Plone 5.2.4 soft released

Plone 5.2.4 has been soft-released. Please give it a try and let me know if there are any critical issues. https://dist.plone.org/release/5.2.4-pending/versions.cfg

For those who haven't run across soft-releases before, this is the last step before the final release. Because things haven't been finalized yet, some packages may change between now and the release. It is not recommended to use soft-releases in production.

See also the release checklist on GitHub .

Some highlights of this release are:

  • plone.recipe.zope2instance: Windows fixes

  • Products.MailHost: Use standard conforming \r\n line endings.
    If you use Microsoft Exchange to send mails, this should prevent empty mails.

  • mockup / plone.staticresources: various fixes in folder contents.

  • plone.app.caching: Restored resourceRegistries ETag, but now for Plone 5 resource registries.
    Fixes warning "Could not find value adapter for ETag component resourceRegistries".

  • plone.app.contenttypes: Various fixes for restoring references during migration.

  • plone.app.users: Fix setting "Use site default" for wysiwyg_editor.

  • plone.restapi 7.0.0 introduces new features, which should be backwards compatible:

    • Add ResolveUID functionality for Volto blocks, allowing Volto to preserve internal links when content is moved.
    • Add root element to the @breadcrumbs endpoint.
    • Mark restapi 7 with a zcml feature flag: plonerestapi-7
    • Add new @contextnavigation endpoint.
    • Refactor navigation endpoint, add new nav_title attribute
    • Add "smart fields" concept: if block has a searchableText field, this will be indexed in Plone

Detailed changelog compared to 5.2.3:

Zope 4.5.3 โ†’ 4.5.4

plone.recipe.zope2instance: 6.8.1 โ†’ 6.8.3

Bug fixes:

  • Fix windows wsgi.ini to have a configurable listen address.
    Added missing WSGI config options for windows.
    [jensens] (#161)

  • Restored ability to use own explicit version of zodb-temporary-storage.
    [maurits] (#93)

plone.releaser: 1.8.2 โ†’ 1.8.3

Bug fixes:

  • When reporting interesting commits, catch errors when comparing with previously ignored commit.
    Fixes issue 39 <https://github.com/plone/plone.releaser/issues/39>_.
    [maurits] (#39)

Products.MailHost: 4.10 โ†’ 4.11

  • Use standard conforming \r\n line endings.
    This may require adaptations in testsSupport messages with line separation \r\n
    (#35 <https://github.com/zopefoundation/Products.MailHost/issues/35>_).

mockup: 3.2.4 โ†’ 3.2.5

Bug fixes:

  • Do only remove the correct event listener on context-info-loaded before adding a new one.
    Fixes a problem where the current path was not updated for the upload popup when changing paths.
    Fixes: #1016
    Refs: #1028, #1030, #1039
    [thet] (#1041)

Plone: 5.2.3 โ†’ 5.2.4

Bug fixes:

  • Release Plone 5.2.4 final
    [maurits]

  • Removed plone.app.dexterity from dependencies.
    It is already required by Products.CMFPlone.
    [maurits]

plone.app.caching: 2.0.8 โ†’ 2.1.0

New features:

  • Restored resourceRegistries ETag, but now for Plone 5 resource registries.
    Fixes warning "Could not find value adapter for ETag component resourceRegistries".
    [maurits] (#61)

Bug fixes:

  • Do not break if some custom code provides an alias for Products.Archetypes or plone.app.blob (#72)

plone.app.contentrules: 4.1.5 โ†’ 4.1.6

Bug fixes:

  • Simplify test setup by using the MOCK_MAILHOST_FIXTURE (#59)

plone.app.contenttypes: 2.2.1 โ†’ 2.2.2

Bug fixes:

  • Various fixes for restoring references:

    • Migrate relatesTo AT relation to relatedItems DX relation.
    • In DX check the schema to see if relation field is list or item.
      Taken over from collective.relationhelpers <https://github.com/collective/collective.relationhelpers/>_.
    • restore_references: accept relationship_fieldname_mapping argument.
      This must be a dictionary with a relationship name as key and fieldname as value, instead of always using relatedItems as fieldname.

    [maurits] (#510)

  • Migrate relatesTo AT relation to relatedItems DX relation.

  • In DX check the schema to see if relation field is list or item.
    Taken over from collective.relationhelpers <https://github.com/collective/collective.relationhelpers/>_.

