Nuxeo CPS 3.4.0 released

Stefane Fermigier writes "French open source software vendor Nuxeo has recently released version 3.4.0 of its Zope-based enterprise content management system CPS. CPS is a platform for building content management, collaboration and business process applications, that has been used in several majors projects in the French administration and industry. The result of more than one year of work by 30 contributors, CPS is one of the first major products to leverage the new Zope 3 component architecture."

asdf

[zaguar]

The Wiki Article [wikipedia.org] about CPS, for those who were blindsided by the TLA.

What is "enterprise content management"?

[Elixon]

Source: http://en.wikipedia.org/wiki/Enterprise_content_ma nagement [wikipedia.org]
---
In autumn 2005 AIIM defines ECM as follows:
Enterprise Content Management is the technologies used to Capture, Manage, Store, Preserve, and Deliver content and documents related to organizational processes.
---
These ECM components and technologies can be categorized as:

        * Capture,
        * Manage,
        * Store,
        * Deliver, and long-term
        * Preserve.

This model is based on the five lead categories of AIIM International.

The traditional application areas are:

        * Document management (DM),
        * Collaboration (or collaborative software, groupware),
        * Web content management (WCM) (including portals),
        * Records management (RM) (archive and filing management systems on long-term storage media) and
        * Workflow / Business process management (BPM)
---

CMS Systems

[MichaelSmith]

Off The Shelf content management systems bother me because they must surely be full of well known security holes.

If I had to have a CMS I would prefer to develop my own tailored system. At least that way I will have a chance of finding the bugs before a potential attacker.

Re:CMS Systems

[afd8856]

You probably assume that CPS is written in PHP, which is not. I'm not familiar with CPS, but I am familiar with Plone, a somewhat related project. Zope, the underlying framework forces you to declare a security permission for every accesible method. Even XSS type of vulnerabilities would be extremely hard to find, as the CMF filters the dangerous html tags in content items(applet, script, iframe, etc). And while it's possible to create proxies for python scripts to run under a different priviledge, the fra

Re:CMS Systems

[MichaelSmith]

You probably assume that CPS is written in PHP, which is not.

No I can see that its written in Python. My concern is that CMS applications have a lot of code connected to open sockets and undergo rapid development.

Other applications which keep sockets open to the world include apache and qmail, but these applications change so slowly that there is time to identify and close security holes.

Re:CMS Systems

[__aavljf5849]

No, it doesn't have a lot of code connected to open sockets. It connects one piece of code, the ZServer, to open sockets, and that is only if you don't connect it via apache, which most people do for various reasons. The ZServer does not evolve rapidly.

Zope, which is the platform om which CPS is based, is one of the bigger open source platforms for web application development, and has to my knowledge never been broken (which of course partly is because few have tried, but there you go).

You can rest assured

Re:CMS Systems

[Anonymous Coward]

No, there have historically been very few security holes with CPS, Plone [plone.org], Silva [infrae.com], or any of the other Zope-based CMSs out there. In fact, there have been very few security holes with Zope [zope.org].

All that being said, there are a few sites that have built their own CMS on top of Zope (it has a decent CMF built into it, so it's far from impossible to roll one's own). The two biggest profile ones are probably Boston.com [boston.com] and Saugus.net [saugus.net], but I'm sure there are plenty of others.

Let's get this dealt with

[Alarash]

Yes, the software surrenders after you installed it. French, surrender, get it? Ok, so now it's done, please spare us the anti-french comments.

Re:Let's get this dealt with

[__aavljf5849]

Good, I hate when I have to fight with the software. :)

zope 3 ?

[MaoTse]

This is false.

Although some zope 3 technology is included (as in all zope 2.9 installations) CPS is certainly NOT based on component architecture.

It's basically another CMF based system just like Plone.

Re:zope 3 ?

[stuntpope]

True that CPS is still a Zope 2 CMF product, but the summary is correct - it leverages Zope 3, leverage being the key word. And I mean beyond just having Five included in the Zope core. I'm looking at the download, and they're incorporating the Zope 3 testing mechanism with functional and unit tests, plus they use Zope 3 interfaces, schemas, and some ZCML.

Their totally-Zope 3 work is announced at http://www.z3lab.org/ [z3lab.org].

Re:zope 3 ?

[MaoTse]

CPS 3.4 is a Zope 2.9 app

It is not a Zope 3 app and although it leverages Zope 3 components certainly it is not based on zope 3 Component Architecture [zope.org]

Re:zope 3 ?

[stuntpope]

Thank you for repeating me ("CPS is still a Zope 2 CMF product"). But it should be pointed out that they could have written a 2.9 app and completely avoided interfaces, schemas, zcml and any parts of 3. To be pedantic, it's really more a Five app, the bridge between 2.x and 3.x. You can continue to argue the difference between "leveraging Zope 3 components" vs "leveraging Zope 3 component architecture" if you wish, but it seems silly to me.

Re:zope 3 ?

[MaoTse]

Yup, the wole "problem" has become to look so silly that some zope3 leading developers are planning [zope.org]

to turn the zope3 revolution upside down