022-12-17)
------------------
- Fix some broken ZMI pages due to the changed default content type
from PR https://github.com/zopefoundation/Zope/pull/1075
(`#1078 <https://github.com/zopefoundation/Zope/issues/1078>`_)
- Update to newest compatible versions of dependencies.
5.7.1 (2022-12-16)
------------------
- Set the published default ``Content-Type`` header to ``text/plain``
if none has been set explicitly to prevent a cross-site scripting attack.
Also remove the old behavior of constructing an HTML page for published
methods returning a two-item tuple.
- Update to newest compatible versions of dependencies.
5.7 (2022-11-17)
----------------
- Script `addzopeuser` accepts now parameter '-c' or '--configuration'.
This allows passing in a custom location for the `zope.conf` file to use.
If not specified, behavior is not altered.
- Update to newest compatible versions of dependencies.
- Change functional testing utilities to support percent encoded and unicode
paths (`#1058 <https://github.com/zopefoundation/Zope/issues/1058>`_).
- Decode basic authentication header as utf-8, not latin1 anymore
(`#1061 <https://github.com/zopefoundation/Zope/issues/1061>`_).
- Use UTF-8 charset for WWW-Authenticate headers in challenge responses,
as described in `RFC7617 <https://datatracker.ietf.org/doc/html/draft-ietf-httpauth-basicauth-update-07#section-2.1>`_
( `#1065 <https://github.com/zopefoundation/Zope/pull/1065>`_).
- Added `:json` converter in `ZPublisher.Converters`.
(`#957 <https://github.com/zopefoundation/Zope/issues/957>`_)
- Support Python 3.11.
5.6 (2022-09-09)
----------------
- Make Products.PageTemplate engine compatible with Chameleon 3.10.
- Update to newest compatible versions of dependencies.
- Start work on Python 3.11 support, which will arrive in a later release.
- Fix cookie path parameter handling:
If the cookie path value contains ``%`` it is assumed to be
fully quoted and used as is;
if it contains only characters allowed (unquoted)
in an URL path (with the exception of ``;``),
it is used as is; otherwise, it is quoted using Python's
``urllib.parse.quote``
(`#1052 <https://github.com/zopefoundation/Zope/issues/1052>`_).
5.5.2 (2022-06-28)
------------------
- Update ``waitress`` to version 2.1.2.
- Improvements on find_bad_templates(): check Filesystem Page
Templates too and show html tags in web report
(`#1042 <https://github.com/zopefoundation/Zope/issues/1042>`_)
- Fix version pin specifications for Python 3.6 compatibility.
(`#1036 <https://github.com/zopefoundation/Zope/issues/1036>`_)
- Quote all components of a redirect URL (not only the path component)
(`#1027 <https://github.com/zopefoundation/Zope/issues/1027>`_)
- Drop the convenience script generation from the buildout configuration
in order to get rid of a lot of dependency version pins.
These were only needed for maintainers who can install them manually.
(`#1019 <https://github.com/zopefoundation/Zope/issues/1019>`_)
- Update to newest compatible versions of dependencies.
- Modify "manage_access" to allow users to switch from the compact view
to the complete matrix view when more than 30 roles are defined.
(`#1039 <https://github.com/zopefoundation/Zope/pull/1039>`_)
- Strip leading ``.`` in cookie domain names.
(`#1041 <https://github.com/zopefoundation/Zope/pull/1041>`_)
5.5.1 (2022-04-05)
------------------
- Update to newest compatible versions of dependencies.
- Update ``waitress`` to version 2.1.1 to mitigate a vulnerability in that
package. As ``waitress`` no longer supports Python 3.6 it is not advised
to run Zope on Python 3.6 any longer even though it still supports Python
3.6. **Due to this security issue support for Python 3.6 is now officially
deprecated. It will be removed with Zope version 5.7.**
- To run ``bin/buildout`` inside the Zope project now ``zc.buildout >= 2.13.7``
or ``zc.buildout >= 3.0.0b1`` is required.
5.5 (2022-03-10)
----------------
- Fix several exceptions when calling ``ZPublisher.utils.fix_properties``.
- Update to newest compatible versions of dependencies.
- Enhance cookie support. For details, see
`#1010 <https://github.com/zopefoundation/Zope/issues/1010>`_
- Use intermediate ``str`` representation for non-bytelike response data unless
indicated differently by the content type.
(`#1006 <https://github.com/zopefoundation/Zope/issues/1006>`_)
- Use ``zc.buildout 3.0rc2`` to install Zope to run its tests.
5.4 (2022-01-09)
----------------
- Audit and fix all hyperlinks in code and documentation
- Change zope.org references to zope.dev due to ongoing domain ownership
issues. zope.dev is owned by the Plone Foundation and thus safe from
interference. XML/ZCML namespace URLs remain unchanged.
- Remove all links that are completely dead, such as the old zope.org
Collectors issue trackers.
- Update all other miscellaneous links to make them work again or remove if
the information is gone.
- Improve type guessing for the default WebDAV PUT factory
(`#997 <https://github.com/zopefoundation/Zope/issues/997>`_)
- Enable WebDAV PUT factories to change a newly created object's ID
(`#997 <https://github.com/zopefoundation/Zope/issues/997>`_)
- Fix potential race condition in ``App.version_txt.getZopeVersion``
(`#999 <https://github.com/zopefoundation/Zope/issues/999>`_)
- Don't coerce file upload fields for adding DTML Documents/Methods to string.
This makes the Add forms work again with the ZPublisher converter code
changes.
- Remove deprecated ulines, utext, utokens, ustring from more code.
In the properties form, show a deprecation warning.
- Add function ``ZPublisher.utils.fix_properties``.
You can call this to fix lines properties to only contain strings, not bytes.
It also replaces the deprecated property types ulines, utext, utoken, and
ustring with their non-unicode variants.
(`#987 <https://github.com/zopefoundation/Zope/issues/987>`_)
- Add support for Python 3.10.
- Update to newest compatible versions of dependencies.
5.3 (2021-07-31)
----------------
- Reinstate simple sessioning with ``Products.TemporaryFolder``
because the underlying issues with ``tempstorage`` have been fixed.
(`#985 <https://github.com/zopefoundation/Zope/issues/985>`_)
- Update the ``AccessControl`` version pin to fix a remote code execution issue
(see `AccessControl security advisory GHSA-qcx9-j53g-ccgf
<https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf>`_)
- Prevent ``DeprecationWarnings`` from moved imports in ``AccessControl``
- make sure "Manager" users can always modify proxy roles
(`see Products.PythonScripts#50
<https://github.com/zopefoundation/Products.PythonScripts/issues/50>`_)
- Deprecate usage of "unicode" converters. Also, the behavior of
``field2lines`` is now aligned to the other converters and returns a list of
strings instead of a list of bytes.
(`#962 <https://github.com/zopefoundation/Zope/issues/962>`_)
- Update to newest compatible versions of dependencies.
5.2.1 (2021-06-08)
------------------
- Prevent unauthorized traversal through authorized Python modules in
TAL expressions
- Facelift the Zope logo.
