gmane.comp.web.zope.announce

ANN: eGenix mxODBC Zope Database Adapter 2.0.2

eGenix Team: M.-A. Lemburg — 2012-02-09T15:17:18

________________________________________________________________________
ANNOUNCEMENT

                     mxODBC Zope Database Adapter

                            Version 2.0.2

                     for Zope and the Plone CMS

                Available for Zope 2.10 and later on
        Windows, Linux, Mac OS X, FreeBSD and other platforms

This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-mxODBC-Zope-DA-2.0.2-GA.html

________________________________________________________________________
INTRODUCTION

The eGenix mxODBC Zope Database Adapter allows you to easily connect
your Zope or Plone installation to just about any database backend on
the market today, giving you the reliability of the commercially
supported eGenix product mxODBC and the flexibility of the ODBC
standard as middle-tier architecture.

The mxODBC Zope Database Adapter is highly portable, just like Zope
itself and provides a high performance interface to all your ODBC data
sources, using a single well-supported interface on Windows, Linux,
Mac OS X, FreeBSD and other platforms.

This makes it ideal for deployment in ZEO Clusters and Zope hosting
environments where stability and high performance are a top priority,
establishing an excellent basis and scalable solution for your Plone
CMS.

Product page:

    http://www.egenix.com/products/zope/mxODBCZopeDA/

________________________________________________________________________
NEWS

We are pleased to announce a new version 2.0.2 of our mxODBC Zope DA
product.

With the patch level 2.0.2 release we have updated the integrated
mxODBC Python Extension to the latest 3.1.1 release, which
includes a number of important workarounds for these ODBC drivers:

 * Oracle 10gR1 and 10gR2
 * Oracle 11gR1 and 11gR2
 * Teradata 13
 * Netezza

Due to popular demand, we have also added instructions on how to
install mxODBC Zope DA 2.0 with Plone 4.1 and Zope 2.13 - even though
this combination is not officially supported by the mxODBC Zope DA 2.0
series:

    http://www.egenix.com/products/zope/mxODBCZopeDA/#Installation

________________________________________________________________________
UPGRADING

Licenses purchased for version 2.0.x of the mxODBC Zope DA will continue
to work with the 2.0.2 patch level release.

Licenses purchased for version 1.0.x of the mxODBC Zope DA will not
work with version 2.0. More information about available licenses
is available on the product page:

    http://www.egenix.com/products/zope/mxODBCZopeDA/#Licensing

Compared to the popular mxODBC Zope DA 1.0, version 2.0 offers
these enhancements:

 * Includes mxODBC 3.1 with updated support for many current ODBC
   drivers, giving you more portability and features for a wider
   range of database backends.

 * Mac OS X 10.6 (Snow Leopard) support.

 * Plone 3.2, 3.3, 4.0 support. Plone 4.1 works as well.

 * Zope 2.10, 2.11, 2.12 support. Zope 2.13 works as well.

 * Python 2.4 - 2.6 support.

 * Zero maintenance support to automatically reconnect the
   Zope connection after a network or database problem.

 * More flexible Unicode support with options to work with
   pure Unicode, plain strings or mixed setups - even for
   databases that don't support Unicode

 * Automatic and transparent text encoding and decoding

 * More flexible date/time support including options to work
   with Python datetime objects, mxDateTime, strings or tuples

 * New decimal support to have the Zope DA return decimal
   column values using Python's decimal objects.

 * Fully eggified to simplify easy_install and zc.buildout based
   installation

________________________________________________________________________
MORE INFORMATION

For more information on the mxODBC Zope Database Adapter, licensing
and download instructions, please visit our web-site:

    http://www.egenix.com/products/zope/mxODBCZopeDA/

You can buy mxODBC Zope DA licenses online from the eGenix.com shop at:

    http://shop.egenix.com/

________________________________________________________________________

Thank you,

Announcement: 2012 Zope Foundation Board Elections andGeneral Meeting

Tres Seaver — 2012-02-01T21:45:20

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Apologies in advance for the cross-post:  we need this to reach the
whole Zope community).


The Zope Foundation board is pleased to announce the regular 2012
general meeting of the foundation will be held on Friday, 16 March
2012, at 15:00 UTC.  The meeting will be conducted via IRC at the
following channel:

irc://irc.freenode.net/#zope-foundation

Prior to that meeting, the current board will conduct an elections in
which foundation members will select seven (7) board members in
accordance with the foundation bylaws[1].


Summary
- -------

- - Nominations open via the foundation< at >zope.org mailing list until
  Friday, 2012-02-10.

- - Voting via e-mail to a closed mailing list, from Wednesday,
  2012-02-15 through Friday, 2012-03-02.

