Zope

Written in Python, a highly-productive, object-oriented scripting language, it allows developers to build complex apps like CMSs, intranets, online stores, and more.

Zope combines the ZODB object database and a built-in security system.

What is new in this release:

• Logging of client IP rather than the IP of the Proxy. Please be aware that this only logs the real client ips to Z2.log, if you set you proxy as a trusted-proxy in zope.conf.

What is new in version 2.13.22:

• Logging of client IP rather than the IP of the Proxy. Please be aware that this only logs the real client ips to Z2.log, if you set you proxy as a trusted-proxy in zope.conf.

What is new in version 2.13.20:

• Protect views of ZPT source with 'View Management Screens' permision.
• Make sure the generated classes for simple browser pages (SimpleViewClasses) have a str __name__.
• In PageTemplate.pt_errors accept the check_macro_expansion argument. This is added for compatibility with zope.pagetemplate 4.0.0. The argument is ignored.
• Updated to Zope Toolkit 1.0.8.

What is new in version 2.13.19:

• Use a stronger random number generator and a constant time comparison function.
• Fixed ZMI properties edit form for properties named method.
• Fixed support for zoperunner section in zope.conf.
• Explicitly close all databases on shutdown, which ensures Data.fs.index gets written to the file system.
• Scrub headers a bit more.

What is new in version 2.13.17:

• Updated distributions:
• AccessControl = 2.13.10
• Products.PythonScripts = 2.13.2

What is new in version 2.13.16:

• OFS: Fixed TypeError handling in unrestrictedTraverse.
• ZPublisher: Do not assume that you can iterate over a publishable object.
• ZPublisher: Do not guess it is a webdav request if the HTTP method is purge.

What is new in version 2.13.15:

• Fix lock file cleanup if there's an error early in startup.

What is new in version 2.13.14:

• Fixed HTTPS detection under mod_wsgi.
• Doesn't translate interface names in edit_markers ZMI view.
• Fixed TypeError in cache_detail ZMI view.
• Cleaned up lock and pid files if the process dies early in startup.
• Added PubStart, PubBeforeCommit and PubAfterTraversal events to the WSGI publisher.
• Fixed a traversal regression introduced in 2.13.12.
• Updated to Zope Toolkit 1.0.7.

What is new in version 2.13.13:

• Ensure that ObjectManager's get and __getitem__ methods return only "items" (no attributes / methods from the class or from acquisition).
• Updated to Zope Toolkit 1.0.6.
• Removed HTML tags from exception text of Unauthorized exception because these tags get escaped since CVE-2010-1104 (see 2.13.12) got fixed.

What is new in version 2.13.11:

• Fixed missing security declaration for ObjectManager class.
• Avoid conflicting signal registrations when run under mod_wsgi. Allows the use of WSGIRestrictSignal Off.
• Make it possible to use WSGI without repoze.who.
• Fixed serious authentication vulnerability in stock configuration.