(`#973 <https://github.com/zopefoundation/Zope/issues/973>`_)
- Update to newest compatible versions of dependencies.
5.2 (2021-05-21)
----------------
- Prevent traversal to names starting with ``_`` in TAL expressions
and fix path expressions for the ``chameleon.tales`` expression engine.
- Provide friendlier ZMI error message for the Transaction Undo form
(`#964 <https://github.com/zopefoundation/Zope/issues/964>`_)
- Updated/fixed the poll application tutorial in the Zope Developers Guide
(`#958 <https://github.com/zopefoundation/Zope/issues/958>`_)
- Update to newest versions of dependencies.
- Depend on ``zope.datetime`` for the functions ``iso8601_date``,
``rfc850_date``, and ``rfc1123_date`` which used to be in ``App.Common``
keeping backwards-compatibility imports in place.
Backwards incompatible changes
++++++++++++++++++++++++++++++
- With the exception of ``field2bytes``, field converters do no longer try to
read file like objects
(`#558 <https://github.com/zopefoundation/Zope/issues/558>`_)
5.1.2 (2021-03-02)
------------------
- Enforce Zope permissions during recursive XML-RPC data dumps
(`#954 <https://github.com/zopefoundation/Zope/issues/954>`_)
- The ``compute_size`` method properly returns None if the content does not
have a ``get_size`` method but the parent has.
(`#948 <https://github.com/zopefoundation/Zope/issues/948>`_)
- Fix control panel tab links on all control panel pages
- Update to newest versions of dependencies.
5.1.1 (2021-02-10)
------------------
- Replace (in ``OFS``) the deprecated direct ``id`` access by
``getId`` calls.
(`#903 <https://github.com/zopefoundation/Zope/issues/903>`_)
- Update ZMI dependencies for Font Awesome, jQuery and bootstrap.
- Revise debug info GUI
(`#937 <https://github.com/zopefoundation/Zope/pull/937>`_)
- Convert ``bytes`` ``HTTPResponse`` header value to ``str``
via ``ISO-8859-1`` (the default encoding of ``HTTP/1.1``).
- Fix rendering of not found resources.
(`#933 <https://github.com/zopefoundation/Zope/pull/933>`_)
- Update to newest versions of dependencies.
5.1 (2020-11-12)
----------------
Backwards incompatible changes
++++++++++++++++++++++++++++++
- Exclude characters special for ``chameleon``'s interpolation syntax
(i.e. ``${}``) from use in TALES path expressions to reduce the failure risk
for the ``chameleon`` interpolation heuristics
(`#925 <https://github.com/zopefoundation/Zope/issues/925>`_)
Features
++++++++
- Restore the ZMI `Debug Information` control panel page
(`#898 <https://github.com/zopefoundation/Zope/issues/898>`_)
Fixes
+++++
- Fix ZMI visibility of pre elements in error log
(`Products.SiteErrorLog#26
<https://github.com/zopefoundation/Products.SiteErrorLog/issues/26>`_)
- Fix ``length`` for page template repeat variables
(`#913 <https://github.com/zopefoundation/Zope/issues/913>`_)
- Update `isort` to version 5.
(`#892 <https://github.com/zopefoundation/Zope/pull/892>`_)
- Update to newest versions of dependencies.
5.0 (2020-10-08)
----------------
Backwards incompatible changes
++++++++++++++++++++++++++++++
- Drop support for Python 3.5 as it will run out of support soon.
(`#841 <https://github.com/zopefoundation/Zope/issues/841>`_)
Features
++++++++
- HTTP header encoding support
(`#905 <https://github.com/zopefoundation/Zope/pull/905>`_)
- Add support for Python 3.9.
- New interface ``Products.PageTemplates.interfaces.IZopeAwareEngine``.
It can be used as the "provides" of an adapter registration
to adapt a non ``Zope`` tales engine to an engine to be used
by ``Zope`` page templates
(`#864 <https://github.com/zopefoundation/Zope/issues/864>`_).
Currently, the adaptation is used only when the
template is rendered with ``chameleon``;
with ``zope.pagetemplate``, the engine is used
as is - this may change in the future.
- Allow (some) builtins as first element of a (TALES) path expression:
in an untrusted context, the builtins from
``AccessControl.safe_builtins`` are allowed;
in a trusted context, all Python builtins are allowed in addition
(and take precedence)
(`zope.tales#23 <https://github.com/zopefoundation/zope.tales/issues/23>`_).
- Support the ``attrs`` predefined template variable again (as
far as ``chameleon`` allows it)
(`#860 <https://github.com/zopefoundation/Zope/issues/860>`_).
- Use ``Chameleon`` (>= 3.7.2) configuration to get better
information for errors detected during template execution
(`#837 <https://github.com/zopefoundation/Zope/issues/837>`_).
Fixes
+++++
- Provide a more senseful ``OFS.SimpleItem.Item_w__name__.id``
to avoid bugs by use of deprecated direct ``id`` access
(as e.g. (`#903 <https://github.com/zopefoundation/Zope/issues/903>`_).
- Update to ``zope.interface > 5.1.0`` to fix a memory leak.
- Fix export of files with non-latin-1 compatible names
(`#890 <https://github.com/zopefoundation/Zope/issues/890>`_)
- Avoid unsolicited translations
(`#876 <https://github.com/zopefoundation/Zope/issues/876>`_)
- Make "chameleon-zope context wrapping" more faithful.
(`#873 <https://github.com/zopefoundation/Zope/pull/873/files>`_)
- Let "unicode conflict resolution" work for all templates (not just
``ZopePageTemplate``).
(`#872 <https://github.com/zopefoundation/Zope/pull/872/files>`_)
- Make "Unicode Conflict Resolution" available for templates
rendered with ``chameleon``
(`Products.CMFPlone#3145
<https://github.com/plone/Products.CMFPlone/issues/3145>`_).
- Improve documentation of ``CONTEXTS`` in the "Zope Book".
- Decrease cookie size for copy/paste clipboard cookie
(`#854 <https://github.com/zopefoundation/Zope/issues/854>`_)
- Fix ``default`` keyword handling in page templates
(`#846 <https://github.com/zopefoundation/Zope/issues/846>`_)
- Fix parsing of package version and show correct major version in the ZMI
- Improve solidity of the ``debugError`` method.
(`#829 <https://github.com/zopefoundation/Zope/issues/829>`_)
- Fix that ``ZTUtils.LazyFilter`` could not be imported inside a restricted
Python script.
(`#901 <https://github.com/zopefoundation/Zope/pull/901>`_)
Other changes
+++++++++++++
- Add ``pyupgrade`` via ``pre-commit``
(`#859 <https://github.com/zopefoundation/Zope/issues/859>`_)
- Add ``tal:switch`` test
5.0a2 (2020-04-24)
------------------
Bug fixes
+++++++++
- Pin ``AccessControl`` 4.2 for the `Manage WebDAV Locks` permission
- Fix ``HEAD`` requests on registered views
(`#816 <https://github.com/zopefoundation/Zope/issues/816>`_)
- Improve ``chameleon`` --> ``zope.tales`` context wrapper
(support for template variable injection)
(`#812 <https://github.com/zopefoundation/Zope/pull/812>`_).
