Plone

Plone 5.2.10

Milestone information

Project:
Plone
Series:
5.2
Version:
5.2.10
Released:
 
Registrant:
Maurits van Rees
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon Plone-5.2.10-UnifiedInstaller-1.0.zip (md5, sig) Unified Installer zip -- same as tarball, but easier to extract on Windows 437
last downloaded 5 days ago
download icon Plone-5.2.10-UnifiedInstaller-1.0.tgz (md5, sig) Unified Installer tarball -- builds Plone on most Linux/macOS/Windows 10 systems 735
last downloaded today
Total downloads: 1,172

Release notes 

# Release notes for Plone 5.2.10

Released: Monday October 31, 2022.

## Python compatibility

This release supports Python 2.7, 3.7, and 3.8.

**Python 3.6 is no longer supported.**
See the [community announcement](https://community.plone.org/t/plone-5-2-drops-python-3-6-support/15706).
Note that both Python 2.7 and 3.6 have reached end of life.
This means the wider Python community no longer supports it.
For example, the default WSGI server used by Plone, which is `waitress`, has a security problem that is only solved on Python 3.7 and higher. If you use `waitress` on earlier Python versions, you are vulnerable.

Python 3.7 will reach end of life in June 2023.
See https://devguide.python.org/versions/ for the canonical information.
It will get harder to test and support Plone on unsupported Python versions.

Especially Python 2.7 should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.

## Highlights

Interesting changes since 5.2.9:

* `Products.PluggableAuthService`: Set the Cookie Auth Helper cookies with `SameSite` set to `Lax` by default and allow admins to change the setting as well as the secure flag from the Properties tab in the ZMI.
* i18ndude: Add boolean `--no-line-numbers` option to `rebuild-pot`. Use this to prevent including line numbers in pot files.
* diazo: Remove dependency on `future` package.

Changelog 

View the full changelog

Zope: 4.8.2 → 4.8.3
-------------------

- Update dependencies to the latest releases for each supported Python version.

- Fix cookie path parameter handling:
  If the cookie path value contains ``%`` it is assumed to be
  fully quoted and used as is;
  if it contains only characters allowed (unquoted)
  in an URL path (with the exception of ``;``),
  it is used as is; otherwise, it is quoted using Python's
  ``urllib.parse.quote``
  (`#1052 <https://github.com/zopefoundation/Zope/issues/1052>`_).

- Change functional testing utilities to support percent encoded and unicode
  paths (`#1058 <https://github.com/zopefoundation/Zope/issues/1058>`_).

- Decode basic authentication header as utf-8, not latin1 anymore
  (`#1061 <https://github.com/zopefoundation/Zope/issues/1061>`_).

- Make ``ZPublisher.utils.basic_auth_encode`` support non-ascii strings on
  Python 2
  (`#1062 <https://github.com/zopefoundation/Zope/issues/1062>`_).

zc.buildout: 2.13.7 → 2.13.8
----------------------------

- Support ``python310-315`` in conditional section expressions.

plone.releaser: 1.8.6 → 1.8.7
-----------------------------
Bug fixes:

- report: add sleep and start parameters.
  [maurits] (#44)

i18ndude: 5.4.2 → 5.5.0
-----------------------
New features:

- Add boolean ``--no-line-numbers`` option to ``rebuild-pot``.
  Use this to prevent including line numbers in pot files.
  The default is to still include them, so no behavior change.
  The default could change in the future.
  If you want to be sure to keep your line numbers in the future, use the new ``--line-numbers`` option.
  [maurits] (#77)

Sphinx: 1.8.5 → 1.8.6
---------------------

python-dateutil: 2.8.1 → 2.8.2
------------------------------

simplejson: 3.17.0 → 3.17.6
---------------------------

diazo: 1.4.2 → 1.5.0
--------------------
New features:

- Remove dependency on `future` package.
  [petschki] (#85)

Plone: 5.2.9 → 5.2.10
---------------------
Bug fixes:

- Release Plone 5.2.10.
  [maurits]

plone.app.content: 3.8.8 → 3.8.9
--------------------------------
Bug fixes:

- Fix TypeError: 'NoneType' object is not subscriptable in reference browser widget.
  [maurits] (#2921)

plone.app.contentlisting: 2.0.7 → 2.0.8
---------------------------------------
Bug fixes:

- Build the mime-type icon url with an absolute url. Fixes #44
  [erral] (#44)

plone.app.layout: 3.5.1 → 3.5.2
-------------------------------
Bug fixes:

