Products.membrane 2.1.4 released

Hi,

I have just released membrane 2.1.4, with a fix by Craig Haynal:
False user property values were being converted to empty strings which 
would cause the property sheet to treat them as strings and make it 
impossible to set these properties back to True.

Thanks Craig!

Moving repository to GitHub?

Re: migration from plone3.3.2 to plone4

Op 25-11-11 11:39, Бессарабова Ирина schreef:
> Thanks for  your reply.
> Neither reindexing membrane catalog nor pinning membrane to 2.0.2 version didn't help me.
> Seems that something happened with portal_memberdata object itself during migration. Look at
plone.app.upgrade.v40.configure.zcml, lines 45-48. There is an  handler=".alphas.updateToolset" 
and in update_toolset/toolset.xml portal_memberdata is mentioned. I have tried to comment out
portal_memberdata in toolset.xml.
> Then I made migration, reinstalled membrane and remember, reindexed membrane_tool (i had to delete the
broken SearchableText index before reindexing). After all, I was able to login with membrane user,
create a new user  and user profiles were in portal_memberdata.
> So I wonder, if it is a normal thing - not to update portal_memberdata? Are there any risks that something
will be broken in future?

Hi,

I had another look.  Indeed: the core Plone 4 migration apparently wants 
to make sure that portal_memberdata is available as a tool and that it 
is the standard MemberDataTool from PlonePAS.  In Products.remember we 
want it to be our own tool.  What Plone does also means most properties 
of portal_memberdata are removed.  It probably works fine for a normal 
website, but not with membrane and remember installed.

A second problem is that Products.membrane has some upgrade steps that 
replace the SearchableText index of the membrane_tool catalog with a 
better one.  The way in which this is done, means that the new 
SearchableText index is filled but the other indexes are empty.

I have fixed both problems with some upgrade steps in new releases:

Products.membrane 2.1.2:

- Fixed problem that occurs after upgrading the SearchableText index
   of the membrane_tool, which happens after upgrading to membrane 2.0
   or to Plone 4: the membrane_tool catalog would be empty.  Now we
   refresh the membrane_tool catalog when we upgrade the index.  If
   this has already happened to you, it should work to just go to the
   membrane_tool, then the Advanced tab, and click on 'Update Catalog.'

Products.remember 1.9.1:

- Added upgrade step to restore our portal_memberdata settings, as
   they get destroyed by an upgrade to Plone 4.

I hope this helps you and other migrators.

Cheers,

--

-- 
Maurits van Rees   http://maurits.vanrees.org/
Web App Programmer at Zest Software: http://zestsoftware.nl
"Logical thinking shows conclusively that logical thinking
is inconclusive." - My summary of Gödel, Escher, Bach

--
Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2011/12/1324073841754
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org.  Please
contact remember-manager@... for questions.

Re: Can I have PyPI rights for Products.remember?

Op 02-12-11 16:19, ken manheimer schreef:

On Fri, Dec 2, 2011 at 7:24 AM, Maurits van Rees <m.van.rees-1kr/fGE7kR33Vop2t1AMdg@public.gmane.org> wrote:

Op 02-12-11 02:22, ken manheimer schreef:

I'll try to grant those rights tonight, or else tomorrow morning.  Sorry about the non-response - I haven't had a moment since I saw your message, yesterday...

One of *those* days eh? No problem, those things happen.

Scattered hither and yon.

 

I see that Ross Patterson has meanwhile granted me rights on PyPI, thanks.

Cool.

Rights on plone.org would still be good to have, but those are less urgent.

I just used Sharing settings to give the 'maurits' account Add and Edit privileges.  Actually, I have reason to doubt that's the proper way to give you authority, considering that's not the way I seem to have been granted it.  You probably know better than I.  The only other approach I could think of was via the ZMI, and I don't seem to have access to that.

I've seen it.  I have now made the releases on plone.org as well.

Sharing tab is fine.  When I want to give colleagues access, I usually check all the boxes there.

(While I was there I was reminded of an incidental mystery you may be able to help with.  There's a portlet on the Products.remember product page, below the Project Resource portlet, constantly saying "There was an error while rendering the portlet."  I've been unable to narrow down what the problem is there.)

No idea, I've seen this on other products as well.  I don't have access to the error log so I don't know what is wrong or if we could fix it ourselves.  I think that is the box that tries to display some experimental releases actually; usually that means it show a beta from five years ago...

Similar for http://plone.org/products/remember/releases/1.9b1: I have just now hidden that release as it ended up in the releases list above the final 1.9.  After that I immediately got an error viewing that 1.9b1 page and I don't know what it is.  For 1.9b2 I have retracted the release and now marked it as beta.

PloneSoftwareCenter is still too much geared towards the old manual way of doing releases instead of the new automated PyPI-like way and it is showing.  It needs more love.

PyPI releases have been made: 1.1, 1.2, 1.9. I will make a separate mail for that announcement.

I want to add my thanks to others for being diligent about the security fix, and especially for looking out for Products.remember as well as membrane!

Thanks,

-- Maurits van Rees http://maurits.vanrees.org/ Web App Programmer at Zest Software: http://zestsoftware.nl "Logical thinking shows conclusively that logical thinking is inconclusive." - My summary of Gödel, Escher, Bach

--
Archive: http://www.coactivate.org/[…]/1322840006940
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org. Please contact remember-manager <at> lists.coactivate.org for questions.

Security releases for Products.remember

Hi list,

In the wake of the security release of Products.membrane from yesterday 
I fixed a similar problem in Products.remember, also indicated by 
Richard Mitchell, thanks.

The security problem is this: anonymous users could get the password 
hash of a remember member.  It is not an immediate problem, but it sure 
makes it easier to crack passwords.