- Require ``zope.tales>=5.0.2``
- Fix issue 717 by fully honoring the engine returned by
``PageTemplate.pt_getEngine``
(`#717 <https://github.com/zopefoundation/Zope/issues/717>`_).
The engine also decides about the use of ``zope.tales``
(engine is an instance of ``zope.pagetemplate.engine.ZopeBaseEngine``)
or ``chameleon.tales`` (otherwise) TALES expressions.
- Fixed encoding issue of `displayname` WebDAV property
(`#797 <https://github.com/zopefoundation/Zope/issues/797>`_)
- Fixed fallback implementation of ``manage_DAVget``
(`#799 <https://github.com/zopefoundation/Zope/issues/799>`_)
Other changes
+++++++++++++
- Update to newest versions of dependencies.
5.0a1 (2020-02-28)
------------------
Backwards incompatible changes
++++++++++++++++++++++++++++++
- Drop support for Python 2.7 aka Zope 5 cannot be run on Python 2 any more.
If you are still running on Python 2.7 upgrade to the latest Zope 4 version
first, migrate to Python 3 and than switch to Zope 5.
(`#692 <https://github.com/zopefoundation/Zope/issues/692>`_)
- Remove all backwards-compatibility code marked to go away in Zope 5
(`#478 <https://github.com/zopefoundation/Zope/issues/478>`_)
- Drop support for running Zope with ZServer as it is Python 2 only.
(`#592 <https://github.com/zopefoundation/Zope/issues/592>`_)
- Remove deprecated ``postProcessInputs`` request method.
(`#782 <https://github.com/zopefoundation/Zope/issues/782>`_)
- Remove deprecated module ``ZPublisher.maybe_lock``.
(`#758 <https://github.com/zopefoundation/Zope/issues/758>`_)
- Remove Help System methods from the product context.
(`#756 <https://github.com/zopefoundation/Zope/issues/756>`_)
- Remove more deprecated code.
(`#757 <https://github.com/zopefoundation/Zope/issues/757>`_)
- Updated Zope documentation sources for Zope 5.
(`#659 <https://github.com/zopefoundation/Zope/issues/659>`_)
New features
++++++++++++
- Restore WebDAV support in Zope.
(`#744 <https://github.com/zopefoundation/Zope/issues/744>`_)
- Enable WebDAV support independent of ``ZServer``.
(`#787 <https://github.com/zopefoundation/Zope/pull/787>`_)
- Clean up and sanitize permissions used for WebDAV-related methods.
- Add ``wsgi.file_wrapper`` implementation
https://www.python.org/dev/peps/pep-0333/#optional-platform-specific-file-handling
(`#719 <https://github.com/zopefoundation/Zope/pull/719>`_)
Bug fixes
+++++++++
- Only use ``wsgi.file_wrapper`` for response bodies with a ``read`` method.
(`#763 <https://github.com/zopefoundation/Zope/issues/763>`_)
- Improve detection of HTTPS requests.
(`#680 <https://github.com/zopefoundation/Zope/issues/680>`_)
- Fix several ZMI links so they respect virtual hosting.
(`#788 <https://github.com/zopefoundation/Zope/issues/788>`_)
- Fix sort link URLs on ``manage_main``
(`#748 <https://github.com/zopefoundation/Zope/issues/748>`_)
- More tests to make sure all ``__str__`` implementations return native
strings.
(`#692 <https://github.com/zopefoundation/Zope/issues/692>`_)
- Fix longstanding test bug by forcing the page template engine.
Many tests in ``Products.PageTemplates`` used the old Zope page template
engine because the correct one was not registered during setup.
- Close opened db during shutdown (as ZServer is already doing).
(`#740 <https://github.com/zopefoundation/Zope/issues/740>`_)
- The method ``unrestrictedTraverse`` raises an error when
the argument ``path`` is not something it can work with.
(`#674 <https://github.com/zopefoundation/Zope/issues/674>`_)
- Improve ZMI Security Tab usability for high numbers of roles.
(`#730 <https://github.com/zopefoundation/Zope/issues/730>`_)
- Some small ZMI rendering fixes.
(`#729 <https://github.com/zopefoundation/Zope/issues/729>`_)
- Fix error when using database minimize in the ZMI.
(`#726 <https://github.com/zopefoundation/Zope/issues/726>`_)
- Fix ``__getattr__`` signature in ``UnauthorizedBinding``.
(`#703 <https://github.com/zopefoundation/Zope/issues/703>`_)
- Fix VirtualHostMonster not being able to set mappings under Python 3.
(`#708 <https://github.com/zopefoundation/Zope/issues/708>`_)
- Reduce the danger of acquiring built-in names on the ZMI Find tab.
(`#712 <https://github.com/zopefoundation/Zope/issues/712>`_)
- Restore the mistakenly removed Properties ZMI tab on Image objects
(`#706 <https://github.com/zopefoundation/Zope/issues/706>`_)
- Fix ``OFS.Image.File.__str__`` for ``Pdata`` contents
(`#711 <https://github.com/zopefoundation/Zope/issues/711>`_)
- Set ``REMOTE_USER`` in wsgi environ using Zope user authentication
(`#713 <https://github.com/zopefoundation/Zope/pull/713>`_)
- Add ``Paste`` as ``extras_require`` dependency to pull in ``Paste`` when
installing with `pip` and `constraints.txt` to prevent startup errors.
This requires adding the ``[wsgi]`` extra in the egg specification.
(`#734 <https://github.com/zopefoundation/Zope/issues/734>`_)
Other changes
+++++++++++++
- Move retried request delay handling out of ``supports_retry``
(`#474 <https://github.com/zopefoundation/Zope/issues/474>`_)
- Improve documentation for Zope's error logging services.
