Plone 5.2.8 soft-released

Announcements
1

Plone 5.2.8 has been soft-released. Please give it a try and let me know if there are any critical issues. https://dist.plone.org/release/5.2-dev/versions.cfg

For those who haven't run across soft-releases before, this is the last step before the final release. Because things haven't been finalized yet, some packages may change between now and the release. It is not recommended to use soft-releases in production.

See also the release checklist on GitHub.

Interesting changes since 5.2.7:

  • Zope: Enhance cookie support. For details, see issue 1010
    For more changes see Change log — Zope documentation 4.6 documentation
  • waitress is updated to version 2.1.1 to mitigate a vulnerability in that package. As waitress no longer supports Python versions less than 3.7 it is not advised to run Plone 5.2 on Python 2.7 or 3.6 any longer, even though they are still supported by Plone itself. You get an older waitress version then. If you must use an old Python version, please switch to a different WSGI server. See the recommendations in the Zope documentation.
  • plone.app.linkintegrity: Track link integrity of referenced PDFs and other site objects in IFRAME SRC references.
  • plone.outputfilters: Resolve UIDs in SRC attribute of of SOURCE and IFRAME elements.
  • plone.app.querystring: Add lazy attribute to vocabularies to prevent fetching any results.
  • plone.schema: Use indent in json.dumps to make JSON readable in the widget.

For a more complete list of changes, see the changelog.

3 Likes
2

HI @mauritsvanrees, thanks for your work!
I see that 5.2.8 uses waitress 2.1.1.

Note that it has an annoying bug: see Possible race condition leading to the main loop dying? · Issue #374 · Pylons/waitress · GitHub

In my case that bug caused:

  • some robottest to randomly take a huge amount of time to complete
  • some instances managed by supervisor were restarted at random times because waitress was just dying

I was using waitress 2.1.1 with Plone 5.2.7, but the issue with the tests happened also when running the robot tests with Plone 5.2.8.

Good news, Possible race condition leading to the main loop dying? · Issue #374 · Pylons/waitress · GitHub already seems to be a good fix.

I did not find a way to replicate the issue.

3

I waited a while until a possible new waitress release, but that is taking too long. Version 2.1.1 has a race condition and a security fix. So you both want it and do not want it. :frowning: Plone 6.0.0a4 uses this pin (via Zope 5.5.1). So let's stop waiting and ship Plone 5.2.8 with this pin and a warning.

4

I have released Plone 5.2.8. More official announcement to follow in a separate post.