I have made three releases with this fix on PyPI, 1.1, 1.2, 1.9, all 
listed here:
http://pypi.python.org/pypi/Products.remember

1.1 is the old 1.1b3 release from 2009 with the security fix added.  Use 
this when you were using that release and do not want a big upgrade.  
Compatible with Plone 3.x and Products.membrane 1.1.  Definitely NOT 
with Plone 4 or Products.membrane 2.x.

1.2 has more changes; see the changelog.  It has the changes that were 
done on trunk before Ken started doing bigger changes leading to the 1.9 
series.  Compatible with Plone 3 and Products.membrane 1.1 or 2.x (2.1.1 
recommended).  Might work on Plone 4 but the automated tests say 
otherwise; that might just be a problem with the tests though.

1.9 is the obvious choice when you were already running 1.9b1.  
Compatible with Plone 4.x and Products.membrane 2.x (2.1.1 recommended).

Like always: make a backup of your Data.fs (and blobstorage if you have 
it) before applying this upgrade and make sure you know how to restore 
that backup and the previous software versions in case anything goes 
wrong.  And do some testing on a copy of your site first.

Got a question? Ask it on this list.

Note for developers of Products.remember: I have made branches 1.1 and 
1.2 that can be used in case new releases need to be made in those 
lines.  New developments are likely to only happen on trunk (1.9), 
though I myself have no current plans.  If anyone wants to fix the 1.2 
branch (or perhaps just the tests) so the tests run on both Plone 3 and 
4, be my guest. All branches and trunk have a buildout.cfg for testing.

Kind regards,

--

-- 
Maurits van Rees   http://maurits.vanrees.org/
Web App Programmer at Zest Software: http://zestsoftware.nl
"Logical thinking shows conclusively that logical thinking
is inconclusive." - My summary of Gödel, Escher, Bach

--
Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2011/12/1322834418554
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org.  Please
contact remember-manager@... for questions.

Products.membrane security fix

Hi all,

Richard Mitchell has responsibly disclosed a security vulnerability in 
Products.membrane, reported to the maintainers he could track down.  Thanks!

The vulnerability is an information disclosure.  An anonymous user could 
for example get the e-mail address of a membrane user or his password.  
Normally that should only be a hashed password, like is the case when 
you use Products.remember.  So it should usually be no big deal, but it 
is certainly better not to give away such a hash in the first place.

Use Products.membrane 2.1.1 when you are on Plone 3.3 or 4.x:
http://pypi.python.org/pypi/Products.membrane/2.1.1

Use Products.membrane 1.1 when you are on any Plone 3 version:
http://pypi.python.org/pypi/Products.membrane/1.1

The 1.1 version is basically the old 1.1b5 release from early 2009 with 
an uninstall profile added plus this security fix.  If you are currently 
a happy user of 1.1b5 and are scared of a sudden big version increase to 
2.1.1 then version 1.1 is a safe upgrade.

Like always: make a backup of your Data.fs (and blobstorage if you have 
it) before applying this upgrade and make sure you know how to restore 
that backup and the previous software versions in case anything goes 
wrong.  And do some testing on a copy of your site first.

Got a question? Ask it on this list.

Kind regards,

--

-- 
Maurits van Rees   http://maurits.vanrees.org/
Web App Programmer at Zest Software: http://zestsoftware.nl
"Logical thinking shows conclusively that logical thinking
is inconclusive." - My summary of Gödel, Escher, Bach

--
Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2011/12/1322770677912
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org.  Please
contact remember-manager@... for questions.

Can I have PyPI rights for Products.remember?

Hi,

Can someone grant me rights to release new versions on 
http://pypi.python.org/pypi/Products.remember and preferable plone.org 
as well: http://plone.org/products/remember ? I have already asked Ken 
and Ross but got no answer yet, and I have no correct email address from 
Rob Miller.  I hope you are still reading this list, Rob. 

I have prepared some tags for a security fix (information disclosure).

For the same reason I have already created and released new versions of 
Products.membrane. I will write about that soon.

Cheers,

--

-- 
Maurits van Rees   http://maurits.vanrees.org/
Web App Programmer at Zest Software: http://zestsoftware.nl
"Logical thinking shows conclusively that logical thinking
is inconclusive." - My summary of Gödel, Escher, Bach

--
Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2011/12/1322769534006
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org.  Please
contact remember-manager@... for questions.

migration from plone3.3.2 to plone4

hi, all
I have custom product based on Products.remember. It provides three types extended BaseMember.  After
migration site content via portal_migration tool i have a clean portal_memberdata, without any
members. There are no errors and seems no warnings during migration. My custom product works fine after
migration. Only members data have been lost. 
How make migration properly? 
Versions of products:
Plone 4.0.9
Products.remember 1.9b1 
Products.membrane 2.1.0 
Products.FacultyStaffDirectory 3.0 

Irina 

--
Archive: http://www.coactivate.org/projects/remember/lists/remember/archive/2011/11/1321967074229
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org.  Please
contact remember-manager@... for questions.

Convert from one remember member to another

collective.indexing>=2.0 and Products.membrane

hi guys, just stumbled upon the collective.indexing upgrade (2.0a1) which removed all the setup profiles.

But Products.membrane requires the default profile in setuphandlers.py ... so my quick solution was to
pin collective.indexing=1.8 ... and everything is fine again.

maybe someone wants to look at the membranes setuphandlers to work with collective.indexing>=2.0

cheers

--
Archive: http://coactivate.org/projects/remember/lists/remember/archive/2011/07/1310562026622
To unsubscribe send an email with subject "unsubscribe" to remember <at> lists.coactivate.org.  Please
contact remember-manager@... for questions.

a bunch of changes, including partial uninstall, good citizenship, email login, plone4/membrane2 compat