- - Votes tallied by representatives of the current board,
  using "Meek and Warrent STV" method using OpenSTV software.

- - General meeting and seating of the new board, Friday, 2012-03-16.


Procedure for Elections
- -----------------------

The procedure for the elections is as follows:

- - Foundation members may nominate any member by responding to the
  board's announcment on the foundation< at >zope.org maling list.
  Nominations will remain open until Friday, 2012-02-10, 23:00 UTC.

- - At the close of the nominations period, the board will create a new
  mailman list, 'zf-elections-2012', and approve all ZF members to post
  to the list.  In order to preserve anonymity of votes, foundation
  members will not be subscribers to the list;  access to the list
  archives will be restricted to the "tellers" appointed by the board.

- - On Wednesday, 2012-02-15, the Secretary will send an e-mail announcing
  the opening of the voting period. This email will contain the ballot,
  with careful instructions about how to rank preferences in the reply.
  The Reply-to header of this e-mail will be set to the
  'zf-elections-2012' list.

- - ZF members will vote by replying to that e-mail.  Voting will remain
  open until Friday, 2012-03-02, 23:00 UTC.

- - At the close of voting, the board will appoint two of its members as
  "tellers."  The tellers will use the list archive to tabulate the
  members' votes, using the OpenSTV application[2] configured to use the
  Meek and Warren STV method[3].  The tellers will report the election
  results, along with the raw tallies, at a special board meeting to be
  held on Tuesday, 2012-03-13, 15:00 UTC.

- - After canvassing the results from the tellers, the board will notify
  all nominees of the success / failure of their candidacy, thanking
  them for their willingness to serve.

- - At the general meeting, the last item on the agenda will the
  announcement of the election results, including a vote to "seat" the
  board.


An online version of this announcement is available at:

  http://foundation.zope.org/news/2012_election_and_general_meeting


References
- ----------

[1] http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf

[2] http://stv.sourceforge.net/aboutopenstv

[3] http://stv.sourceforge.net/votingmethods/meek



Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver< at >palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8psnAACgkQ+gerLs4ltQ6l+ACglK1iWt6eq0z52Zojiq9n0id2
weoAnRs57WAoLtDLqyaBM/YdzkEMQ5Bv
=1oDS
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists -
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Annoucment: CVE-2010-1104, hotfix,Zope 2.12.22 and 2.13.12 releases

Tres Seaver — 2012-01-18T22:30:30

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Overview
========

In response to the cross-site scripting vulnerability in Zope2 reported as
'CVE 2010-1104'[1], the Zope security response team announces the
availablility of a hotfix product (for Zope < 2.12), and new releases for
the Zope 2.12 and 2.13 lines:

Hotfix:  http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104

Zope 2.12.22:  http://pypi.python.org/pypi/Zope2/2.12.22

Zope 2.13.12:  http://pypi.python.org/pypi/Zope2/2.13.12


WARNING: Zope < 2.12 is no longer officially supported, and may have
         other unpatched vulnerabilities. You are encouraged to
         upgrade to a supported Zope 2.


Installing the Hotfix
=====================

The hotfix has been tested with Zope instances using Zope 2.8.x - 2.11.x.
Users of Zope 2.12.x and 2.13.x should instead update to the latest
corresponding minor revision, which already includes this fix.

Download the tarball from the PyPI page:

 http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104

Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of
your instance.  E.g.::

  products /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products

and restart.  Alternatively, you may copy or symlink the 'Products'
directory into the 'Products' subdirectory of your Zope instance.  E.g.::

  $ cp -r /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products \
    /path/to/instance/Products/


Verifying the Installation
- --------------------------

After restarting the Zope instance, check the
'Control_Panel/Products' folder in the Zope Management Interface,
e.g.:

  http://localhost:8080/Control_Panel/Products/manage_main

You should see the 'Zope_Hotfix_CVE_2010_1104' product folder there.




[1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1104



Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver< at >palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8XSAYACgkQ+gerLs4ltQ4hNgCeIuBeZz2deF95lglP+kiGg66I
YCAAnjiaDBpuB5XD0wAK7WHicxPp1abS
=MsHo
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists -
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

MailingLogger 3.7.0 Released!

Chris Withers — 2012-01-18T08:48:28

I'm pleased to announce a new release of Mailinglogger.

Mailinglogger provides two handlers for the standard python
logging framework that enable log entries to be emailed either as the
entries are logged or as a summary at the end of the running process.

The handlers have the following features:

- customisable and dynamic subject lines for emails sent

- emails sent with a configurable headers for easy filtering

- flood protection to ensure the number of emails sent is not excessive

- support for SMTP servers that require authentication

- fully documented and tested

This release fixes a long standing bug that occurred when logging 
unicode messages.