- get the title of the navigation root from the registry when the navigation root object is the portal object
  [erral] (#317)

plone.app.portlets: 4.4.7 → 4.4.8
---------------------------------
Bug fixes:

- Use the portal url to build the mimetype icon url
  [erral] (#168)

plone.app.theming: 4.1.7 → 4.1.8
--------------------------------
Bug fixes:

- Make sure Parameters Expressions are string when saving custom styles
  [frapell] (#209)

plone.app.upgrade: 2.1.2 → 2.1.3
--------------------------------
Bug fixes:

- Add a timezone property to portal memberdata if it is missing
  Backports #296 to Plone 5.2.
  [ale-rt] (#296)

- Added upgrade to 5218, Plone 5.2.10.
  [maurits] (#5218)

plone.app.users: 2.6.6 → 2.6.7
------------------------------
Bug fixes:

- Ensure that, when no timezone is selected, the value of the stored timezone is an empty string (#109)

plone.memoize: 2.1.1 → 3.0.0
----------------------------
Breaking changes:

- Drop support for Python 3.5 and 3.6.
  Add support for Python 3.9, 3.10, and 3.11. [davisagli] (#27)

plone.restapi: 7.8.0 → 7.8.1
----------------------------
Bug fixes:

- Document needed version pins for Plone 4.3. [erral] (#1150)

plone.resourceeditor: 3.0.3 → 3.0.4
-----------------------------------
Bug fixes:

- Fix unclosed file warnings
  [petschki] (#29)

Products.CMFEditions: 3.3.4 → 3.3.5
-----------------------------------
Bug fixes:

- Fix test to work with updated CMFUid.
  [davisagli] (#89)

Products.CMFPlone: 5.2.9 → 5.2.10
---------------------------------
Bug fixes:

- Fixed an issue that prevented the user to select the preferred timezone (#1290)

- Fixed adding control panel action via ZMI.
  [maurits] (#1959)

- Set portal title in registry when creating a new Plone site
  [erral] (#3584)

- Change test to make sure email is sent in utf-8
  [erral] (#3588)

- Update metadata version to 5218, Plone 5.2.10.
  [maurits] (#5218)

Products.CMFUid: 3.3 → 3.4
--------------------------
- When an object is reindexed after its UID is set,
  only reindex the ``cmf_uid`` index rather than all indexes.

Products.PluggableAuthService: 2.7.0 → 2.7.1
--------------------------------------------
- Set the Cookie Auth Helper cookies with ``SameSite`` set to ``Lax`` by
  default and allow admins to change the setting as well as the secure flag
  from the Properties tab in the ZMI.
  The ``SameSite`` cookie flag is not currently set, which causes modern
  browsers to show warnings at the console. Such cookies may be rejected in the
  future and break the Cookie Auth Helper. See
  https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
  for information about the ``SameSite`` cookie attribute and why its handling
  in browsers is changing.

Products.PortalTransforms: 3.2.0 → 3.2.1
----------------------------------------
Bug fixes:

- Fixed regular expression in tests on Python 3.11.
  [maurits] (#48)

- Tests: fixed incompatibility with lxml 3.9+ on Linux.
  This gives slightly different output.
  [maurits] (#818)

Products.Sessions: 4.13 → 4.14
------------------------------
- Add ability to set the session cookie's ``SameSite`` flag.
  See https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
  for some background on how browsers change handling ``SameSite``.
  The behavior of existing sites will not change unless the site administrator
  changes the cookie configuration explicitly. New browser id managers will use
  ``Lax`` by default.

z3c.formwidget.query: 0.17 → 1.0.0
----------------------------------
- Add Chinese translation.

- Add support for Python 3.5, 3.8, 3.9, 3.10.

plone.app.blocks: 5.1.0 → 5.2.0
-------------------------------

plone.app.standardtiles: 2.4.2 → 2.5.0
--------------------------------------

launchpadlib: 1.10.16 → 1.10.17
-------------------------------

lazr.restfulclient: 0.14.4 → 0.14.5
-----------------------------------

smmap: 3.0.1 → 3.0.5
--------------------

wadllib: 1.3.3 → 1.3.6
----------------------

colorama: 0.4.5 → 0.4.6
-----------------------

distlib: 0.3.4 → 0.3.6
----------------------

virtualenv: 20.14.0 → 20.14.1
-----------------------------

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.