Raw data
{
"_id": null,
"home_page": "https://zope.readthedocs.io/en/latest/",
"name": "Zope",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Zope Foundation and Contributors",
"author_email": "zope-dev@zope.dev",
"download_url": "https://files.pythonhosted.org/packages/0c/ae/ecfdc66b4fb6e97be4d52cd28dc4827ba6def4a06d61e106a12f61a6b439/zope-5.11.1.tar.gz",
"platform": null,
"description": ".. image:: https://github.com/zopefoundation/Zope/actions/workflows/tests.yml/badge.svg\n :target: https://github.com/zopefoundation/Zope/actions/workflows/tests.yml\n\n.. image:: https://coveralls.io/repos/github/zopefoundation/Zope/badge.svg?branch=master\n :target: https://coveralls.io/github/zopefoundation/Zope?branch=master\n\n.. image:: https://readthedocs.org/projects/zope/badge/?version=latest\n :target: https://zope.readthedocs.org/en/latest/\n :alt: Documentation Status\n\n.. image:: https://img.shields.io/pypi/v/Zope.svg\n :target: https://pypi.org/project/Zope/\n :alt: Current version on PyPI\n\n.. image:: https://img.shields.io/pypi/pyversions/Zope.svg\n :target: https://pypi.org/project/Zope/\n :alt: Supported Python versions\n\n.. |nbsp| unicode:: 0xA0 \n :trim:\n\n|nbsp|\n\n.. image:: https://zopefoundation.github.io/Zope/artwork/Zope.svg\n :alt: Zope logo\n :width: 300px\n\n**Zope is an open-source web application server.**\n\nThis document provides some general information about Zope and provides\nlinks to other documents. The full documentation can be found at\nhttps://zope.readthedocs.io.\n\n\n.. contents::\n :local:\n :depth: 1\n\n\nInstallation\n============\n\nPlease visit the installation documentation at\nhttps://zope.readthedocs.io/en/latest/INSTALL.html for detailed installation\nguidance.\n\n\nLicense\n=======\n\nZope is licensed under the OSI-approved `Zope Public License` (ZPL), version\n2.1. The full license text is included in ``LICENSE.txt``.\n\n\nBug tracker\n===========\n\nBugs reports should be made through the Zope bugtracker at\nhttps://github.com/zopefoundation/Zope/issues. A bug report should\ncontain detailed information about how to reproduce the bug.\n\n\nChange log\n==========\n\nThese are all the changes for Zope 5, starting with the alpha releases,\nsince the branch point at Zope 4.1.2.\n\nThe change log for the previous version, Zope 4, is at\nhttps://github.com/zopefoundation/Zope/blob/4.x/CHANGES.rst\n\n5.11.1 (2024-11-03)\n-------------------\n\n- Update to newest compatible versions of dependencies.\n\n- Define ``request[\"PARENTS\"]`` before request parameter processing\n such that request failure subscribers (such as that of\n ``Products.SiteErrorLog``) can determine the error context\n for exceptions raised during request parameter processing\n (see `#1235 <https://github.com/zopefoundation/Zope/issues/1235>`_).\n \n\n5.11 (2024-10-11)\n-----------------\n\n- Add support for Python 3.13.\n\n- Drop support for Python 3.7.\n\n- Update to newest compatible versions of dependencies.\n\n- Added CC-BY 4.0 license to the Zope logo.\n\n- Fix ``IndexError`` on traversal past the root using `..`.\n (`#1218 <https://github.com/zopefoundation/Zope/issues/1218>`_)\n\n\n5.10 (2024-05-18)\n-----------------\n\n- Recognize Page Templates by file extension for WebDAV.\n (`#1212 <https://github.com/zopefoundation/Zope/issues/1212>`_)\n\n- Clean up and fix installation documentation.\n\n- Officially support Python 3.12.1.\n (`#1188 <https://github.com/zopefoundation/Zope/issues/1188>`_)\n\n- Fix redirections to URLs with host given as IP-literal with brackets.\n Fixes `#1191 <https://github.com/zopefoundation/Zope/issues/1191>`_.\n\n- Introduce the decorator ``ZPublisher.zpublish`` to explicitly\n control publication by ``ZPublisher``.\n For details see\n `#1197 <https://github.com/zopefoundation/Zope/pull/1197>`_.\n\n- Fix ``Content-Disposition`` filename for clients without rfc6266 support.\n (`#1198 <https://github.com/zopefoundation/Zope/pull/1198>`_)\n\n- Support ``Chameleon`` ``structure`` expression type.\n Fixes `#1077 <https://github.com/zopefoundation/Zope/issues/1077>`_.\n\n- Fix authentication error viewing ZMI with a user defined outside of zope root.\n Fixes `#1195 <https://github.com/zopefoundation/Zope/issues/1195>`_ and\n `#1203 <https://github.com/zopefoundation/Zope/issues/1195>`_.\n\n- Work around ``Products.CMFCore`` and ``Products.CMFPlone`` design bug\n (registering non callable constructors).\n For details, see\n `#1202 <https://github.com/zopefoundation/Zope/issues/1202>`_.\n\n\n5.9 (2023-11-24)\n----------------\n\n- Support form data in ``PUT`` requests (following the ``multipart`` example).\n Fixes `#1182 <https://github.com/zopefoundation/Zope/issues/1182>`_.\n\n- Separate ZODB connection information into new ZODB Connections view.\n\n- Move the cache detail links to the individual database pages.\n\n- Fix the auto refresh functionality on the Reference Count page\n\n- Update the Ace editor in the ZMI.\n\n- Restrict access to static ZMI resources.\n\n- Update to newest compatible versions of dependencies.\n\n- Add ``paste.filter_app_factory`` entry point ``content_length``.\n This WSGI middleware component can be used with\n WSGI servers which do not follow the PEP 3333 recommendation\n regarding input handling for requests with\n ``Content-Length`` header.\n Allows administrators to fix\n `#1171 <https://github.com/zopefoundation/Zope/pull/1171>`_.\n\n- Officially support Python 3.12.\n\n\n5.8.6 (2023-10-04)\n------------------\n\n- Make sure the object title in the ZMI breadcrumbs is quoted\n to prevent a cross-site scripting issue.\n\n- Update to newest compatible versions of dependencies.\n\n- Base the inline/attachment logic developed for CVE-2023-42458\n on the media type proper (ignore parameters and\n whitespace and normalize to lowercase)\n (`#1167 <https://github.com/zopefoundation/Zope/pull/1167>`_).\n\n\n5.8.5 (2023-09-21)\n------------------\n\n- Allow only some image types to be displayed inline. Force download for\n others, especially SVG images. By default we use a list of allowed types.\n You can switch a to a list of denied types by setting OS environment variable\n ``OFS_IMAGE_USE_DENYLIST=1``. You can override the allowed list with\n environment variable ``ALLOWED_INLINE_MIMETYPES`` and the disallowed list\n with ``DISALLOWED_INLINE_MIMETYPES``. Separate multiple entries by either\n comma or space. This change only affects direct URL access.\n ``<img src=\"image.svg\" />`` works the same as before. (CVE-2023-42458)\n See `security advisory <https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v>`_.