It also provides support for sending colourised HTML emails:

http://packages.python.org/mailinglogger/html.html

Full docs can be found here:

http://packages.python.org/mailinglogger/

For more information, please see:
http://www.simplistix.co.uk/software/python/mailinglogger
or
http://pypi.python.org/pypi/mailinglogger

cheers,

Chris

MailingLogger 3.6.0 Released!

Chris Withers — 2011-11-25T08:14:36

I'm pleased to announce a new release of Mailinglogger.

Mailinglogger provides two handlers for the standard python
logging framework that enable log entries to be emailed either as the
entries are logged or as a summary at the end of the running process.

The handlers have the following features:

- customisable and dynamic subject lines for emails sent

- emails sent with a configurable headers for easy filtering

- flood protection to ensure the number of emails sent is not excessive

- support for SMTP servers that require authentication

- fully documented and tested

The only change for this release is to allow summaries sent by 
SummarisingLogger to contain messages logged at a lower level than those 
which triggered the summary to be emailed.

Full docs can be found here:

http://packages.python.org/mailinglogger/

For more information, please see:
http://www.simplistix.co.uk/software/python/mailinglogger
or
http://pypi.python.org/pypi/mailinglogger

cheers,

Chris

Hotfix for security vulnerability

Tres Seaver — 2011-10-24T21:54:28

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On behalf of the Zope security response team, I would like to announce
the availability of a hotfix for a vulnerability inadvertently
published earlier today.

'Products.Zope_Hotfix_20111024' README
======================================

Overview
- --------

This hotfix addresses a serious vulnerability in the Zope2
application server.  Affected versions of Zope2 include:

- - 2.12.x <= 2.12.20

- - 2.13.x <= 2.13.6

Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.

The Zope2 security response team recommends that all users of
these releases upgrade to an unaffected release (2.12.21 or
2.13.11) as soon as they become available.

Until that upgrade is feasible, deploying this hotfix also
mitigates the vulnerability.


Installing the Hotfix:  Via 'easy_install'
- -------------------------------------------

If the Python which runs your Zope instance has 'setuptools'
installed (or is a 'virtualenv'), you can install the hotfix
directly from PyPI::

  $ /prefix/bin/easy_install Products.Zope_Hotfix_20111024

and then restart the Zope instance, e.g.:

  $ /path/to/instance/bin/zopectl restart


Installing the Hotfix:  Via 'zc.buildout'
- -----------------------------------------

If your Zope instance is managed via 'zc.buildout', you can
install the hotfix directly from PyPI.  Edit the 'buildout.cfg'
file, adding "Products.Zope_Hotfix_20111024" to the "eggs"
section of the instance.  E.g.::

  [instance] recipe = plone.recipe.zope2instance #...  eggs =
  ${buildout:eggs} Products.Zope_Hotfix_20111024

Next, re-run the buildout::

  $ /path/to/buildout/bin/buildout

and then restart the Zope instance, e.g.:

  $ /path/to/buildout/bin/instance restart


Installing the Hotfix:  Manual Installation
- -------------------------------------------

You may also install this hotfix manually.  Download the tarball from
the PyPI page:

 http://pypi.python.org/pypi/Products.Zope_Hotfix_20111024

Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of
your instance.  E.g.::

  products /path/to/Products.Zope_Hotfix_20111024/Products

and restart.


Verifying the Installation
- --------------------------

After restarting the Zope instance, check the
'Control_Panel/Products' folder in the Zope Management Interface,
e.g.:

  http://localhost:8080/Control_Panel/Products/manage_main

You should see the 'Zope_Hotfix_20111024' product folder there.



Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver< at >palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6l3pQACgkQ+gerLs4ltQ66AgCfT1cd94LXzBtdzNiBqKXnGBIF
7dwAoISO0AkuvERn+cw4W0cPo82c5r+D
=xRBY
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Security vulnerabiity 20110928: Arbitrary CodeExecution (pre-announcement)

Tres Seaver — 2011-09-28T21:46:11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Zope security response team is pre-announcing a fix for a
vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of
arbitrary code by anonymous users.

This is a severe vulnerability that allows an unauthenticated attacker
to employ a carefully crafted web request to execute arbitrary commands
with the privileges of the Zope service.

Versions Affected:  Zope 2.12.x and Zope 2.13.x.

Versions Not Affected: Zope 2.9.x, Zope 2.10.x, Zope 2.11.x

This is a pre-announcement. Due to the severity of this issue we are
providing an advance warning of an upcoming patch, which will be
released 2011-10-04 15:00 UTC.


