Plone 4.3.7

Milestone information

Eric Steele
Release registered:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
No users assigned to blueprints and bugs.
No blueprints are targeted to this milestone.
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon Plone-4.3.7-r1-UnifiedInstaller.tgz (md5, sig) Unified Installer with 20151006 and 20151208 hotfixes 2,428
last downloaded 28 weeks ago
download icon Plone-4.3.7-UnifiedInstaller.tgz (md5, sig) Unified Installer (builds Plone on most Linux/BSD/OSX systems) 4,144
last downloaded 5 weeks ago
Total downloads: 6,572

Release notes 

This release does not have release notes.


View the full changelog

docutils: 0.9.1 → 0.12

AccessControl: 3.0.8 → 3.0.11

collective.xmltestreport: 1.3.2 → 1.3.3
- Dependency to z3c.recipe.scripts declared but it was nowhere used.
  Removed dependency. This makes it work with newer zc.buildout again.
  Fixes #10

decorator: 3.4.0 → 3.4.2

mr.developer: 1.21 → 1.33

plone.recipe.zope2instance: 4.2.17 → 4.2.18
- Allow to disable logs. Set ``z2-log`` to the value ``disable`` to
  disable the Z2 access log. Set ``event-log`` to the value
  ``disable`` to disable the event log.

zope.testrunner: 4.1.1 → 4.4.4

Pygments: 1.6 → 2.0.2

Plone: 4.3.6 → 4.3.7
- Release Plone 4.3.7

Products.ATContentTypes: 2.1.15 → 2.1.16
- Avoid DeprecationWarning for Products.CMFDynamicViewFTI.interface.

Products.CMFDiffTool: 2.1 → 2.1.1
- Fixed UnicodeDecodeError in dump/ndiff.

- Fix: Make ```` tests works with Python 2.6.

- Provide diff for dexterity behaviors' fields.

- Fix bug with encoding in TextDiff.

Products.CMFDynamicViewFTI: 4.1.2 → 4.1.3
- Cleanup: PEP8 et al., security/zca via decorators, ...

Products.CMFEditions: 2.2.13 → 2.2.16
- Input sanitation for retrieveSubstitute()

- use unrestricted search for storage statistics

- Do not call ndiff unless there is no html_diff. Removed strange
  unicode space from template. Related to

Products.CMFFormController: 3.0.4 → 3.0.5
- Additional check in BaseControllerPageTemplate when we try to delete an entry
  from the request, that has already been deleted [cekk]

Products.CMFPlacefulWorkflow: 1.5.10 → 1.5.11
- Added upgrade step to apply our full profile. This is meant mostly
  for upgrades from ancient versions that had no profile yet or had a
  profile without a metadata.xml. In that case the quick installer
  would complain that the old profile version was unknown and there
  was no upgrade.

Products.CMFPlone: 4.3.6 → 4.3.7
- Remove Chrome Frame from ``X-UA-Compatible`` HTTP header as it's deprecated.

- Apply hotfixes from

- Do not throw a 404 on site root RSS feeds

- Upgrade known core packages at the end of the Plone migration.

- Require ``POST`` request for various forms that send email.

- Make the `formUnload.js` protection works while using CKEditor
  as it is the case with TinyMCE.

- Properly hide ```` and ````
  from products.

- Fix email validation of long domain names.

Products.CMFQuickInstallerTool: 3.0.8 → 3.0.12
- When uninstalling a product, mark its install profile as
  ``unknown``, so ``portal_setup`` also regards it as not installed.

- Fixed getting profiles registered explicitly for ``IPloneSiteRoot``
  instead CMFCore ``ISiteRoot``. Bug introduced in 3.0.10. See for

- Cleanup: PEP8, decorators for security+zca, et al.

- When uninstalling always run a profile 'uninstall' if no other
  uninstall-method is found.

- Readded doctests which were not run after port to

Products.contentmigration: 2.1.10 → 2.1.11
- Remove implicit dependency on CMFDefault by moving testcontent to product.

Products.GenericSetup: 1.7.5 → 1.7.7
- Fix: when the last applied upgrade step had a checker, the profile
  version was not updated. Now we no longer look at the checker of
  the last applied step when deciding whether to set the profile
  version. The checker, if any is set, normally returns True before
  running the step (it can be applied), and False afterwards (it
  was already applied).

- Add ``upgradeProfile`` method to setup tool. This method applies all
  upgrades steps for the given profile, or updates it to the optional
  given version. If the profile does not exist, or if there is no upgrade
  step to go to the specified version, the method warns and does nothing.

- Check the boolean value of the ``remove`` option when importing
  objects. Previously we only checked if the ``remove`` option was
  given, regardless of its value. Supported are ``True``, ``Yes``,
  and ``1``, where case does not matter. The syntax for removing
  objects, properties, and elements is now the same.

