Zope

------------------

- Allow ``ZPublisher`` to handle both a query string and a request body;
the request parameters from the query string are made available
in the request attribute ``form`` (a ``dict``),
the request body can be accessed via the request keys ``BODY``
(a ``bytes`` object) or ``BODYFILE`` (a file like object).
Fixes `1122 <https://github.com/zopefoundation/Zope/issues/1122>`_.

- Support access to the request's ``BODY`` key for WSGI servers
which hand over an unseekable request body (such as e.g.
``Gunicorn``).
Fixes `1125 <https://github.com/zopefoundation/Zope/issues/1125>`_.

- Do not break on GET requests that pass a query string
and a `Content-Type` header.
For details see `1117 <https://github.com/zopefoundation/Zope/pull/1117>`_.

- Implement code change suggestions from CodeQL scanning.

- Added Japanese translations for some Sphinx docs
(`1109 <https://github.com/zopefoundation/Zope/issues/1109>`_)

- Update to newest compatible versions of dependencies.

- Update zope.ini.in skel to support log paths that use backslashes.
(`1106 <https://github.com/zopefoundation/Zope/issues/1106>`_)

------------------

- Sanitize tainting fixing
`1095 <https://github.com/zopefoundation/Zope/issues/1095>`_

- Replace ``cgi.FieldStorage`` by ``multipart`` avoiding
the ``cgi`` module deprecated by Python 3.11.

Mark binary converters with a true ``binary`` attribute.

Fix encoding handling and ``:bytes`` converter.

See `1094 <https://github.com/zopefoundation/Zope/pull/1094>`_.

- Clean out and refactor dependency configuration files.

- Update to newest compatible versions of dependencies.

- Support the (non standard) ``charset`` parameter for
content type ``application/x-www-form-urlencoded``.
This is required (e.g. for ``Plone``) because
``jquery`` constructs content types of the form
application/x-www-form-urlencoded; charset=utf-8``.
For details see
`plone/buildout.coredev844
<https://github.com/plone/buildout.coredev/pull/844>`_.

----------------

- Only set response header Content-Type as text/html on exception views when
the response has content.
(`1089 <https://github.com/zopefoundation/Zope/issues/1089>`_)

- Drop support for Python 3.6, it has been in end-of-life status for a while.

- Update to newest compatible versions of dependencies.

- Fix history page for classes modifying instances in ``__setstate__``,
such as ``Products.PythonScripts.PythonScript`` instances.
See `launchpad issue 735999
<https://bugs.launchpad.net/zope2/+bug/735999>`_.

------------------

- Explicitly serve ``App.Dialogs.MessageDialog`` and exception views as HTML
due to the changed default content type from `1075
<https://github.com/zopefoundation/Zope/pull/1075>`_.

------------------

- Fix some broken ZMI pages due to the changed default content type
from PR https://github.com/zopefoundation/Zope/pull/1075
(`1078 <https://github.com/zopefoundation/Zope/issues/1078>`_)

- Update to newest compatible versions of dependencies.

------------------

- Set the published default ``Content-Type`` header to ``text/plain``
if none has been set explicitly to prevent a cross-site scripting attack.
Also remove the old behavior of constructing an HTML page for published
methods returning a two-item tuple.

- Update to newest compatible versions of dependencies.