What you should do in advance of patch availability
===================================================

Due to the nature of the vulnerability, the security team has decided to
pre-announce that a fix is upcoming before disclosing the details. This
is to ensure that concerned users can plan around the release.  As the
fix being published will make the details of the vulnerability public,
we are recommending that all users plan a maintenance window for 30
minutes either side of the announcement where your site is completely
inaccessible in which to install the fix.

Meanwhile, we STRONGLY recommend that you take the following steps to
protect your site:

- - Make sure that the Zope service is running with with minimum
  privileges. Ideally, the Zope and ZEO services should be able to
  write only to log and data directories.

- - Use an intrusion detection system that monitors key system resources
  for unauthorized changes.

- - Monitor your Zope, reverse-proxy request and system logs for unusual
  activity.

In this case, these are standard precautions that should be employed on
any production system.

Extra help
==========

Should you not have in-house server administrators or a service
agreement looking after your website you can find consultancy companies
on plone.net.

There is also free support available online via Zope mailing lists and
the #zope IRC channels.

Questions and Answers
=====================

Q: When will the patch be made available?
A: The Security Team will release the patch at 2011-10-04 15:00 UTC.

Q. What will be involved in applying the patch?
A. Patches are made available as tarball-style archives that may be
unpacked into the “products” folder of a buildout installation and as
Python packages that may be installed by editing a buildout
configuration file and running buildout.  Patching is generally easy and
quick to accomplish.

Q: How was this vulnerability found?
A: This issue was found as part of a routine audit performed by the
Plone Security team.

Q: My site is highly visible and mission-critical. I hear the patch has
already been developed. Can I get the fix before the release date?
A: No. The patch will be made available to all users at the same time.
There are no exceptions.

Q: If the patch has been developed already, why isn't it already made
available to the public?
A: The Security Team is still testing the patch and running various
scenarios thoroughly. The team is also making sure everybody has
appropriate time to plan to patch their Zope installation(s). Some
consultancy organizations have hundreds of sites to patch and need the
extra time to coordinate their efforts with their clients.

Q: How does one exploit the vulnerability?
A: This information will not be made available until after the patch is
made available.

Q: Is there a CVE record for this vulnerability?
A: Not yet. This information will be added when available.

If you have specific questions about this vulnerability or its handling,
contact the Zope Security Team, security-response< at >zope.org.

To report potentially security-related issues, please send a mail to the
Zope Security Team at security-response< at >zope.org. The security team is
always happy to credit individuals and companies who make responsible
disclosures.

Information for vulnerability database maintainers
==================================================

CVSS Base Score
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:P/RL:O/RC:C)

Impact Subscore
6.4

Exploitability Subscore
10

CVSS Temporal Score
5.9

Credit
Alan Hoey


Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver< at >palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6DlaMACgkQ+gerLs4ltQ7D+gCgz6WA6J44vxkhjnJGquBzCR33
nPgAn3cl0/do5VB+B6h9WmM22yIGOb7Z
=/HcQ
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

MailingLogger 3.5.0 Released!

Chris Withers — 2011-09-24T09:27:07

I'm pleased to announce a new release of Mailinglogger.

Mailinglogger provides two handlers for the standard python
logging framework that enable log entries to be emailed either as the
entries are logged or as a summary at the end of the running process.

The handlers have the following features:

- customisable and dynamic subject lines for emails sent

- emails sent with a configurable headers for easy filtering

- flood protection to ensure the number of emails sent is not excessive

- support for SMTP servers that require authentication

- fully documented and tested

The only change for this release was to add an X-Log-Level header to 
emails sent. For MailingLogger, this is the level of the log message 
being emailed. For SummarisingLogger this is the highest level of any of 
the messages handled.

Full docs can be found here:

http://packages.python.org/mailinglogger/

For more information, please see:
http://www.simplistix.co.uk/software/python/mailinglogger
or
http://pypi.python.org/pypi/mailinglogger

cheers,

Chris

Re: MailingLogger 3.4.0 Released!

Chris Withers — 2011-08-22T21:36:54

Heh, of course, I forgot the setuptools-git extension to make 
"include_package_data=True" work, so this release was pretty useless, 
other than the docs on packages.python.org/testfixtures ;-)

Anyway, 3.4.1 has now been released which fixes this!

cheers,

Chris

On 17/08/2011 23:37, Chris Withers wrote:

MailingLogger 3.4.0 Released!

Chris Withers — 2011-08-18T06:37:14

I'm pleased to announce a new release of Mailinglogger.

Mailinglogger provides two handlers for the standard python
logging framework that enable log entries to be emailed either as the
entries are logged or as a summary at the end of the running process.