  • restore_references: accept relationship_fieldname_mapping argument.
    This must be a dictionary with a relationship name as key and fieldname as value, instead of always using relatedItems as fieldname.

  • Catch AttributeError for getNextPreviousEnabled during migration.
    [maurits] (#582)

  • migrate_datetimefield: do nothing when old value is None.
    This fixes AttributeError: 'NoneType' object has no attribute 'asdatetime'.
    [maurits] (#584)

plone.app.dexterity: 2.6.8 โ†’ 2.6.9

Bug fixes:

  • Fix the constraint types mode calculation, disabling acquisition and gracefully checking for the existence of a portal type attribute in the container (#319)

plone.app.discussion: 3.4.3 โ†’ 3.4.4

Bug fixes:

  • Fix tests with Products.MailHost 4.11.
    [maurits] (#174)

plone.app.locales: 5.1.27 โ†’ 5.1.28

  • Fix French and German translation for the assets folder (no spaces and lowercase).
    [pbauer]

  • Fix wrong DE translation in plone.app.caching.
    [jensens]

plone.app.multilingual: 5.6.2 โ†’ 5.6.3

Bug fixes:

  • Force view_methods to be a tuple on setup and uninstall (#337)

plone.app.registry: 1.7.7 โ†’ 1.7.8

Bug fixes:

  • Use better titles and descriptions for import and export steps.
    [jensens] (#1)

plone.app.upgrade: 2.0.36 โ†’ 2.0.37

Breaking changes:

  • Remove temp_folder from Zope root if broken.
    See issue 2957 <https://github.com/plone/Products.CMFPlone/issues/2957>_.
    [maurits] (#2957)

Bug fixes:

  • Plone 6.0: remove portal_form_controller tool.
    [maurits] (#3057)

  • Improved upgrade step for site_logo from ASCII to Bytes.
    The previous upgrade was incomplete and could remove the logo when called twice.
    See comment on issue 3172 <https://github.com/plone/Products.CMFPlone/issues/3172#issuecomment-733085519>_.
    [maurits] (#3172)

plone.app.users: 2.6.5 โ†’ 2.6.6

Bug fixes:

plone.app.vocabularies: 4.2.1 โ†’ 4.2.2

Bug fixes:

  • Change vocabulary tokens to use base64.urlsafe_b64encode().
    No newlines and safe to use as an xml attribute.
    See community post <https://community.plone.org/t/tags-subject-field-mangling-long-terms/13067>_.
    [flipmcf] (#64)

plone.app.workflow: 4.0.3 โ†’ 4.0.4

New features:

  • Have the icons from the sharing tab to have their URL relative to the site root
    [frapell] (#25)

plone.portlet.collection: 3.3.5 โ†’ 3.3.6

Bug fixes:

  • Show start date in portlet if available.
    [agitator] (#25)

plone.rest: 1.6.1 โ†’ 1.6.2

Bug fixes:

  • Explicitly make allow_credentials required in CORS policy.
    This was the default for Bool fields until and including zope.schema 6.0.1, but in 6.1.0 this changed.
    [maurits] (#104)

plone.restapi: 6.15.0 โ†’ 7.0.0

New features:

  • Mark restapi 7 with a zcml feature flag: plonerestapi-7
    [sneridagh] (#1068)

  • Add a couple of additional tests for resolveuid feature reassurance
    [sneridagh] (#1072)

  • Add root element to the @breadcrumbs endpoint
    [sneridagh] (#1064)

  • Add new @contextnavigation endpoint.
    [tiberiuichim] (#1042)

  • Refactor navigation endpoint, add new nav_title attribute
    [sneridagh] (#1047)

  • Add nav_title attribute to breadcrumbs endpoint
    [sneridagh] (#1049)

  • Unify nav_title and title in navs
    [sneridagh] (#1051)

  • Add serializer/deserializer for remoteUrl Link's field [cekk] (#1005)

  • Register blocks transformers also for Site Root
    [cekk] (#1043)

  • Add sort feature to resort all folder items [petschki] (#812)

  • Remove unneeded stringtype checks [erral] (#875)

  • Enable Plone 4 Control Panels: Add-ons, Dexterity Content Types [avoinea] (#984)