\n\n- Tighten down the ZMI frame source logic to only allow site-local sources.\n Problem reported by Miguel Segovia Gil.\n\n- Added image dimensions to SVG file properties\n `#1146 <https://github.com/zopefoundation/Zope/pull/1146>`_.\n\n- Fix username not in access log for error requests, see issue\n `#1155 <https://github.com/zopefoundation/Zope/issues/1155>`_.\n\n- Update to newest compatible versions of dependencies.\n\n- Add preliminary support for Python 3.12rc3.\n\n\n5.8.4 (2023-09-06)\n------------------\n\n- Disable a ``ZCatalog`` (more precisly: ``Products.PluginIndexes``)\n performance test which occasionally fails on GitHub.\n For details, see\n `#1136 <https://github.com/zopefoundation/Zope/issues/1136>`_.\n\n- Restore filename on code objects of objects returned from\n ``App.Extensions.getObject()``. This got lost in 4.0a6.\n\n- Update to newest compatible versions of dependencies.\n\n- Add preliminary support for Python 3.12rc1.\n\n- Make ``mapply`` ``__signature__`` aware.\n This allows to publish methods decorated via a decorator\n which sets ``__signature__`` on the wrapper to specify\n the signature to use.\n For details, see\n `#1134 <https://github.com/zopefoundation/Zope/issues/1134>`_.\n Note: ``mapply`` still does not support keyword only, var positional\n and var keyword parameters.\n\n- Make Zope's parameters for denial of service protection configurable\n `#1141 <https://github.com/zopefoundation/Zope/issues/1141>`_.\n\n- Update ``RestrictedPython`` to version 6.2 to mitigate a security problem.\n (CVE-2023-41039)\n\n- Update ``AccessControl`` to version 6.2 to mitigate a security problem.\n (CVE-2023-41050)\n\n\n5.8.3 (2023-06-15)\n------------------\n\n- Fix handling of a request parameter of type ``file`` if no value\n has been specified;\n fixes `#1132 <https://github.com/zopefoundation/Zope/issues/1132>`_.\n\n- Fix adding Page Templates without valid file input from the ZMI\n (`#1130 <https://github.com/zopefoundation/Zope/issues/1130>`_)\n\n- Update to newest compatible versions of dependencies.\n\n\n5.8.2 (2023-05-22)\n------------------\n\n- Allow ``ZPublisher`` to handle both a query string and a request body;\n the request parameters from the query string are made available\n in the request attribute ``form`` (a ``dict``),\n the request body can be accessed via the request keys ``BODY``\n (a ``bytes`` object) or ``BODYFILE`` (a file like object).\n Fixes `#1122 <https://github.com/zopefoundation/Zope/issues/1122>`_.\n\n- Support access to the request's ``BODY`` key for WSGI servers\n which hand over an unseekable request body (such as e.g.\n ``Gunicorn``).\n Fixes `#1125 <https://github.com/zopefoundation/Zope/issues/1125>`_.\n\n- Do not break on GET requests that pass a query string\n and a `Content-Type` header.\n For details see `#1117 <https://github.com/zopefoundation/Zope/pull/1117>`_.\n\n- Implement code change suggestions from CodeQL scanning.\n\n- Added Japanese translations for some Sphinx docs\n (`#1109 <https://github.com/zopefoundation/Zope/issues/1109>`_)\n\n- Update to newest compatible versions of dependencies.\n\n- Update zope.ini.in skel to support log paths that use backslashes.\n (`#1106 <https://github.com/zopefoundation/Zope/issues/1106>`_)\n\n\n5.8.1 (2023-03-17)\n------------------\n\n- Sanitize tainting fixing\n `#1095 <https://github.com/zopefoundation/Zope/issues/1095>`_\n\n- Replace ``cgi.FieldStorage`` by ``multipart`` avoiding\n the ``cgi`` module deprecated by Python 3.11.\n\n Mark binary converters with a true ``binary`` attribute.\n\n Fix encoding handling and ``:bytes`` converter.\n\n See `#1094 <https://github.com/zopefoundation/Zope/pull/1094>`_.\n\n- Clean out and refactor dependency configuration files.\n\n- Update to newest compatible versions of dependencies.\n\n- Support the (non standard) ``charset`` parameter for\n content type ``application/x-www-form-urlencoded``.\n This is required (e.g. for ``Plone``) because\n ``jquery`` constructs content types of the form\n ```application/x-www-form-urlencoded; charset=utf-8``.\n For details see\n `plone/buildout.coredev#844\n <https://github.com/plone/buildout.coredev/pull/844>`_.\n\n\n5.8 (2023-01-10)\n----------------\n\n- Only set response header Content-Type as text/html on exception views when\n the response has content.\n (`#1089 <https://github.com/zopefoundation/Zope/issues/1089>`_)\n\n- Drop support for Python 3.6, it has been in end-of-life status for a while.\n\n- Update to newest compatible versions of dependencies.\n\n- Fix history page for classes modifying instances in ``__setstate__``,\n such as ``Products.PythonScripts.PythonScript`` instances.\n See `launchpad issue 735999\n <https://bugs.launchpad.net/zope2/+bug/735999>`_.\n\n\n5.7.3 (2022-12-19)\n------------------\n\n- Explicitly serve ``App.Dialogs.MessageDialog`` and exception views as HTML\n due to the changed default content type from `#1075\n <https://github.com/zopefoundation/Zope/pull/1075>`_.\n\n\n5.7.2 (2022-12-17)\n------------------\n\n- Fix some broken ZMI pages due to the changed default content type\n from PR https://github.com/zopefoundation/Zope/pull/1075\n (`#1078 <https://github.com/zopefoundation/Zope/issues/1078>`_)\n\n- Update to newest compatible versions of dependencies.\n\n\n5.7.1 (2022-12-16)\n------------------\n\n- Set the published default ``Content-Type`` header to ``text/plain``\n if none has been set explicitly to prevent a cross-site scripting attack.\n Also remove the old behavior of constructing an HTML page for published\n methods returning a two-item tuple.\n\n- Update to newest compatible versions of dependencies.\n\n\n5.7 (2022-11-17)\n----------------\n\n- Script `addzopeuser` accepts now parameter '-c' or '--configuration'.\n This allows passing in a custom location for the `zope.conf` file to use.\n If not specified, behavior is not altered.\n\n- Update to newest compatible versions of dependencies.\n\n- Change functional testing utilities to support percent encoded and unicode\n paths (`#1058 <https://github.com/zopefoundation/Zope/issues/1058>`_).\n\n- Decode basic authentication header as utf-8, not latin1 anymore\n (`#1061 <https://github.com/zopefoundation/Zope/issues/1061>`_).\n\n- Use UTF-8 charset for WWW-Authenticate headers in challenge responses,\n as described in `RFC7617 <https://datatracker.ietf.org/doc/html/draft-ietf-httpauth-basicauth-update-07#section-2.1>`_\n ( `#1065 <https://github.com/zopefoundation/Zope/pull/1065>`_).\n\n- Added `:json` converter in `ZPublisher.Converters`.\n (`#957 <https://github.com/zopefoundation/Zope/issues/957>`_)\n\n- Support Python 3.11.