- Support ``remove="True"`` for properties.

- Enable testing under Travis.

- Fix compatibility with Setuptools 8.0 and later. Upgrade steps
  could get sorted in the wrong order, especially an empty version
  string (upgrade step from any source version) sorted last instead of

Products.MimetypesRegistry: 2.0.7 → 2.0.8
- Use doc icon for docx, xls for xlsx, ppt for pptx

Products.PortalTransforms: 2.1.6 → 2.1.10
- Add iframe as a valid tag

- fix unicode issue in safe_html when there is entity in script tag

- fix error mis-configured transforms would cause:
  "AttributeError: 'NoneType' object has no attribute 'items'"

- fix safe_html with entities after a <script> tag

- Remove CMFDefault dependency

Products.TinyMCE: 1.3.9 → 1.3.14
- Moved utility globals outside the ``getValidElements`` method.
  This will make TinyMCE lot easyer to be customized also through simple patches

- Explicitly release as zip file. The tar.gz file of the previous two
  releases works fine on my Mac, but not on Linux, which is strange.

- Rerelease due to possible brown bag release.

- deactivate diazo for ``@@tinymce-upload`` view to make
  sure ``uploadOk`` script is called to update the
  content browser panel.

- UI and UX improvements: Do not cover upload button.
  Clickable icons. (fixes #106) [fRiSi]

- Fixed current image scale in image popups

- Fix Brazilian Portuguese translations (closes `#99`_).

- Update tinymce to 3.5.11.

archetypes.referencebrowserwidget: 2.5.3 → 2.5.4
- Follow README/CHANGES best practice.

- saner check for isNotSelf(), which was throwing KeyError
  [alecpm, tkimnguyen]

collective.testcaselayer: 1.6 → 1.6.1
- Minor cleanup: whitespace, git ignores,
  [gforcada, rnix, maurits] 1.5.15 → 1.5.16
- Fix migrator for AT-based types that got broken in 1.5.8 release and add
  an option to remove the content of the non-blob field during migration to
  not end up having stale data in the ZODB
  [fRiSi] 1.1.9 → 1.1.10
- correctly create purge paths for root of site, prevent double slashes
  and the empty root of site(no trailing slash) not getting a purge
  path generated

- Fix the portalPath used in the controlpanel for manual purging URL's.
  This bug resulted in rarely doing all the purging required.
  [puittenbroek] 2.0.10 → 2.0.11
- Avoid DeprecationWarning for Products.CMFDynamicViewFTI.interface.
  [maurits] 2.3.8 → 2.3.9
- Added ``text-decoration`` to allowed css style attributes in
  ``@@filter-controlpanel``. Change backported from master.
  [jnachtigall, vangheem, maurits] 2.0.13 → 2.0.15
- Avoid DeprecationWarning for getIcon.

- Remove superfluous ``for`` in behaviors zcml w/o factory. No more warnings
  logged by ``plone.behavior``. See also plone/plone.behavior#2.

- Fixed test: use autologin.
  [gotcha] 2.2.5 → 2.2.6
- Inline validation robustness if no field name is passed by client
  request. Same as in
  [maurits] 2.1.12 → 2.1.13
- Fix tests to work with auto csrf.

- Fix tests for latest plone.protect.
  [vangheem] 1.7.2 →
- Fixed initial upgrade: use correct profile directory.
  [maurits] 1.5.5 → 1.5.6
- Backport improvements to ``@@updateLinkIntegrityInformation`` from
  plone5 branch.
  [pbauer] 2.5.3 → 2.5.4
- Avoid DeprecationWarning for Products.CMFDynamicViewFTI.interface.
  [maurits] 1.2.5 → 1.2.7
- Fixed possible problem with ``custom_query`` parameter where
  theoretically a second invocation could inadvertently be using the
  value from the first invocation.

- Fix path-queries using UID (backported from master).
  [pbauer] 1.2 → 1.2.2
- Rerelease of same code as 1.2. The changes from 1.2.1 are for Plone 5.

- Rename without using folder_contents.

- Use p.a.contenttypes test fixture and adapt/fix failing tests due to the
  ATContentTypes removal from PLONE_FIXTURE in Plone 5.
  [timo] 1.2.5 → 1.2.6
- Fix negative equality bug RawValueHolder and RichTextValue introduced in 1.2.5.
  [jone] 1.1.6 → 1.1.7
- Fix AttributeError: 'NoneType' object has no attribute 'getroottree' when the result is not
  html / is empty.
  [sunew] 1.3.10 → 1.3.18
- Add migration for ILinkSchema

- Add migration for TinyMCE settings

- Fix migration of typesUseViewActionInListings to registry.

- Fix incorrect interate import.

- Fix issues with missing registry-entries when upgrading 5.0rc2 -> 5.0rc3.