The handlers have the following features:

- customisable and dynamic subject lines for emails sent

- emails sent with a configurable headers for easy filtering

- flood protection to ensure the number of emails sent is not excessive

- support for SMTP servers that require authentication

- fully documented and tested

This release has no functional changes but finally ships with a full new 
set of Sphinx docs:

http://packages.python.org/mailinglogger/

For more information, please see:
http://www.simplistix.co.uk/software/python/mailinglogger
or
http://pypi.python.org/pypi/mailinglogger

cheers,

Chris

www.zope.org relaunched

Andreas Jung — 2011-07-07T11:58:27

Dear Zope Community,

on behalf of the Zope Foundation I please to announce
the relaunch of the new www.zope.org web site.

http://www.zope.org

The "old" zope.org site will available for the time being
in (reduced form) under

http://old.zope.org

Many thanks to my team:

- Kai Mertens
- Michael Haubenwaller
- Jens Vagelpohl
- Johannes Raggam

Andreas Jung
Zope Foundation
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

www.zope.org relaunch on Thursday

Andreas Jung — 2011-07-04T17:44:54

Hi there,

www.zope.org will be relaunched this Thursday.

The current www.zope.org will be moved old.zope.org
and replaced with the new site.

During the DNS transition and while working on the sites
you may encounter outages.

The transition will start on Thursday (Germany) morning.

Andreas
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Security Hotfix 20110622 released

Laurence Rowe — 2011-06-28T15:30:40

Last week, the Zope and Plone security teams announced the discovery
of a serious security issue affecting all recent versions of Zope and
Plone, as well as the planned release of a Hotfix to address this
issue to be made today, June 28th at 1500 UTC.

The Plone and Zope security teams are announcing that this security
hotfix is now available for download. For full instructions on how to
get and install the Hotfix, go here:
http://plone.org/products/plone-hotfix/releases/20110622

To find out more about the details of the issue, answers to common
questions and which versions of Zope and Plone are affected, please
see: http://plone.org/products/plone/security/advisories/20110622

Assistance in installing this hotfix is available free of charge via
IRC in #plone-tuneup. If you don't have in-house server administrators
or a service agreement supporting your website, you can find
consultancy companies under the providers section of Plone.org -
http://plone.org/support/network

On behalf of the Zope and Plone security teams,

Laurence
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Security announcement update

Laurence Rowe — 2011-06-28T11:57:02

This is an update on today's security hotfix release.

The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011
(11:00am US EDT.) Updated versions of Zope 2 containing the security
fix will be released at the same time.

For details on which versions of Zope and Plone are affected, please
see: http://plone.org/products/plone/security/advisories/20110622

For installation instructions, please see:
http://plone.org/products/plone-hotfix/releases/20110622

On behalf of the Zope and Plone security teams,

Laurence
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Security announcement

Laurence Rowe — 2011-06-22T17:06:48

On behalf of the Plone and Zope Security Teams I'd like to draw your
attention to a security announcement that has just been published.

This is a pre-announcement only, it does not contain any vulnerability
details. Your sites are a safe today as they were yesterday.  However,
as the problem that has been found is so serious we are giving you
advance warning that a patch is upcoming and recommending that you
plan a maintenance period for your sites to coincide with the full
announcement on Tuesday next week.

Full details are available at
http://plone.org/products/plone/security/advisories/pre-announcement-20110622

You can feel free to ask more questions on the plone-users mailing
list or in the #plone IRC channel about details and how to protect
yourself, but it is important to make a plan for this now.  It is
important to plan down-time at the time specified in that announcement
or your site will potentially be at risk - following the release of a
hotfix for the previous serious security vulnerability we received
reports of automated attacks on unpatched sites.


Laurence
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

PAS 1.5.5, 1.6.5, and 1.7.5 released

Tres Seaver — 2011-05-30T17:50:50

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have pushed out releases of PAS in order to address a potential
security vulnerability reported by Alan Hoey:

 https://bugs.launchpad.net/zope-pas/+bug/789858

The releases are available on PyPI:

 http://pypi.python.org/pypi/Products.PluggableAuthService/1.5.5

 http://pypi.python.org/pypi/Products.PluggableAuthService/1.6.5

 http://pypi.python.org/pypi/Products.PluggableAuthService/1.7.5

If you cannot install one of these versions for some reason, the patch
on the Launchpad should be applicable (with some fuzz) to any PAS
version since 1.4.


Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver< at >palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3j2PoACgkQ+gerLs4ltQ7yfQCgt+WJSObr8jaZTyGdvH8oTFOC
R6gAoJtsVcJVsIIOjQptR/O2XARjfdIt
=y9Pc
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Announcement: 2011 Zope Foundation Board Elections andGeneral Meeting

Tres Seaver — 2011-01-27T22:32:44

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(apologies in advance for the cross-post:  we need this to reach the
whole Zope community).


The Zope Foundation board is pleased to announce that the regular 2011
general meeting of the foundation will be held on Wednesday, 16 March
2011, at 15:00 UTC.  The meeting will be conducted via IRC at the
following channel:

irc://irc.freenode.net/#zope-foundation

Prior to that meeting, the current board will conduct an elections in
which foundation members will select seven (7) board members in
accordance with the foundation bylaws[1].


Summary
- -------

- - Nominations open via the foundation< at >zope.org mailing list until
  Friday, 2011-02-11.

- - Voting via e-mail to a closed mailing list, from Wednesday,
  2011-02-16 through Friday, 2011-03-04.

- - Votes tallied by representatives of the current board,
  using "Meek and Warrent STV" method using OpenSTV software.

- - General meeting and seating of the new board, Wednesday, 2011-03-16.


Procedure for Elections
- -----------------------

The procedure for the elections is as follows:

- - Foundation members may nominate any member by responding to the
  board's announcement on the foundation< at >zope.org mailing list.
  Nominations will remain open until Friday, 2011-02-11, 23:00 UTC.

- - At the close of the nominations period, the board will create a new
  mailman list, 'zf-elections-2011', and approve all ZF members to post
  to the list..  In order to preserve anonymity of votes, foundation
  members will not be subscribers to the list;  access to the list
  archives will be restricted to the "tellers" appointed by the board.

- - On Wednesday, 2011-02-16, the Secretary will send an e-mail announcing
  the opening of the voting period. This e-mail will contain the ballot,
  with careful instructions about how to rank preferences in the reply.
  The Reply-to header of this e-mail will be set to the
  'zf-elections-2011' list.

- - ZF members will vote by replying to that e-mail.  Voting will remain
  open until Friday, 2011-03-04, 23:00 UTC.

- - At the close of voting, the board will appoint two of its members as
  "tellers."  The tellers will use the list archive to tabulate the
  members' votes, using the OpenSTV application[2] configured to use the
  Meek and Warren STV method[3].  The tellers will report the election
  results, along with the raw tallies, at a special board meeting to be
  held on Tuesday, 2011-03-15, 15:00 UTC.

- - After canvassing the results from the tellers, the board will notify
  all nominees of the success / failure of their candidacy, thanking
  them for their willingness to serve.

- - At the general meeting, the last item on the agenda will the
  announcement of the election results, including a vote to "seat" the
  board.


An online version of this announcement is available at:

  http://foundation.zope.org/news/2011_election_and_general_meeting/


References
- ----------

[1] http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf

[2] http://stv.sourceforge.net/aboutopenstv

[3] http://stv.sourceforge.net/votingmethods/meek



Tres.
- -- 
===================================================================
Tres Seaver          +1 540-429-0999          tseaver< at >palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1B8owACgkQ+gerLs4ltQ7OaACfSBCwcbLsELAk/n9eW0CblmMz
UvcAn0a1hIhLiocRo8GG431ccPnzDK7/
=2p6F
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Grok 1.3 released!

Jan-Wijbrand Kolman — 2011-01-20T21:38:50

Hi,

The Grok development team is happy to announce the Grok 1.3 release!

Where the previous release was mostly about slimming down the
dependency hierarchy of packages that comprises Grok, this release
brings several important changes in functionality typically found
Grok-based applications.

Grok 1.3 is based on the Zope Toolkit 1.1c1 release!

Since the ZTK 1.1 release drops Python-2.4 support and gains Python
2.7 support, it was able to update quite a number of packages, most
notably the ZODB. Grok does currently not need to override any version
of packages defined in the ZTK!

The list of Grok specific package version can be found here:

    http://grok.zope.org/releaseinfo/1.3/versions.cfg

To upgrade existing project you might find the upgrade notes helpful, to
be found here:

   http://grok.zope.org/doc/1.3/upgrade.html

Amongst other changes, Grok 1.3 brings:

* The long awaited support for the most recent martian version.

* The long awaited merge of the template registry refactoring. This
should result in considerable less spurious warnings concerning
unassociated templates.

* Integration of the Fanstatic [1] library and WSGI components. From
the Fanstatic website:

  """
  Fanstatic is a small but powerful framework for the automatic
  publication of resources on a web page. Think Javascript and
  CSS. It just serves static content, but it does it really
  well.
  """

The "static" directory functionality in Grok based projects is now
based on Fanstatic and the compatibility layer provided by
zope.fanstatic [2].

