Plone 4.0.4

Milestone information

Eric Steele
Release registered:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon Plone-4.0.4.dmg (md5, sig) OS X 10.5/6-Intel Installer for Plone 4.0.4 1,396
last downloaded 20 weeks ago
download icon Plone-4.0.4-UnifiedInstaller.tgz (md5, sig) Unified Installer (full source kit for Linux, BSD ...) for Plone 4.0.4 10,368
last downloaded 21 weeks ago
download icon Plone-4.0.4.exe (md5, sig) Plone 4.0.4 installer for Windows 2000/XP/2003/Vista/7 16,615
last downloaded today
Total downloads: 28,379

Release notes 

This release includes the patches for CVE-2011-0720, so the hotfix is not needed with this release.


View the full changelog

Zope (2.12.16)

Plone (4.0.4)
- Remove useless trailing slash in 404. This fixes [gotcha]
- Use correct argument order in script. This fixes [fRiSi]
- Add missing security declarations on PropertiesTool. [davisagli]
- Add fallback icon for control panels with no icon, in the portlet_prefs portlet. This fixes [topherh, davisagli]
- Remove js-generated inline style from searchbox. Same CSS is in public.css. See, Fixes [msmith64]
- Fixed handling of relative links used as default pages This fixes [fRiSi]
- Re-instate spinner.gif (animation), lost in the move to PNGs. The static spinner.png has been deprecated. Fixes [mj]

Products.Archetypes (1.6.5)
- Remove method docstrings in Referenceable and ReferenceEngine to prevent making them publishable. [davisagli]
- Handle getCharset() returning None in Field.encode/decode. [elro]
- Avoid various deprecation warnings under Zope 2.13. [hannosch]
- Fixed a SyntaxWarning when using assert in the migrations module. [deo]
- Fixed textCounter JavaScript to work with fieldnames with hyphen. API of textCounter-method changed. Second parameter takes now the name of the counterfield, not the DOM object itself. [tom_gross]
- Fixed handling of Anonymous ownership in ExtensibleMetadata, where the ownership tuple is None. Also triggered for views on FactoryTool-wrapped objects. [mj]

Products.CMFEditions (2.0.5)
- Workaround some potential issues with event handlers and transaction.savepoint which can cause exceptions when, for example, zope.sendmail is used to send mail in the same transaction as saving an edition. [rossp]

Products.CMFQuickInstallerTool (3.0.4)
- Protect isProductInstalled so it is only callable by Managers. [davisagli]
- Remove utility mapping in site manager's dictionary to enable a complete uninstall. This fixes an issue where a cascade-based uninstall would not entirely remove utilities, but merely unregister them from the component registry.

Products.PlonePAS (4.0.4)
- Fix missing and broken security declarations. [davisagli]
- Avoid breaking on startup if PIL isn't present. [davisagli]
- Use 'defaultUser.png' as the default user portrait, since the .gif version has been deprecated for a long time now. See [mj]

Products.PluggableAuthService (1.7.3)
- The ZODBRoleManager made it clearer that adding a removing a role does not have much effect if you do not do the same in the root of the site (at the bottom of the Security tab at manage_access). Fixes
- Return the created user in _doAddUser, to match change in AccessControl 2.13.4.
- Fixed possible binascii.Error in extractCredentials of CookieAuthHelper. This is a corner case that might happen after a browser upgrade.

Products.PortalTransforms (2.0.5)
- Fix regression due to the security declarations added in 2.0.4: convertTo should still be public, but not publishable. [davisagli]
- Fix missing security declarations. [davisagli]

Products.TinyMCE (1.1.8)
- Suppress the WYSIWYG editor for fields whose text format is not HTML, and provide a "Edit without visual editor" link like kupu did so that the format can be switched from HTML to something else. [davisagli]
- Fix wysiwyg_support to correctly respect a user's preference to use no wysiwyg editor. [davisagli]
- Updated Norwegian translations. [mj]
- Add tests to make sure user can switch between editors using personalize_form [msmith64]
- Merged test fixes from to fix Plone 3 compatibility test failure. [msmith64]
- Fixed tests that were failing due to unpredictable dict key order. [msmith64]
- Allow users to choose to have no WYSIWYG editor. Fixes [msmith64]
- Do not crash when getting a configuration with styles that have an empty line at the end. [maurits]
- Make sure that tinymce-jsonconfiguration is traversed as a view in [davisagli]
- Transform now handles resolveuid/12345/subobject links correctly. This fixes [fRiSi]

archetypes.referencebrowserwidget (2.2)
- Fixed `getStartupDirectory` method if a `startup_directory_method` was defined, which cannot be traversed to. [hannosch]
- Check the references in the overlay that are checked in the widget when the overlay is constructed or refreshed. [csenger]
- Don't disable checkboxes in overlay when an item is selected. Remove the item from the value list when it is unchecked in the value list. fixes [csenger] (1.4)
- Avoid breaking on startup if PIL is not present. [davisagli] (1.2.2)
- Add missing security declaration on the ViewTemplateContainer. [davisagli] (2.0.2)
- Stop stripping GMT when passed to widget display and replace dates that have "-" with "/" so the proper timezone is applied. See #11423 [eleddy]
- Fix edge case of dates that are greater than the last minute interval. Now rounding down to last interval instead of returning "--". [eleddy] (1.0.3)
- Avoid breaking on startup if PIL is not present. [davisagli]
- Add getAvailableSizes and getImageSize to the @@images view. [elro]
- Protect the control panel with a custom permission, "Plone Site Setup: Imaging", instead of the generic "Manage portal". [davisagli] (2.1)
- Fixed stale catalog entries appearing for references of merged content. [maurits]
- Fixed minor test failure for ``_doAddUser``. [maurits]
- Test Products.CMFPlone version to set default permission, keeping 4.0 compatibility - the next release can be 2.0.1 again. [elro]
- Add autoinclude entry point. [elro]
- Update permission defaults for Plone 4.1's Site Administrator role. [elro] (2.0.7)
- Fixed i18n of the "Log in to add comments" button. It was a regression since 2.0. This fixes [vincentfretin] (1.0.4)
- Fixed test of the default user portrait, which changed from defaultUser.gif to defaultUser.png in Products.PlonePAS 4.0.5. [maurits]

plone.recipe.zope2instance (4.1.5)
- Respect new include-site-packages buildout option introduced in buildout 1.5. Closes [yuppie, hannosch]
- Added option import-directory to point to custom import folder. [garbas]

plone.recipe.zeoserver (1.2.0)
- Only require a nt_svcutils distribution on Windows. [hannosch]

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.