Zope

------------------

- Sanitize tainting fixing
`1095 <https://github.com/zopefoundation/Zope/issues/1095>`_

- Replace ``cgi.FieldStorage`` by ``multipart`` avoiding
the ``cgi`` module deprecated by Python 3.11.

Mark binary converters with a true ``binary`` attribute.

Fix encoding handling and ``:bytes`` converter.

See `1094 <https://github.com/zopefoundation/Zope/pull/1094>`_.

- Clean out and refactor dependency configuration files.

- Update to newest compatible versions of dependencies.

- Support the (non standard) ``charset`` parameter for
content type ``application/x-www-form-urlencoded``.
This is required (e.g. for ``Plone``) because
``jquery`` constructs content types of the form
application/x-www-form-urlencoded; charset=utf-8``.
For details see
`plone/buildout.coredev844
<https://github.com/plone/buildout.coredev/pull/844>`_.

----------------

- Only set response header Content-Type as text/html on exception views when
the response has content.
(`1089 <https://github.com/zopefoundation/Zope/issues/1089>`_)

- Drop support for Python 3.6, it has been in end-of-life status for a while.

- Update to newest compatible versions of dependencies.

- Fix history page for classes modifying instances in ``__setstate__``,
such as ``Products.PythonScripts.PythonScript`` instances.
See `launchpad issue 735999
<https://bugs.launchpad.net/zope2/+bug/735999>`_.

------------------

- Explicitly serve ``App.Dialogs.MessageDialog`` and exception views as HTML
due to the changed default content type from `1075
<https://github.com/zopefoundation/Zope/pull/1075>`_.

------------------

- Fix some broken ZMI pages due to the changed default content type
from PR https://github.com/zopefoundation/Zope/pull/1075
(`1078 <https://github.com/zopefoundation/Zope/issues/1078>`_)

- Update to newest compatible versions of dependencies.

------------------

- Set the published default ``Content-Type`` header to ``text/plain``
if none has been set explicitly to prevent a cross-site scripting attack.
Also remove the old behavior of constructing an HTML page for published
methods returning a two-item tuple.

- Update to newest compatible versions of dependencies.

----------------

- Script `addzopeuser` accepts now parameter '-c' or '--configuration'.
This allows passing in a custom location for the `zope.conf` file to use.
If not specified, behavior is not altered.

- Update to newest compatible versions of dependencies.

- Change functional testing utilities to support percent encoded and unicode
paths (`1058 <https://github.com/zopefoundation/Zope/issues/1058>`_).

- Decode basic authentication header as utf-8, not latin1 anymore
(`1061 <https://github.com/zopefoundation/Zope/issues/1061>`_).

- Use UTF-8 charset for WWW-Authenticate headers in challenge responses,
as described in `RFC7617 <https://datatracker.ietf.org/doc/html/draft-ietf-httpauth-basicauth-update-07#section-2.1>`_
( `1065 <https://github.com/zopefoundation/Zope/pull/1065>`_).

- Added `:json` converter in `ZPublisher.Converters`.
(`957 <https://github.com/zopefoundation/Zope/issues/957>`_)

- Support Python 3.11.