Plone 4.2.3

Milestone information

Eric Steele
Release registered:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon Plone-4.2.3-64.dmg (md5, sig) Plone 4.2.2 OS X Binary Installer for Lion and Mountain Lion 606
last downloaded 32 weeks ago
download icon Plone-4.2.3-UnifiedInstaller.tgz (md5, sig) Unified Installer for Plone 4.2.3. Source kit installer for Linux, BSD, OS X. 4,170
last downloaded 2 days ago
Total downloads: 4,776

Release notes 

This release does not have release notes.


View the full changelog

plone.recipe.zope2instance: 4.2.5 → 4.2.6

- Use interpreter script instead of setting PYTHONPATH. Fixes Windows
  "the environment variable is longer than 32767 bytes" error.
- Make the zope.conf http-server optional by setting http-address to
  an empty string. Useful for configurations used under an external
  server such as a WSGI deployment.

Plone: 4.2.2 → 4.2.3

- Release Plone 4.2.3

Products.ATContentTypes: 2.1.9 → 2.1.10

- change string ownership to creators as it makes more sense
- Make sure ATTopic.queryCatalog cannot be published. This fixes

Products.Archetypes: 1.8.4 → 1.8.6

- Add missing security declarations on the UIDResolver class.
- Sanitize input to go_back script. This fixes
- Disallow downloading files via the at_download script if the user does not
  have the field's read_permission. This addresses a security vulnerability
  discussed at
- Add minute_step to CalendarWidget so we can define another minute step than
  hardcoded 5 for now
- If form tabbing is allowed, make sure we can still track the current fieldset
  if form submission returns to the edit form.
- Fix inline validation for items in the portal_factory.
- Change used event to update metadata during copy&paste fixes #13326 and makes
  1.8.5 compatible with LinguaPlone again.

Products.CMFPlacefulWorkflow: 1.5.8 → 1.5.9

- Fixed handling of "update security" option.

Products.CMFPlone: 4.2.2 → 4.2.3

Products.PasswordResetTool: 2.0.9 → 2.0.10

- Use system random when available. This is part of the fix for
- show login name instead of user id.
  Normally this is the same, but this is not necessarily true when
  using the email address as login name.

Products.PloneLanguageTool: 3.2.5 → 3.2.6

- Do not try to get content language for resources that are not
  content. Fixes

Products.PlonePAS: 4.0.13 → 4.0.14

- Fix saving, getting and deleting the user portrait for non-standard
  user ids like 'bob-jones' or '<email address hidden>'.
- Fix the test for the current password if the user id differs from
  the login name.
- PEP8 Cleanup

Products.PortalTransforms: 2.1.1 → 2.1.2

- Adjust safe_html transform to block various XSS vulnerabilities. This fixes

Products.ResourceRegistries: 2.2.3 → 2.2.4

- Add some space between up/down and remove links in ZMI

Products.TinyMCE: 1.2.13 → 1.2.14

- Escape double quote to so images preview keeps working when having quote
  in tilte
- Declare dependency on

Products.kupu: 1.5 → 1.5.1

archetypes.referencebrowserwidget: 2.4.13 → 2.4.15

- Make new added references sortable with already existing ones
  while editing a content. Fixes
- Use HTML5 placeholder attribute on search box. Replaces deprecated
  inputLabel class.
- Use normalizeString to create class names for an item's portal type
  and review state. Fixes
- don't let search fail on broken catalog

diazo: 1.0.2 → 1.0.3

kss.core: 1.6.4 → 1.6.5

- Make sure the DevelView can't be traversed improperly. This fixes
- Use type instead of makeClass for Zope 4 compatibility.
  [elro] 1.5.4 → 1.5.5

- Added adapter for data wrapped in xmlrpclib.Binary
  [aclark, garbas]
- Fix BLOB migration when LinguaPlone is installed.
  [rpatterson] 1.0.6 → 1.0.7

- Check if item isPrincipiaFolderish instead of the hardcoded portal_type
  Folder when searching for images
- Fix thumbnail_view so it works with any portal_atct image types not just
  with Image and News Items
- properly show dates on tabular view, fixes #12907
  [maartenkling] 2.0.6 → 2.0.7

- add prefix to id tag for display menu dropdown items, fixes #11927 and #10894
  [maartenkling] 1.0.2 → 1.0.3

- Whoever heard I liked batching was wrong. The Catalog results are
  already batched, so don't batch them again.
  [lentinj] 2.2.9 → 2.2.10

