Plone 5.2.10 released

I have released Plone 5.2.10.
With Buildout you can use the versions file at https://dist.plone.org/release/5.2.10/versions.cfg.
With pip you can use the constraints file at https://dist.plone.org/release/5.2.10/constraints.txt

See the release page on plone.org for more info and links to the installers.

Release notes for Plone 5.2.10

Released: Monday October 31, 2022.

Python compatibility

This release supports Python 2.7, 3.7, and 3.8.

Python 3.6 is no longer supported. See the community announcement.
Note that both Python 2.7 and 3.6 have reached end of life. This means the wider Python community no longer supports it. For example, the default WSGI server used by Plone, which is waitress, has a security problem that is only solved on Python 3.7 and higher. If you use waitress on earlier Python versions, you are vulnerable.

Python 3.7 will reach end of life in June 2023. See Status of Python Versions for the canonical information. It will get harder to test and support Plone on unsupported Python versions. Especially Python 2.7 should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.

Highlights

Interesting changes since 5.2.9:

  • Products.PluggableAuthService: Set the Cookie Auth Helper cookies with SameSite set to Lax by default and allow admins to change the setting as well as the secure flag from the Properties tab in the ZMI.

  • i18ndude: Add boolean --no-line-numbers option to rebuild-pot. Use this to prevent including line numbers in pot files.

  • diazo: Remove dependency on future package.

4 Likes

Thank you!

Version Overview

Plone 5.2.10
Zope 4.8.3
Python 3.9.5 (default, Nov 23 2021, 15:27:38) [GCC 9.3.0]

FWIW, I needed these version pins:

[versions]
zc.buildout =
setuptools =
plone.app.imagecropping = 2.2.2
click = 8.0.0

plone.app.imagecroppimg is not part of the core distribution. another add'on package you have installed might pull it in.

also: Python 3.9 is officially not supported or tested by Plone 5.2.x

Could it still be an idea to pin it in versions.cfg, along with other 'popular' add-ons that now have versions that only work with Plone 6

so: plone.app.imagecropping < 3.0 ? ( 3.0 is the (only) Plone 6 version)

I would say this is only useful if you now start a fresh buildout on Plone 5.2. On existing buildouts you will already have it pinned to a proper version. New buildouts should focus on 6.0. Well, for in-place migration from older Plone versions you still need an intermediate 5.2 buildout of course. So there is merit to this idea, but as release manager I am not inclined to start adding such pins this late in the 5.2 release cycle.

It could be nice to make such a version list somewhere in the collective. Could be in a new repository. Or maybe in awesome plone, although this focuses on add-ons that are already Plone 6 compatible, or at least Python 3 compatible.
This should be doable for a few add-ons. But when you have a dozens of add-ons, they will have dependencies, and these dependencies may start conflicting with each other. That is when it gets tricky.
If you or someone else wants to try, go ahead.