Release notes for Plone 5.2.11
- Released: Monday January 30, 2023
- Check the release schedule.
- Read the upgrade guide, explaining the biggest changes compared to 5.1.
- Canonical place for these release notes and the full packages changelog.
For technical wizards who want to jump straight in, here are two important links:
- With pip you can use the constraints file at https://dist.plone.org/release/5.2.11/constraints.txt
- With Buildout you can use the versions file at https://dist.plone.org/release/5.2.11/versions.cfg.
Highlights
Major changes since 5.2.10:
-
Zope
:- Set the published default Content-Type header to text/plain if none has been set explicitly to prevent a cross-site scripting attack. Also remove the old behavior of constructing an HTML page for published methods returning a two-item tuple. This fix was already included in Plone 5.2.10.1 and 5.2.10.2.
- Various other packages have fixes for this to avoid regressions.
-
plone.app.caching
: Apply weak caching to GET requests of content with application/json, handled byplone.restapi
. Seeplone.rest
issue 73. -
Products.CMFPlone
: When autologin after password reset is enabled (this is the default), use the same adapters as during normal login. Specifically: theIInitialLogin
andIRedirectAfterLogin
adapters.
Python compatibility
This release supports Python 2.7, 3.7, and 3.8.
Python 3.6 support was dropped in Plone 5.2.10.
Note that both Python 2.7 and 3.6 have reached end of life, and Python 3.7 will reach end of life in June 2023.
Plone 5.2 supports Python 2.7, but it should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.
Versions of pip, zc.buildout, setuptools
Plone 5.2 ships with a requirements.txt
that pins pip
, zc.buildout
, setuptools
, and wheel
(plus a few more unpinned packages when you are on Windows). In the versions.cfg
for Buildout we have the same versions.
We have been very conservative with these versions. The main reason is that we wanted to use the same versions for Python 2 and 3.
This is starting to harm the Python 3 side. See one personal "war" story on Mac where one package could be installed on Python 3.8.13, but not on 3.8.14 or higher. Using the latest versions of pip and Buildout and friends, all was well.
So starting with Plone 5.2.11, we pin different versions of these packages on Python 2 and 3.
You should know that you are free to use whatever versions you like for these tools. Use whatever versions work on your system, especially on Python 3.
Note that in a buildout.cfg
you can "unpin" versions to tell Buildout to just use whatever has already been installed by pip:
[buildout]
newest = false
[versions]
pip =
setuptools =
wheel =
zc.buildout =
Installation
For installation instructions, see the documentation.
Issues
If you find any issues, please report them in the main issue tracker.