Plone 5.2.8 released

I have released Plone 5.2.8.
With Buildout you can use the versions file at https://dist.plone.org/release/5.2.8/versions.cfg.
With pip you can use the constraints file at https://dist.plone.org/release/5.2.8/constraints.txt

See the release page on plone.org for more info and links to the installers.

Please read the information below about waitress carefully.

Interesting changes since 5.2.7:

  • Zope: Enhance cookie support. For details, see issue 1010
    For more changes see Change log — Zope documentation 4.6 documentation
  • waitress is updated to version 2.1.1 to mitigate a vulnerability in that package. As waitress no longer supports Python versions less than 3.7 it is not advised to run Plone 5.2 on Python 2.7 or 3.6 any longer, even though they are still supported by Plone itself. You get an older waitress version then. If you must use an old Python version, please switch to a different WSGI server. See the recommendations in the Zope documentation.
  • WARNING: the new waitress 2.1.1 does seem to suffer from a possible race condition leading to the process quitting. If you are affected by this, you can downgrade to 2.1.0 (which has a known security vulnerability, as mentioned above) or use a different WSGI server.
  • plone.app.linkintegrity: Track link integrity of referenced PDFs and other site objects in IFRAME SRC references.
  • plone.outputfilters: Resolve UIDs in SRC attribute of of SOURCE and IFRAME elements.
  • plone.app.querystring: Add lazy attribute to vocabularies to prevent fetching any results.
  • plone.schema: Use indent in json.dumps to make JSON readable in the widget.
1 Like

Thanks! https://demo.plone.org now runs on 5.2.8

1 Like

Docker image plone/plone-backend also released

Just updated to 5.2.8 look fine, thanks.

Plone Foundation Code of Conduct