For those who haven't run across soft-releases before, this is the last step before the final release. Because things haven't been finalized yet, some packages may change between now and the release. It is not recommended to use soft-releases in production.
This will be the last ever release in the Plone 4.3 series! I feel oddly moved when I write this. The first 4.3 release was on 6 April 2013. Seven years ago. It feels strange to let this release go. But it is time to move on. It has been a great release series! Thanks a lot to everyone who helped shape 4.3 and who helped maintain it for all those years. We love you all!
I have a release checklist. Feel free to link possible breaking bugs there, or add a comment below.
Reverted change in 1.2.1 for 'Log in' keyword which failed in Plone 4.3.
Fixes issue 107 <https://github.com/plone/plone.app.robotframework/issues/107>_.
[maurits]
lxml: 4.2.1 → 4.2.6
Plone: 4.3.19 → 4.3.20
New features:
Release Plone 4.3.20.
This will be the last release in the 4.3 series.
See also the Plone release schedule <https://plone.org/download/release-schedule>_.
[maurits]
Products.Archetypes: 1.9.20 → 1.9.21
Bug fixes:
textcount.js support for jquery>1.6.
make it impossible to enter text longer than maxlimit
by replacing maxlimit alert() with highlighting textcountfield.
[vkarppinen] (#93)
Merge Hotfix20200121: isURLInPortal could be tricked into accepting malicious links. (#3021)
Merge Hotfix20200121 Check of the strenth of password could be skipped. (#3021)
Depend on new package Products.isurlinportal.
This contains the isURLInPortal method that was split off from our URLTool.
See issue 3150 <https://github.com/plone/Products.CMFPlone/issues/3150>_.
[maurits] (#3150)
Increased metadata version to 4322, to trigger Plone upgrade for Plone 4.3.20.
This is the last release ever of the Plone 4.3.x line.
See also the Plone release schedule <https://plone.org/download/release-schedule>_.
[maurits] (#3166)
Products.GenericSetup: 1.8.10 → 1.8.11
Bug fixes:
Force saving unpersisted changes in toolset registry.
Fixes issue 86 <https://github.com/zopefoundation/Products.GenericSetup/issues/86>_.
No longer test on Python 2.6.
Products.PloneLanguageTool: 3.2.9 → 3.2.10
Bug fixes:
Minor packaging updates. (#1)
Products.PluggableAuthService: 1.11.2 → 1.11.3
Add new events to be able to notify when a principal is added to
or removed from a group. Notify these events when principals are
added or removed to a group in ZODBGroupManager
(#17 <https://github.com/zopefoundation/Products.PluggableAuthService/issues/17>_)
Removed compiled .mo files from repository.
I will create a new release, which should still contain those, including the missing Dutch .mo file.
[maurits]
plone.app.imaging: 1.0.13 → 1.0.14
Bug fixes:
Fix IOError: cannot write mode RGBA as JPEG on ImageField scale
[avoinea]
plone.app.locales: 4.3.16 → 4.3.17
Backport new translations from Plone 5.2.
[vincentfretin]
plone.app.querystring: 1.2.12 → 1.2.13
Bug fixes:
Integer criterions: try to convert all input to integers.
Most notably this did not happen for unicode on Python 2.
So a u"42" was passed as value to the catalog query, and this matched either all or nothing.
[maurits] (#93)
plone.app.upgrade: 1.4.6 → 1.4.7
Bug fixes:
Added null upgrade step to 4322, the metadata version of Plone 4.3.20.
[maurits] (#3166)
plone.alterego: 1.1.3 → 1.1.5
Bug fixes:
Minor packaging updates. (#1)
Minor packaging updates. [various] (#1)
plone.behavior: 1.3.0 → 1.3.2
Bug fixes:
Minor packaging updates. (#1)
Improved documentation. [jensens] (#0)
plone.contentrules: 2.0.9 → 2.0.10
Bug fixes:
Minor packaging updates. (#1)
plone.indexer: 1.0.6 → 1.0.7
Bug fixes:
Minor packaging updates. (#1)
plone.intelligenttext: 3.0.0 → 3.1.0
New features:
Drop Python 2.6 support from tests.
Start testing on 3.7 and 3.8.
[maurits] (#9)
plone.reload: 3.0.0 → 3.0.1
Bug fixes:
Minor packaging updates.
plone.subrequest: 1.8.6 → 1.8.7
Bug fixes:
Restored to 1.8.4 version. Kept only the optional Archetypes test dependency.
Plone 4.3, 5,0 and 5.1 do not need the Python 3 and Zope 4 fixes, and may give errors.
Plone 5.2 does not use this branch.
Fixes issue 2995 <https://github.com/plone/Products.CMFPlone/issues/2995>_. [maurits]
plone.synchronize: 1.0.3 → 1.0.4
New features:
Drop Python 2.6 support.
Support 2.7, 3.5-3.8, PyPy2/3.
Added tox for local testing.
[maurits] (#2)
When environment variable Z3C_AUTOINCLUDE_DEBUG is set,
log which packages are being automatically included.
Do this in a form that you can copy to a configure.zcml file.
Add support for Python 3.8.
collective.z3cform.datagridfield: 1.3.1 → 1.3.3
grokcore.component: 2.5 → 2.5.1
plone.app.contenttypes: 1.1.6 → 1.1.9
plone.app.event: 1.1.12 → 1.1.13
Bug fixes:
Fixed Spanish translations. [Corina Riba] (#0)
plone.app.lockingbehavior: 1.0.5 → 1.0.7
plone.app.referenceablebehavior: 0.7.7 → 0.7.8
Bug fixes:
Minor packaging updates. (#1)
plone.api: 1.10.0 → 1.10.2
Bug fixes:
Minor packaging updates. (#1)
Remove deprecation warnings [ale-rt] (#432)
In tests, use stronger password.
[maurits] (#436)
Removed duplicate and failing inline doctest for content.find.
[maurits] (#437)
On a higher level next to some obvious bug fixes and reverts to earlier versions, here are some highlights, also known as the release notes:
Integrated PloneHotfix20200121 for increased security.
Moved the security check if a url is in the portal to a small separate package: Products.isurlinportal.
You can immediately use this on Plone 4.3 and higher.
Keep an eye on updates for this package: newer versions will increase the security.
Often the impact of fixes is too small to warrant a real security hotfix package,
but we want to do more regular fixes here.
Note that the release is not official yet until the installers are ready. But you are encouraged to use this in production now. (Also: please seriously consider upgrading to Plone 5.2.)