* Removal of the automatic test discovery and registration that was
provided by the z3c.testsetup package. For newly created projects, the
grokproject tool will layout examples of setting up test suites. Note
that this is a first step in the way towards more drastic improvements
in regards to test discovery and running tests.

Other important notes:

* The updated grokproject tool will not be able to build new project
based on Grok version < 1.3.

* Besides working on code, the Grok community is also working on
improving the documentation, both the "official" documentation and the
"community"-driven efforts. This is quite an undertaking and not yet
finished.

We realize this release will again bring quite some structural changes
that might affect your projects in some way. Please let us know when
you run into problems upgrading your projects on the grok-dev mailing
list or on the #grok IRC channel. We will try to help and it will also
help us, the Grok developers, by fixing bugs and other issues.


[1] http://fanstatic.org/
[2] http://pypi.python.org/pypi/zope.fanstatic/
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Silva 2.3 final Released

Wim Boucquaert — 2010-12-22T15:06:22

21 December 2010

Infrae is pleased to announce the final release of Silva 2.3. This 
release contains a gamut of new features for users, system 
administrators, and developers. The most important changes for users are 
support for mobile skins based on browser detection, and a robust 
reference management system that preserves links between resources. 
System administrators should note that Silva now supports WSGI servers 
and this is the recommended way to run it. Developers will enjoy a more 
consistent API and vastly improved testing infrastructure.

Silva for mobile devices:

Silva integrates with Mobi, a middleware suite for detecting mobile 
devices. Mobi reads the user agent header in requests and categorizes it 
into one of three device types, then passes the category along. The 
silva.core.layout system then chooses the best presentation for the device.
For more in-depth information on Mobi have a look at the technical site: 
http://mobi.infrae.com/.

User features:

* A reference system management has been implemented. In a Silva 
Document (and in Silva News Network items), images and linked objects 
can be connected using references. Those images and links are not broken 
when referenced objects are moved or renamed.

* Content cannot be deleted if it is the target of a reference. This 
prevents having broken links in documents. Silva Links, Silva Ghost 
Folders, Silva Ghosts, Silva Indexers and Silva Find also use the same 
reference mechanism. Managers have the option to break references if needed.

* On Images and Files, it is possible to see in which documents  are 
referencing them. With this feature, it is also possible to identify 
site unused images and files.

* The XML import/export has been improved, removing many bugs (export of 
acquired metadata for instance). It’s been extended to preserve proper 
references on import independent of the import and export location. One 
cannot export content objects that have a reference target outside of 
the export tree.

* The forms editor has been removed from Silva Documents. However the 
underlying XML is still accessible for managers.

* Many SMI screens have been refactored, removing a lot of back button bugs.

Extension User features:

* Silva News Network has been refactored with improved calendaring 
functionality.

* Silva Forum has been refactored and has new subscription and captcha 
features.

* Silva Find, Silva Poll and Silva OAI have been refactored to work with 
Silva 2.3 and its requirements.

* A new extension silva.security.overview have been written to provide 
an overview of who has security access where in the Silva site.

* A new extension silva.security.logging has been written to log 
detailed user actions.

Sysadmin features:

* Silva supports WSGI servers. It is now the recommended way to run 
Silva. You can use Paster or Apache’s mod_wsgi.

* With the WSGI support, error logs hae been improved. They give provide 
more information which helps facilitate debugging of production bugs.

* HTTP headers for GET and HEAD requests have been optimized in order to 
improve caching with Squid and other reverse proxies.

* Silva now uses PAS for authentication by default. This makes it easier 
to connect Silva to third party authentication systems like Active 
Directory, LDAP, Raduis, SQL. You no longer need to write custom code 
for this.

* The 2.3 release uses Python 2.6 and Zope 2.12. It won’t work with 
Python 2.4 or any previous version of Zope.

Developer features:

* The z3c.form and zope.formlib components have been replaced by zeam.form.

* The reference system silva.core.references is reusable in any Silva 
extension.

* The SMI uses silva.core.layout and can be themed with a CSS of your 
choice.

* The subscription feature has been refactored into an extension 
silva.app.subscriptions. It’s been built to be usable by any Silva 
extension (an extension can send any message it wishes to a list of 
subscribed people).

* Zope Events have been added to much existing Silva functionality. This 
lets you plugin your extensions to the publication and security sub-systems.

* Various code optimizations have been fine tuned.

* A new test setup system makes testing easier.

* Many tests have been added, cleaned, refactored and improved.

Removed products:

* The old SilvaLayout product is no longer distributed by default (the 
so-called Legacy Layout is still supported, but not installed by default).

