Plone 4.3.10 is now available for download at https://plone.org/download/releases/4.3.10
It's OK that it try to download Products.CMFPlone = 4.3.10rc1 instead of 4.3.10?
http://dist.plone.org/release/4.3.10/versions.cfg
Another question: what about plone4.csrffixes? Is this patch already needed?
All of the pin required by it seems already present on Plone 4.3.10 but this is not true for plone.protect.
sorry, saw this too late and posted the same issue:
about the hotfix - alex and maurits already updated https://plone.org/security/hotfixes/
4.3.10 still needs plone.protect 3.x for csrf protection - see https://plone.org/security/hotfix/20151006
Thanks!
So, just for recap: Plone 4.3.10 still need the explicit pinning to plone.protect 3.x but we can omit plone4.csrf?
exactly
sorry @keul - i just noticed that for certain functionality (i.e drag and drop re-ordering in folder_contents) you'll want to add plone4.csrffixes
to your instance eggs section.
otherwhise re-ordering is simply not working. another point was cut and paste (you'll get a csrf warning w/o csrffixes being explicitly added)
because of problems like these some people chose to simple block zmi access and stay with plone.protect 2.X
(see Release process improvement)
Didn't see this message when it was posted. I corrected the CMFPlone pin last week, so that's taken care of.