Plone 4.3.10 released

esteele · July 6, 2016, 6:52pm

Plone 4.3.10 is now available for download at https://plone.org/download/releases/4.3.10

keul · July 7, 2016, 4:38pm

It's OK that it try to download Products.CMFPlone = 4.3.10rc1 instead of 4.3.10?
http://dist.plone.org/release/4.3.10/versions.cfg

keul · July 7, 2016, 4:51pm

Another question: what about plone4.csrffixes? Is this patch already needed?

All of the pin required by it seems already present on Plone 4.3.10 but this is not true for plone.protect.

frisi · July 7, 2016, 4:59pm

sorry, saw this too late and posted the same issue:

about the hotfix - alex and maurits already updated https://plone.org/security/hotfixes/

4.3.10 still needs plone.protect 3.x for csrf protection - see https://plone.org/security/hotfix/20151006

keul · July 8, 2016, 7:38am

Thanks!
So, just for recap: Plone 4.3.10 still need the explicit pinning to plone.protect 3.x but we can omit plone4.csrf?

frisi · July 8, 2016, 8:11am

exactly

frisi · July 11, 2016, 10:18am

sorry @keul - i just noticed that for certain functionality (i.e drag and drop re-ordering in folder_contents) you'll want to add plone4.csrffixes to your instance eggs section.
otherwhise re-ordering is simply not working. another point was cut and paste (you'll get a csrf warning w/o csrffixes being explicitly added)

because of problems like these some people chose to simple block zmi access and stay with plone.protect 2.X
(see Release process improvement)

esteele · July 22, 2016, 6:58pm

Didn't see this message when it was posted. I corrected the CMFPlone pin last week, so that's taken care of.