- Fix description of 'email as login' security setting. It said
  existing users could go to the personalize information page and save
  it to start using their email as login, but that no longer works and
  is too hard to fix. We now only recommend using the
  migrate-to-emaillogin page as manager.
- Fix as site administrator modify users in controlpanel
  when a user in the list is in administrator group, refs #12307
- When browsing users and groups, clear searchstring when when adding
  or removing. Also do not show search results then.
- When browsing users and groups, clear searchstring when selecting
  show all.
- Fix 'Redirect immediately to link target' setting doesn't stick #12892
- Change title and description for permitted styles so its correct
- Fix @@usergroup-groupmembership "Show All users" batching broken
- Add error class to portalMessage when portalMessage contains error
  [maartenkling] 2.2.7 → 2.2.8

- Changed the behaviour of the title viewlet for items in the portal_factory.
- Fix an edge case where getNavigationRootObject could loop infinitely.
  [davisagli] 4.2.2 → 4.2.3

- Updated Finnish translations. 2.3.6 → 2.3.7

- @@manage-portlets: Tooltip for X icon is "Remove", should be "Delete"
  [maartenkling] 1.0.6 → 1.0.7

- fix search results when having done a seach and switching out some
  items and doing the same search again, refs #12880
  [maartenkling, robgietema]
- only fill query when there is at least one type selected
- Fixed Google Chrome and Safari search compatibility problem
  [Manabu TERADA] 4.2 → 4.2.1

- Allow testing with non standard port. Allows running multiple test suites
  in parallel.
- Documentation updates.
  [moo] 1.0.3 → 1.0.4

- Demote ZMI patch log message to debug level.
- Add i18n tags to translate headings, fixes #12967
- Change title in control panel to Theme Settings, fixes #12075
  [maartenkling] 1.2.2 → 1.2.3

- Add upgrade profile for Plone 4.2.3
- In the UID index migration, if there are items whose key is None,
  skip them instead of complaining about there being multiple items.
  [davisagli] 2.0.2 → 2.0.3

- Hiding viewlets for skinname="*" was not working properly.
  [garbas, WouterVH]
- Add as dependency to get the list of existing skins.
- Add
  [WouterVH] 2.0.8 → 2.0.9

- Use HTML5 placeholder attribute on Sharing tab search box. Replaces
  deprecated inputLabel class.
  [danjacka] 0.6.1 → 0.6.2

- Rename the 'fieldset.current' hidden input to 'fieldset' for consistency
  with Archetypes.
- Fix a case where the widget broke if its form's content was a dict.

plone.cachepurging: 1.0.3 → 1.0.4

- Fixed purge paths for virtual hosting scenarios using virtual path components.

plone.indexer: 1.0 → 1.0.1

- Relicense under modified BSD license; per Plone Foundation board
  approval on 2012-05-31.
- Add

plone.keyring: 2.0 → 2.0.1

- Use system random when available. This is part of the fix for
- Add

plone.openid: 2.0 → 2.0.1

- Fixed to store timestamp as part of nonce. This fixes
- Add

plone.outputfilters: 1.6 → 1.8

- Fix packaging issue.
- When resolving images, only look upward for the full image if the
  image that was traversed is not a content item (i.e. is a scale).
  [davisagli, datakurre]
- Also convert "resolveUid/" links (big 'U') that FCKeditor used to create.
- Also escape double quotes, fixes #13219

plone.protect: 2.0 → 2.0.2

- Use constant time comparison to verify the authenticator. This is part of the
  fix for
- Add
- Add ability to customize the token created.

plone.session: 3.5 → 3.5.2

- Use constant time comparison when validating tickets. This is part of the fix
- Handle encoded strings for userids.
- Add
- Fix for Python 2.4 under 64bit Mac OS generating incorrect mod_auth_tkt

plone.subrequest: 1.6.6 → 1.6.7

- Ensure correct handling of bare virtual hosting urls.

plone.supermodel: 1.1.3 → 1.1.4

- Allow XML comments in field definitions.

plone.testing: 4.0.6 → 4.0.7

- Fix quoting of urls by the testbrowser.

plonetheme.classic: 1.2.4 → 1.2.5

- Reinstate positioning for magnifying glass image on search results
  Search button.
- Fix sitemap display by making styles more specific than #content ul.

wicked: 1.1.9 → 1.1.10

- Fix minor white space test failures in combination with chameleon.

zope.schema: 4.2 → 4.2.1

plone.formwidget.autocomplete: 1.2.3 → 1.2.4

z3c.relationfield: 0.6.1 → 0.6.2

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.