\n\n\n5.6 (2022-09-09)\n----------------\n\n- Make Products.PageTemplate engine compatible with Chameleon 3.10.\n\n- Update to newest compatible versions of dependencies.\n\n- Start work on Python 3.11 support, which will arrive in a later release.\n\n- Fix cookie path parameter handling:\n If the cookie path value contains ``%`` it is assumed to be\n fully quoted and used as is;\n if it contains only characters allowed (unquoted)\n in an URL path (with the exception of ``;``),\n it is used as is; otherwise, it is quoted using Python's\n ``urllib.parse.quote``\n (`#1052 <https://github.com/zopefoundation/Zope/issues/1052>`_).\n\n\n5.5.2 (2022-06-28)\n------------------\n\n- Update ``waitress`` to version 2.1.2.\n\n- Improvements on find_bad_templates(): check Filesystem Page\n Templates too and show html tags in web report\n (`#1042 <https://github.com/zopefoundation/Zope/issues/1042>`_)\n\n- Fix version pin specifications for Python 3.6 compatibility.\n (`#1036 <https://github.com/zopefoundation/Zope/issues/1036>`_)\n\n- Quote all components of a redirect URL (not only the path component)\n (`#1027 <https://github.com/zopefoundation/Zope/issues/1027>`_)\n\n- Drop the convenience script generation from the buildout configuration\n in order to get rid of a lot of dependency version pins.\n These were only needed for maintainers who can install them manually.\n (`#1019 <https://github.com/zopefoundation/Zope/issues/1019>`_)\n\n- Update to newest compatible versions of dependencies.\n\n- Modify \"manage_access\" to allow users to switch from the compact view\n to the complete matrix view when more than 30 roles are defined.\n (`#1039 <https://github.com/zopefoundation/Zope/pull/1039>`_)\n\n- Strip leading ``.`` in cookie domain names.\n (`#1041 <https://github.com/zopefoundation/Zope/pull/1041>`_)\n\n\n5.5.1 (2022-04-05)\n------------------\n\n- Update to newest compatible versions of dependencies.\n\n- Update ``waitress`` to version 2.1.1 to mitigate a vulnerability in that\n package. As ``waitress`` no longer supports Python 3.6 it is not advised\n to run Zope on Python 3.6 any longer even though it still supports Python\n 3.6. **Due to this security issue support for Python 3.6 is now officially\n deprecated. It will be removed with Zope version 5.7.**\n\n- To run ``bin/buildout`` inside the Zope project now ``zc.buildout >= 2.13.7``\n or ``zc.buildout >= 3.0.0b1`` is required.\n\n\n5.5 (2022-03-10)\n----------------\n\n- Fix several exceptions when calling ``ZPublisher.utils.fix_properties``.\n\n- Update to newest compatible versions of dependencies.\n\n- Enhance cookie support. For details, see\n `#1010 <https://github.com/zopefoundation/Zope/issues/1010>`_\n\n- Use intermediate ``str`` representation for non-bytelike response data unless\n indicated differently by the content type.\n (`#1006 <https://github.com/zopefoundation/Zope/issues/1006>`_)\n\n- Use ``zc.buildout 3.0rc2`` to install Zope to run its tests.\n\n\n5.4 (2022-01-09)\n----------------\n\n- Audit and fix all hyperlinks in code and documentation\n\n - Change zope.org references to zope.dev due to ongoing domain ownership\n issues. zope.dev is owned by the Plone Foundation and thus safe from\n interference. XML/ZCML namespace URLs remain unchanged.\n - Remove all links that are completely dead, such as the old zope.org\n Collectors issue trackers.\n - Update all other miscellaneous links to make them work again or remove if\n the information is gone.\n\n- Improve type guessing for the default WebDAV PUT factory\n (`#997 <https://github.com/zopefoundation/Zope/issues/997>`_)\n\n- Enable WebDAV PUT factories to change a newly created object's ID\n (`#997 <https://github.com/zopefoundation/Zope/issues/997>`_)\n\n- Fix potential race condition in ``App.version_txt.getZopeVersion``\n (`#999 <https://github.com/zopefoundation/Zope/issues/999>`_)\n\n- Don't coerce file upload fields for adding DTML Documents/Methods to string.\n This makes the Add forms work again with the ZPublisher converter code\n changes.\n\n- Remove deprecated ulines, utext, utokens, ustring from more code.\n In the properties form, show a deprecation warning.\n\n- Add function ``ZPublisher.utils.fix_properties``.\n You can call this to fix lines properties to only contain strings, not bytes.\n It also replaces the deprecated property types ulines, utext, utoken, and\n ustring with their non-unicode variants.\n (`#987 <https://github.com/zopefoundation/Zope/issues/987>`_)\n\n- Add support for Python 3.10.\n\n- Update to newest compatible versions of dependencies.\n\n\n5.3 (2021-07-31)\n----------------\n\n- Reinstate simple sessioning with ``Products.TemporaryFolder``\n because the underlying issues with ``tempstorage`` have been fixed.\n (`#985 <https://github.com/zopefoundation/Zope/issues/985>`_)\n\n- Update the ``AccessControl`` version pin to fix a remote code execution issue\n (see `AccessControl security advisory GHSA-qcx9-j53g-ccgf\n <https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf>`_)\n\n- Prevent ``DeprecationWarnings`` from moved imports in ``AccessControl``\n\n- make sure \"Manager\" users can always modify proxy roles\n (`see Products.PythonScripts#50\n <https://github.com/zopefoundation/Products.PythonScripts/issues/50>`_)\n\n- Deprecate usage of \"unicode\" converters. Also, the behavior of\n ``field2lines`` is now aligned to the other converters and returns a list of\n strings instead of a list of bytes.\n (`#962 <https://github.com/zopefoundation/Zope/issues/962>`_)\n\n- Update to newest compatible versions of dependencies.\n\n\n5.2.1 (2021-06-08)\n------------------\n\n- Prevent unauthorized traversal through authorized Python modules in\n TAL expressions\n\n- Facelift the Zope logo.\n (`#973 <https://github.com/zopefoundation/Zope/issues/973>`_)\n\n- Update to newest compatible versions of dependencies.\n\n\n5.2 (2021-05-21)\n----------------\n\n- Prevent traversal to names starting with ``_`` in TAL expressions\n and fix path expressions for the ``chameleon.tales`` expression engine.\n\n- Provide friendlier ZMI error message for the Transaction Undo form\n (`#964 <https://github.com/zopefoundation/Zope/issues/964>`_)\n\n- Updated/fixed the poll application tutorial in the Zope Developers Guide\n (`#958 <https://github.com/zopefoundation/Zope/issues/958>`_)\n\n- Update to newest versions of dependencies.\n\n- Depend on ``zope.datetime`` for the functions ``iso8601_date``,\n ``rfc850_date``, and ``rfc1123_date`` which used to be in ``App.Common``\n keeping backwards-compatibility imports in place.