* The XMLWidgets components have been removed.

Developer documentation:

The http://docs.infrae.com/ site has been improved with extensive 
documentation.

Installation:

Silva 2.3 should be installed using buildout or using Paster and 
selecting the ‘simple-instance’ distribution. For more information on 
the Silva installation procedure see: 
http://docs.infrae.com/silva/2.3/buildout.html

Contact:

FMI contact Sylvain Viollon, info at infrae com, +31 10 243 7051.

_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope-dev] Zope 2.13.0 final released

Andreas Jung — 2010-11-05T16:47:26

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Great work!

Cheers,
Andreas

Hanno Schlichting wrote:


- -- 
ZOPYX Limited           | zopyx group
Charlottenstr. 37/1     | The full-service network for Zope & Plone
D-72070 Tübingen        | Produce & Publish
www.zopyx.com           | www.produce-and-publish.com
- ------------------------------------------------------------------------
E-Publishing, Python, Zope & Plone development, Consulting


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGUBAEBAgAGBQJM1DUeAAoJEADcfz7u4AZj8skLwOGbh32LMr8dyQRtRvPpPzhT
7PRaD6mgWSYQyFS4u5qO2J9vVziNw6mbLANFLq2lBSxDGf6Gp5E8A3EpR/w51N+0
Y5S/iS/Kb1qMPxEV1TBf/Ai8dXio0tPZCE6dp5610Tfv3HPP4mFi/Owi3EbcFZ5J
tJMjFuQYYLhpX5mwp0yRY1WgKxIfDoE207pZW53+RjuUNTqthXIH6zRTeZjj2u04
ehnAQeD19mhML/gco5I04BQktU33WmQv8VgtJu2M8nMEvW2wxoCWjWepABVQ/mlZ
1w7JSzT3gsNnR9MCxuNLfXQ4lbKN8Mn3+RsIwOfnxYFoayaCO7AtWd2JvPDrIb6G
zc1tcsIbqmnfMG9ZeEsPwOgO16+rG4AaAlEfEv2LpKo2Qp0nZY3quImGHFcKS4op
44cq1+nOqAV9jP+06LZwCcgOn5eXfHlNHTU8SS6mGyJxg4KYI5NH3C1hXws+RdkH
7oc0/hT1n5srmuvliHKeuFM2KRooaAo=
=J7f6
-----END PGP SIGNATURE-----
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )

Grok (Toolkit) 1.2 released!

Jan-Wijbrand Kolman — 2010-10-26T19:36:06

Hi,

The Grok development team is happy to announce the Grok - also know as
the Grok Toolkit - 1.2 release!

This release took a huge effort from the Grok development team to reduce
the number of (legacy) dependencies, most importantly removing a very
large number of zope.app.* packages from the stack! This results in a
smaller and more manageable footprint.

The Grok (Toolkit) 1.2 uses zc.buildout-1.5.2 and the new features it
brings. Most importantly, the possibility to safely use the system
Python for creating new projects. This should especially help newcomers
who want to try out Grok. We can simplify the installation instructions
by leaving out the "virtualenv" steps.

The Grok (Toolkit) 1.2 is based on the Zope Toolkit 1.0 release!

The Grok (Toolkit) does diverge a little from the ZTK 1.0 for a couple
of its dependencies. These are listed separately in the Grok Toolkit
versions file that can be found here:

   http://grok.zope.org/releaseinfo/1.2/versions.cfg

The list of changes can be found here:

  http://grok.zope.org/doc/1.2.1/changes.html

To upgrade existing project you might find the upgrade notes helpful, to
be found here:

  http://grok.zope.org/doc/1.2.1/upgrade.html

The 1.2 release will __not__ bring two still long awaited changes:

* Support for the latest martian version.
* The improved template registry merge.

They will have to wait for the 1.3 release.

Another important note:

Because of the update to zc.buildout-1.5.2 and other structural changes,
the new grokproject version will not be able to install projects for
Grok < 1.2.

We realize this release will bring quite some structural changes that
might affect your projects in some way. Please let us know when you run
into problems upgrading your projects on the grok-dev mailinglist or on
the #grok IRC channel. We will try to help and it will also help us, the
Grok developers, by fixing bugs and other issues.

Enjoy!

Kind regards, jw
_______________________________________________
Zope-Announce maillist  -  Zope-Announce< at >zope.org
https://mail.zope.org/mailman/listinfo/zope-announce

  Zope-Announce for Announcements only - no discussions

(Related lists - 
 Users: https://mail.zope.org/mailman/listinfo/zope
 Developers: https://mail.zope.org/mailman/listinfo/zope-dev )