Plone 5.2.11 has been soft-released. Please give it a try and let me know if there are any critical issues.
For those who haven't run across soft-releases before, this is the last step before the final release. Because things haven't been finalized yet, some packages may change between now and the release. It is not recommended to use soft-releases in production. The
Products.CMFPlone version is
See also the release checklist on GitHub.
Release notes for Plone 5.2.11rc1
- Released: Thursday January 26, 2023
- Check the release schedule.
- Read the upgrade guide, explaining the biggest changes compared to 5.1.
- Canonical place for these release notes and the full packages changelog.
For technical wizards who want to jump straight in, here are two important links:
- With pip you can use the constraints file at https://dist.plone.org/release/5.2-dev/constraints.txt
- With Buildout you can use the versions file at https://dist.plone.org/release/5.2-dev/versions.cfg.
Major changes since 5.2.10:
- Set the published default Content-Type header to text/plain if none has been set explicitly to prevent a cross-site scripting attack. Also remove the old behavior of constructing an HTML page for published methods returning a two-item tuple. This fix was already included in Plone 22.214.171.124 and 126.96.36.199.
- Various other packages have fixes for this to avoid regressions.
plone.app.caching: Apply weak caching to GET requests of content with application/json, handled by
Products.CMFPlone: When autologin after password reset is enabled (this is the default), use the same adapters as during normal login. Specifically: the
This release supports Python 2.7, 3.7, and 3.8.
Python 3.6 support was dropped in Plone 5.2.10.
Note that both Python 2.7 and 3.6 have reached end of life, and Python 3.7 will reach end of life in June 2023.
Plone 5.2 supports Python 2.7, but it should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.
Versions of pip, zc.buildout, setuptools
Plone 5.2 ships with a
requirements.txt that pins
wheel (plus a few more unpinned packages when you are on Windows). In the
versions.cfg for Buildout we have the same versions.
We have been very conservative with these versions. The main reason is that we wanted to use the same versions for Python 2 and 3.
This is starting to harm the Python 3 side. See one personal "war" story on Mac where one package could be installed on Python 3.8.13, but not on 3.8.14 or higher. Using the latest versions of pip and Buildout and friends, all was well.
So starting with Plone 5.2.11, we pin different versions of these packages on Python 2 and 3.
You should know that you are free to use whatever versions you like for these tools. Use whatever versions work on your system, especially on Python 3.
Note that in a
buildout.cfg you can "unpin" versions to tell Buildout to just use whatever has already been installed by pip:
[buildout] newest = false [versions] pip = setuptools = wheel = zc.buildout =
For installation instructions, see the documentation.
If you find any issues, please report them in the main issue tracker.