\n\nBackwards incompatible changes\n++++++++++++++++++++++++++++++\n\n- With the exception of ``field2bytes``, field converters do no longer try to\n read file like objects\n (`#558 <https://github.com/zopefoundation/Zope/issues/558>`_)\n\n\n5.1.2 (2021-03-02)\n------------------\n\n- Enforce Zope permissions during recursive XML-RPC data dumps\n (`#954 <https://github.com/zopefoundation/Zope/issues/954>`_)\n\n- The ``compute_size`` method properly returns None if the content does not\n have a ``get_size`` method but the parent has.\n (`#948 <https://github.com/zopefoundation/Zope/issues/948>`_)\n\n- Fix control panel tab links on all control panel pages\n\n- Update to newest versions of dependencies.\n\n\n5.1.1 (2021-02-10)\n------------------\n\n- Replace (in ``OFS``) the deprecated direct ``id`` access by\n ``getId`` calls.\n (`#903 <https://github.com/zopefoundation/Zope/issues/903>`_)\n\n- Update ZMI dependencies for Font Awesome, jQuery and bootstrap.\n\n- Revise debug info GUI\n (`#937 <https://github.com/zopefoundation/Zope/pull/937>`_)\n\n- Convert ``bytes`` ``HTTPResponse`` header value to ``str``\n via ``ISO-8859-1`` (the default encoding of ``HTTP/1.1``).\n\n- Fix rendering of not found resources.\n (`#933 <https://github.com/zopefoundation/Zope/pull/933>`_)\n\n- Update to newest versions of dependencies.\n\n\n5.1 (2020-11-12)\n----------------\n\nBackwards incompatible changes\n++++++++++++++++++++++++++++++\n\n- Exclude characters special for ``chameleon``'s interpolation syntax\n (i.e. ``${}``) from use in TALES path expressions to reduce the failure risk\n for the ``chameleon`` interpolation heuristics\n (`#925 <https://github.com/zopefoundation/Zope/issues/925>`_)\n\nFeatures\n++++++++\n\n- Restore the ZMI `Debug Information` control panel page\n (`#898 <https://github.com/zopefoundation/Zope/issues/898>`_)\n\nFixes\n+++++\n\n- Fix ZMI visibility of pre elements in error log\n (`Products.SiteErrorLog#26\n <https://github.com/zopefoundation/Products.SiteErrorLog/issues/26>`_)\n\n- Fix ``length`` for page template repeat variables\n (`#913 <https://github.com/zopefoundation/Zope/issues/913>`_)\n\n- Update `isort` to version 5.\n (`#892 <https://github.com/zopefoundation/Zope/pull/892>`_)\n\n- Update to newest versions of dependencies.\n\n\n5.0 (2020-10-08)\n----------------\n\nBackwards incompatible changes\n++++++++++++++++++++++++++++++\n\n- Drop support for Python 3.5 as it will run out of support soon.\n (`#841 <https://github.com/zopefoundation/Zope/issues/841>`_)\n\n\nFeatures\n++++++++\n\n- HTTP header encoding support\n (`#905 <https://github.com/zopefoundation/Zope/pull/905>`_)\n\n- Add support for Python 3.9.\n\n- New interface ``Products.PageTemplates.interfaces.IZopeAwareEngine``.\n It can be used as the \"provides\" of an adapter registration\n to adapt a non ``Zope`` tales engine to an engine to be used\n by ``Zope`` page templates\n (`#864 <https://github.com/zopefoundation/Zope/issues/864>`_).\n Currently, the adaptation is used only when the\n template is rendered with ``chameleon``;\n with ``zope.pagetemplate``, the engine is used\n as is - this may change in the future.\n\n- Allow (some) builtins as first element of a (TALES) path expression:\n in an untrusted context, the builtins from\n ``AccessControl.safe_builtins`` are allowed;\n in a trusted context, all Python builtins are allowed in addition\n (and take precedence)\n (`zope.tales#23 <https://github.com/zopefoundation/zope.tales/issues/23>`_).\n\n- Support the ``attrs`` predefined template variable again (as\n far as ``chameleon`` allows it)\n (`#860 <https://github.com/zopefoundation/Zope/issues/860>`_).\n\n- Use ``Chameleon`` (>= 3.7.2) configuration to get better\n information for errors detected during template execution\n (`#837 <https://github.com/zopefoundation/Zope/issues/837>`_).\n\nFixes\n+++++\n\n- Provide a more senseful ``OFS.SimpleItem.Item_w__name__.id``\n to avoid bugs by use of deprecated direct ``id`` access\n (as e.g. (`#903 <https://github.com/zopefoundation/Zope/issues/903>`_).\n\n- Update to ``zope.interface > 5.1.0`` to fix a memory leak.\n\n- Fix export of files with non-latin-1 compatible names\n (`#890 <https://github.com/zopefoundation/Zope/issues/890>`_)\n\n- Avoid unsolicited translations\n (`#876 <https://github.com/zopefoundation/Zope/issues/876>`_)\n\n- Make \"chameleon-zope context wrapping\" more faithful.\n (`#873 <https://github.com/zopefoundation/Zope/pull/873/files>`_)\n\n- Let \"unicode conflict resolution\" work for all templates (not just\n ``ZopePageTemplate``).\n (`#872 <https://github.com/zopefoundation/Zope/pull/872/files>`_)\n\n- Make \"Unicode Conflict Resolution\" available for templates\n rendered with ``chameleon``\n (`Products.CMFPlone#3145\n <https://github.com/plone/Products.CMFPlone/issues/3145>`_).\n\n- Improve documentation of ``CONTEXTS`` in the \"Zope Book\".\n\n- Decrease cookie size for copy/paste clipboard cookie\n (`#854 <https://github.com/zopefoundation/Zope/issues/854>`_)\n\n- Fix ``default`` keyword handling in page templates\n (`#846 <https://github.com/zopefoundation/Zope/issues/846>`_)\n\n- Fix parsing of package version and show correct major version in the ZMI\n\n- Improve solidity of the ``debugError`` method.\n (`#829 <https://github.com/zopefoundation/Zope/issues/829>`_)\n\n- Fix that ``ZTUtils.LazyFilter`` could not be imported inside a restricted\n Python script.\n (`#901 <https://github.com/zopefoundation/Zope/pull/901>`_)\n\nOther changes\n+++++++++++++\n\n- Add ``pyupgrade`` via ``pre-commit``\n (`#859 <https://github.com/zopefoundation/Zope/issues/859>`_)\n\n- Add ``tal:switch`` test\n\n\n5.0a2 (2020-04-24)\n------------------\n\nBug fixes\n+++++++++\n\n- Pin ``AccessControl`` 4.2 for the `Manage WebDAV Locks` permission\n\n- Fix ``HEAD`` requests on registered views\n (`#816 <https://github.com/zopefoundation/Zope/issues/816>`_)\n\n- Improve ``chameleon`` --> ``zope.tales`` context wrapper\n (support for template variable injection)\n (`#812 <https://github.com/zopefoundation/Zope/pull/812>`_).\n\n- Require ``zope.tales>=5.0.2``\n\n- Fix issue 717 by fully honoring the engine returned by\n ``PageTemplate.pt_getEngine``\n (`#717 <https://github.com/zopefoundation/Zope/issues/717>`_).\n The engine also decides about the use of ``zope.tales``\n (engine is an instance of ``zope.pagetemplate.engine.ZopeBaseEngine``)\n or ``chameleon.tales`` (otherwise) TALES expressions.\n\n- Fixed encoding issue of `displayname` WebDAV property\n (`#797 <https://github.com/zopefoundation/Zope/issues/797>`_)\n\n- Fixed fallback implementation of ``manage_DAVget``\n (`#799 <https://github.com/zopefoundation/Zope/issues/799>`_)\n\nOther changes\n+++++++++++++\n\n- Update to newest versions of dependencies.