  • Enhance traceback with __traceback_info__ on import to detect the field causing the problem. [jensens] (#1009)

  • Improved blocks transformers: now we can handle generic transformers
    [cekk]

  • Add generic block transformer for handle resolveuid in all blocks that have a url or href field
    [cekk]

  • Add "smart fields" concept: if block has a searchableText field, this will be indexed in Plone
    [cekk, tiberiuichim] (#952)

  • Replace internal links to files in blocks with a download url if the user has no edit permissions [csenger] (#930)

  • In block text indexing, query for IBlockSearchableText named adapters to allow
    extraction from any block type. This avoids hardcoding for the 'text' block type.
    [tiberiuichim] (#917)

  • Added IBlockFieldDeserializationTransformer and its counterpart,
    IBlockFieldSerializationTransformer concepts, use subscribers to
    convert/adjust value of blocks on serialization/deserialization, this enables
    an extensible mechanism to transform block values when saving content.

    Added an html block deserializer transformer, it will clean the
    content of the "html" block according to portal_transform x-html-safe settings.

    Added an image block deserializer transformer, it will use resolveuid mechanism
    to transform the url field to a UID of content.

    Move the resolveuid code from the dexterity field deserializer to a dedicated
    block converter adapter, using the above mechanism.
    [tiberiuichim] (#915)

  • Resolve links in blocks to UIDs during deserialization and back to paths during
    serialization.
    [buchi,timo,cekk] (#808)

Bug fixes:

  • Avoid duplicate fields within DX RestAPI
    [avoinea] (#1073)

  • Remove escape'd titles
    [sneridagh] (#1061)

  • Do not break if some custom code provides an alias for Products.Archetypes (#1004)

  • Handle missing review_state value in @navigation endpoint for items without a workflow [cekk] (#1060)

  • Fix transform object_browser href smartfield not working as expected
    [sneridagh] (#1058)

  • Fix href smart field in transformers do not cover the object_widget use case
    [sneridagh] (#1054)

  • Fix @id when content query has no fullbojects
    [sneridagh] (#837)

  • Fixed deprecation warnings for zope.site.hooks, CMFPlone.interfaces.ILanguageSchema
    and plone.dexterity.utils.splitSchemaName. [maurits] (#975)

  • Update tests to fix Refs #136 - Update dynamic schema on all ZEO clients on change by avoinea ยท Pull Request #137 ยท plone/plone.dexterity ยท GitHub [@avoinea] (#1001)

  • Fix resolveuid blocks transforms [tisto, sneridagh] (#1006)

  • Fix type hint example in searching documentation. [jensens] (#1008)

  • Fixed compatibility with Zope 4.5.2 by making sure Location header is string.
    On Python 2 it could be unicode for the users and groups end points.
    Fixes issue 1019 <https://github.com/plone/plone.restapi/issues/1019>_. [maurits] (#1019)

  • Check for Plone 5 in content-adding endpoint if plone.app.multilingual is installed [erral] (#1029)

  • Do not test if there is a meta_type index. It is unused ballast. [jensens] (#2024)

  • Fix tests with Products.MailHost 4.10. [maurits] (#3178)

  • Fixed compatibility with Zope 4.5.2 by making sure Location header is string.
    On Python 2 it could be unicode for the users and groups end points.
    Fixes issue 1019 <https://github.com/plone/plone.restapi/issues/1019>_.
    [maurits] (#1019)

  • Re-release 7.0.0b8 as 7.0.0 final. [timo]

plone.staticresources: 1.4.1 โ†’ 1.4.2

New features:

  • Upgrade to latest mockup from 3.x branch with structure fixes, 3.2.5.
    [thet] (#125)

Bug fixes:

  • Remove bundle with typo.
    [petschki] (#123)

  • Include upgrade step 12, which was missing.
    [thet] (#123)

  • Replaced most upgrade profiles with one last_compilation profile.
    [maurits] (#126)

Products.CMFCore: 2.4.8 โ†’ 2.5.0

  • Update configuration for version 5 of isort.

  • Fix deprecation warnings occurring on Zope 5.

  • Added support for Python 3.9.