- Plone 4.3: upgrade TinyMCE correctly. Update sunburst theme profile
  version when applying its upgrade step. Update CMFEditions. Update
  This fixes

- Portal properties calendar_starting_year and calendar_future_years_available
  were moved to registry.

- Remove unused invalid_ids portal property

- Fix migration of types_not_searched to registry.

- Remove site properties that have been migrated to the registry.

- Remove no-longer-used properties from portal_properties

- Remove plone_forms skins folder for 5.0 rc1

- Install and migrate linkintegrity-relations.

- Unregister removed collection.css.

- 5.0 beta: do not set ``url_expr`` on configlet. This must be done
  with ``setActionExpression``.

- Turn @@tinymce-controlpanel ``content_css`` field into a list

- Fix for 5.0b2 -> 5.0b3 upgrade step that removed permissions from most of
  the control panel configlets. This fixes:
  [sneridagh, timo]

- upgrade plone buttons to not have so many things open in modals

- uninstall mockup-pattern-accessibility pattern registration

- add Products.CMFPlacefulWorkflow as dep as __init__ requires this

- add social media control panel upgrade

- upgrades for plone 5 tinymce configuration and social tags config

- add step for updated dropzone resource location

- remove dependency

- Add jquerytools removal upgrade

- Plone 5: upgrade manage portlets js

- Remove hard dependency on CMFDefault

- Update the category configlet of all the configlets in order to provide a way
  to categorize properly each configlet [sneridagh]

- Updated links for the renamed 'Types' control panel [sneridagh] 1.2.1 → 1.2.2
- Fixed "Add new user" form when there are too many groups.
- Fixed @@change-password to accept current password containing non-ascii chars
- Fixed @@change-password to accept new password containing non-ascii chars
  [sgeulette] 2.1.17 → 2.1.20
- Cleanup: PEP8, decorators for zca, et al. Also pimped the README.

- Fixed SyndicatableFeedItems to allow unicode characters in objects titles.

- change CatalogSource to be able to validate
  path strings in addition to UIDs

plone.batching: 1.0.4 → 1.0.5
- Make sure pagenumber value is not bigger that numpages
  or it fails in previous_pages when using orphan

- Allow orphan size to be equal to batch size. This allows
  the edge case of batch size 0 with default orphan size 0.

plone.behavior: 1.0.3 → 1.1
- Corrected typo in warning.

- Add name to behavior directive. This name can be used to lookup behavior
  registrations by new plone.behaviors.registration.
  lookup_behavior_registration function.

- Added more documentation, simplified code in directive, added a warning if
  ``for`` is given w/o ``factory``.

plone.cachepurging: 1.0.7 → 1.0.9
- Do not iterate on settings.cachingProxies when there are no.

- correctly be able to purge empty path(root of site). Previously, /
  was always appended to url so one potential path of the resource
  in varnish would never get purged--sometimes the most important, the homepage.

plone.folder: 1.0.6 → 1.0.7
- Depend on ``Products.CMFCore`` and remove fake-cmf, because this confuses
  more than it helps to reduce complexcity.

- Cleanup: PEP8 and do not use ``id`` built-in as identifier.

plone.locking: 2.0.5 → 2.0.8
- Fix write on read CSRF issues with latest plone.protect

- Fix possible package problem with Python 2.6 and old setuptools (at
  least 0.6c11) not finding the ``README.txt``.

- Pep8.

plone.namedfile: 2.0.8 → 2.0.9
- Don't fail, when accessing the ``tag`` method of the ``@@images`` view, if
  ``scale`` returns ``None``.

plone.portlet.collection: 2.1.7 → 2.1.8
- Fix show_dates by calling obj.Date(). This fixes

plone.schemaeditor: 1.3.9 → 1.3.11
- Fixed DeprecationWarning: object.__init__() takes no parameters.

- Fixed test: use autologin.

plone.session: 3.5.5 → 3.5.6
- Cleanup: Pep8, plone style conventions, better readbility.

plone.testing: 4.0.13 → 4.0.15
- Prevent exception masking in finally clause of zopeApp context

- Rerelease for clarity due to double release of 4.0.13.

- Added ``multiinit``-parameter to z2.installProduct
  to allow multiple initialize methods for a package

plone.theme: 2.1.4 → 2.1.5
- restore 2.x branch as being for plone < 5. Revert 2.1.4 changes.

plone.z3cform: 0.8.0 → 0.8.1
- Feature: take group class from parent-form if given. If not given it uses
  the default class.

- Added Ukrainian translation

- Added Italian translation

z3c.form: 3.2.3 → 3.2.4
- Fix ordered select input widget not working.

- ReSt fix.
  [timo] 1.0.4 → 1.0.5
- Remove duplicate zcml (they are 100% the same).

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.