\n\n\n5.0a1 (2020-02-28)\n------------------\n\nBackwards incompatible changes\n++++++++++++++++++++++++++++++\n\n- Drop support for Python 2.7 aka Zope 5 cannot be run on Python 2 any more.\n If you are still running on Python 2.7 upgrade to the latest Zope 4 version\n first, migrate to Python 3 and than switch to Zope 5.\n (`#692 <https://github.com/zopefoundation/Zope/issues/692>`_)\n\n- Remove all backwards-compatibility code marked to go away in Zope 5\n (`#478 <https://github.com/zopefoundation/Zope/issues/478>`_)\n\n- Drop support for running Zope with ZServer as it is Python 2 only.\n (`#592 <https://github.com/zopefoundation/Zope/issues/592>`_)\n\n- Remove deprecated ``postProcessInputs`` request method.\n (`#782 <https://github.com/zopefoundation/Zope/issues/782>`_)\n\n- Remove deprecated module ``ZPublisher.maybe_lock``.\n (`#758 <https://github.com/zopefoundation/Zope/issues/758>`_)\n\n- Remove Help System methods from the product context.\n (`#756 <https://github.com/zopefoundation/Zope/issues/756>`_)\n\n- Remove more deprecated code.\n (`#757 <https://github.com/zopefoundation/Zope/issues/757>`_)\n\n- Updated Zope documentation sources for Zope 5.\n (`#659 <https://github.com/zopefoundation/Zope/issues/659>`_)\n\nNew features\n++++++++++++\n\n- Restore WebDAV support in Zope.\n (`#744 <https://github.com/zopefoundation/Zope/issues/744>`_)\n\n- Enable WebDAV support independent of ``ZServer``.\n (`#787 <https://github.com/zopefoundation/Zope/pull/787>`_)\n\n- Clean up and sanitize permissions used for WebDAV-related methods.\n\n- Add ``wsgi.file_wrapper`` implementation\n https://www.python.org/dev/peps/pep-0333/#optional-platform-specific-file-handling\n (`#719 <https://github.com/zopefoundation/Zope/pull/719>`_)\n\nBug fixes\n+++++++++\n\n- Only use ``wsgi.file_wrapper`` for response bodies with a ``read`` method.\n (`#763 <https://github.com/zopefoundation/Zope/issues/763>`_)\n\n- Improve detection of HTTPS requests.\n (`#680 <https://github.com/zopefoundation/Zope/issues/680>`_)\n\n- Fix several ZMI links so they respect virtual hosting.\n (`#788 <https://github.com/zopefoundation/Zope/issues/788>`_)\n\n- Fix sort link URLs on ``manage_main``\n (`#748 <https://github.com/zopefoundation/Zope/issues/748>`_)\n\n- More tests to make sure all ``__str__`` implementations return native\n strings.\n (`#692 <https://github.com/zopefoundation/Zope/issues/692>`_)\n\n- Fix longstanding test bug by forcing the page template engine.\n Many tests in ``Products.PageTemplates`` used the old Zope page template\n engine because the correct one was not registered during setup.\n\n- Close opened db during shutdown (as ZServer is already doing).\n (`#740 <https://github.com/zopefoundation/Zope/issues/740>`_)\n\n- The method ``unrestrictedTraverse`` raises an error when\n the argument ``path`` is not something it can work with.\n (`#674 <https://github.com/zopefoundation/Zope/issues/674>`_)\n\n- Improve ZMI Security Tab usability for high numbers of roles.\n (`#730 <https://github.com/zopefoundation/Zope/issues/730>`_)\n\n- Some small ZMI rendering fixes.\n (`#729 <https://github.com/zopefoundation/Zope/issues/729>`_)\n\n- Fix error when using database minimize in the ZMI.\n (`#726 <https://github.com/zopefoundation/Zope/issues/726>`_)\n\n- Fix ``__getattr__`` signature in ``UnauthorizedBinding``.\n (`#703 <https://github.com/zopefoundation/Zope/issues/703>`_)\n\n- Fix VirtualHostMonster not being able to set mappings under Python 3.\n (`#708 <https://github.com/zopefoundation/Zope/issues/708>`_)\n\n- Reduce the danger of acquiring built-in names on the ZMI Find tab.\n (`#712 <https://github.com/zopefoundation/Zope/issues/712>`_)\n\n- Restore the mistakenly removed Properties ZMI tab on Image objects\n (`#706 <https://github.com/zopefoundation/Zope/issues/706>`_)\n\n- Fix ``OFS.Image.File.__str__`` for ``Pdata`` contents\n (`#711 <https://github.com/zopefoundation/Zope/issues/711>`_)\n\n- Set ``REMOTE_USER`` in wsgi environ using Zope user authentication\n (`#713 <https://github.com/zopefoundation/Zope/pull/713>`_)\n\n- Add ``Paste`` as ``extras_require`` dependency to pull in ``Paste`` when\n installing with `pip` and `constraints.txt` to prevent startup errors.\n This requires adding the ``[wsgi]`` extra in the egg specification.\n (`#734 <https://github.com/zopefoundation/Zope/issues/734>`_)\n\nOther changes\n+++++++++++++\n\n- Move retried request delay handling out of ``supports_retry``\n (`#474 <https://github.com/zopefoundation/Zope/issues/474>`_)\n\n- Improve documentation for Zope's error logging services.\n",
"bugtrack_url": null,
"license": "ZPL 2.1",
"summary": "Zope application server / web framework",
"version": "5.11.1",
"project_urls": {
"Documentation": "https://zope.readthedocs.io",
"Homepage": "https://zope.readthedocs.io/en/latest/",
"Issue Tracker": "https://github.com/zopefoundation/Zope/issues",
"Sources": "https://github.com/zopefoundation/Zope"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c1b23a5c7598d741bc0adb2f3fae24dcfcaf0f972c40fcd9b1e024da5eac0e22",
"md5": "6cd2b0c4499d487094a7e573042b7249",
"sha256": "6bcdebc93730f1f0c339da1f4220ee11b11861eb4ed486cb6911db0a2e52a2fd"
},
"downloads": -1,
"filename": "Zope-5.11.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6cd2b0c4499d487094a7e573042b7249",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 3202104,
"upload_time": "2024-11-03T13:50:30",
"upload_time_iso_8601": "2024-11-03T13:50:30.141961Z",
"url": "https://files.pythonhosted.org/packages/c1/b2/3a5c7598d741bc0adb2f3fae24dcfcaf0f972c40fcd9b1e024da5eac0e22/Zope-5.11.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0caeecfdc66b4fb6e97be4d52cd28dc4827ba6def4a06d61e106a12f61a6b439",
"md5": "90a6ceb2842ee48b433a7fb02d4f0fe9",
"sha256": "8dbdb29de467efb9a77f316bfebb9703e19ff5403921c68a92369f3e59315324"
},
"downloads": -1,
"filename": "zope-5.11.1.tar.gz",
"has_sig": false,
"md5_digest": "90a6ceb2842ee48b433a7fb02d4f0fe9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 12632889,
"upload_time": "2024-11-03T13:50:35",
"upload_time_iso_8601": "2024-11-03T13:50:35.499991Z",
"url": "https://files.pythonhosted.org/packages/0c/ae/ecfdc66b4fb6e97be4d52cd28dc4827ba6def4a06d61e106a12f61a6b439/zope-5.11.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-03 13:50:35",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "zopefoundation",
"github_project": "Zope",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "zope"
}