Products.CMFPlacefulWorkflow: 2.0.3 โ†’ 2.0.4

Bug fixes:

  • Removed unused mock request.SESSION from tests.
    [maurits] (#1)

Products.CMFPlone: 5.2.3 โ†’ 5.2.4rc1

Bug fixes:

  • Bumped metadata version to 5211.
    [maurits] (#5211)

Products.GenericSetup: 2.0.3 โ†’ 2.1.0

  • Add support for Python 3.9.

Products.PlonePAS: 6.0.6 โ†’ 6.0.7

Bug fixes:

  • Fixes deprection message: AccessControl.User has moved to AccessControl.users.
    [jensens] (#59)

Products.PluggableAuthService: 2.5 โ†’ 2.5.1

  • Fixed error assigning groups in manage_groups page in ZMI.
    (#61 <https://github.com/zopefoundation/Products.PluggableAuthService/issues/61>,
    #84 <https://github.com/zopefoundation/Products.PluggableAuthService/issues/84>
    )

  • Fix DeprecationWarnings occurring on Zope 5.

z3c.autoinclude: 0.4.0 โ†’ 0.4.1

Bug fixes:

  • zc.buildout is not an install dependency, only used in testing.

collective.js.jqueryui: 2.1.6 โ†’ 2.1.8

plone.app.versioningbehavior: 1.4.1 โ†’ 1.4.2

Bug fixes:

  • Do not break if the portal_repository tool cannot be found (#53)

Products.Archetypes: 1.16.3 โ†’ 1.16.4

Bug fixes:

  • Lifted the ceiling for the maximum date from end of 2020 to 2051 in all places.
    See issue 133 <https://github.com/plone/Products.Archetypes/issues/133>_.
    [maurits] (#133)

[Edit: updated with plone.restapi 7]

3 Likes

We decided to include plone.restapi 7.0.0, which has been in alpha since May last year and beta since beginning of this year, and had a final release last weekend. Seems stable, and from now on this is the only maintained version. See restapi issue 1075

Also: newer plone.rest, plone.app.locales, cffi, cryptography.

1 Like

One more thing, in the core development buildout we moved the version pins that were in tests.cfg to versions.cfg. See PR 713. This is the same versions.cfg as in the release, so this has gotten a bit larger than in 5.2.3. These pins are for packages that are not strictly needed for Plone, but they are used when running the tests, or as parts of other infrastructure that we need, and there is a good chance that you are using several of these in your own projects, for example check-manifest or cryptography.

Also, in the 5.2.3 release I added a constraints3.txt with package constraints for Python 3. In 5.2.4 everything is in one constraints.txt again, with modifiers that pip understands, for example:

markdown==3.1.1; python_version < "3.0"
markdown==3.2.2; python_version >= "3.0"

Note that currently there is no strict line between packages that we really absolutely need to pin to one specific version, and packages where it should be fine to use older or newer versions. One recent example: we pin cryptography to 3.3.2, but 3.4.6 would be fine too, as far as we know. But this version needs Python 3, and it needs a Rust compiler unless there is a prepackaged wheel for your machine. So Plone 5.2.4 picks a slightly conservative version, but if you can compile a newer version, this is fine.

I did not find any problem so far.

The only thing I had to do was adapting some tests that are checking the content of sent email because of this change:

But I would say this is more a problem of the test itself that was to picky.

1 Like

Added Products.PluggableAuthService 2.6.0, released today with a security fix.

Update: added 2.6.1 with a similar security fix.

2 Likes

There were small security fixes in Zope 4.5.5, GenericSetup and CMFQuickInstallerTool, and a related upgrade step in plone.app.upgrade. I have added them to the pending versions.
Those should be the last changes. I intend to release Plone 5.2.4 tomorrow (Wednesday).

A quick check by someone to see if anything unexpected pops up, would be welcome!

(My colleague Fred already put 5.2.4-pending live on a bunch of sites last week, and all seems well.)

Thanks, since I updated the pins I have an issue (in a test) with the resolveuid view (called by anonymous users).
More on that later :slight_smile:

It also seems that sometimes I have 404 where I was expecting a 403.

I think I solved the resolveuid and the 404 vs 403 status after adapting my code to not expect the portal url in the came_from request parameter (see Security cleanups by dataflake ยท Pull Request #87 ยท zopefoundation/Products.PluggableAuthService ยท GitHub).

1 Like

I have created Plone 5.2.4 final:
https://dist.plone.org/release/5.2.4/versions.cfg

4 Likes

Plone Foundation Code of Conduct