Plone 4.3.12

collective.recipe.template: 1.9 → 1.13
--------------------------------------

setuptools: 20.1.1 → 26.1.1
---------------------------

mr.developer: 1.33 → 1.34
-------------------------

plone.recipe.zeoserver: 1.2.9 → 1.3
-----------------------------------
New features:

- Add support for log rotation.
  [hvelarde]

Bug fixes:

- Typo in documentation. [ale-rt]

plone.recipe.zope2instance: 4.2.21 → 4.2.22
-------------------------------------------
Bug fixes:

- Add coding headers on python files.
  [gforcada]

plone.app.robotframework: 1.0 → 1.0.1
-------------------------------------
Bug fixes:

- fix broken links
  [staeff]

Plone: 4.3.11 → 4.3.12
----------------------
New features:

- Release Plone 4.3.12

Products.Archetypes: 1.9.12 → 1.9.13
------------------------------------
Bug fixes:

- no allowable_content_types for description (avoid validation)
  [tschorr]

- *add item here*

Products.CMFDiffTool: 2.2.0 → 2.2.1
-----------------------------------
Bug fixes:

- Fix error when showing changes to objects of type "set" [deankarlen]

Products.CMFDynamicViewFTI: 4.1.4 → 4.1.5
-----------------------------------------
Bug fixes:

- Don't instantiate browser view to check for existence.
  [malthe]

Products.CMFEditions: 2.2.21 → 2.2.23
-------------------------------------
Bug fixes:

- In ShadowStorage's `isRegistered` and `getHistory` methods,
  avoid checking for a history_id of None in the storage's BTree.
  This fixes compatibility with BTrees 4.x,
  which disallows comparing keys to None.
  [davisagli]

- Fix deprecated import from Globals that is changed in Zope4.
  [pbauer]

- Do not log using plone restricted python logging script.
  [jensens]

Products.CMFFormController: 3.0.6 → 3.0.8
-----------------------------------------
Bug fixes:

- Applied security hotfix 20160830 for ``redirect_to``. This action
  refuses to redirect to unknown external sites. Added
  ``external_redirect_to`` action in case someone *does* need to
  redirect to an external site. This option is also there in the
  hotfix. [maurits]

- Move patch from plone.protect 3.x to Actions.RedirectTo so it allows ATContentTypes add forms to append auth token.
  Issue https://github.com/plone/Products.CMFPlone/issues/1335
  [staeff, fredvd]

Products.CMFPlacefulWorkflow: 1.5.13 → 1.5.14
---------------------------------------------
Bug fixes:

- Fixed workflow tests for new ``comment_one_state_workflow``. [maurits]

Products.CMFPlone: 4.3.11 → 4.3.12
----------------------------------
New features:

- Added ``ok`` view. This is useful for automated checks, for example
  httpok, to see if the site is still available. It returns the text
  ``OK`` and sets headers to avoid caching.
  [maurits]

- Add sort_on field to search controlpanel.
  [rodfersou]

Bug fixes:

- Added security checks for ``str.format``. Part of PloneHotfix20170117. [maurits]

- Fixed workflow tests for new ``comment_one_state_workflow``. [maurits]

- Fix base tag differs from actual URL (fixes `#86`_).
  [rodfersou]

- Load some patches earlier, instead of in our initialize method.
  This is part of PloneHotfix20161129.
  [maurits]

- Apply security hotfix 20160830 for ``z3c.form`` widgets. [maurits]

- Fixed tests in combination with newer CMFFormController which has the hotfix. [maurits]

- Apply security hotfix 20160830 for ``@@plone-root-login``. [maurits]

- Apply security hotfix 20160830 for ``isURLInPortal``. [maurits]

- Include inactive content in worklists. [sebasgo]

Products.CMFQuickInstallerTool: 3.0.13 → 3.0.15
-----------------------------------------------
Bug fixes:

- Fix imports since Globals was removed in Zope4
  [pbauer]

- Added link to the Add-ons control panel in the QI ZMI form.
  And say the form itself is deprecated.
  [maurits]

- Apply security hotfix 20160830 for ``installProducts`` redirection.
  On top of that, we require a POST request. [maurits]

Products.contentmigration: 2.1.13 → 2.1.15
------------------------------------------
Bug fixes:

- Errors has been dropped/deprecated errors from OFS.CopySupport.
  [tschorr]

- Remove unused import of Archetypes. [davisagli]

Products.DCWorkflow: 2.2.4 → 2.2.5
----------------------------------

Products.ExternalEditor: 1.1.0 → 1.1.3
--------------------------------------
- Fixed reflective XSS in findResult.
  This applies PloneHotfix20170117. [maurits]

- Quote variable in manage_tabs to avoid XSS.
  From Products.PloneHotfix20160830. [maurits]

- Reverted dtml to older Zope 2.12/2.13. Version 2.0.0 had changes
  for Zope trunk that were making the management interface ugly
  (missing icons) in older Zopes. So there now is a branch 1.1.x to
  support those versions. Note that our code patches
  `OFS.ObjectManager.manage_main` and
  `App.Management.Tabs.manage_tabs`, adding external edit icons to
  those files.

- Moved code to https://github.com/zopefoundation/Products.ExternalEditor

Products.GenericSetup: 1.8.3 → 1.8.6
------------------------------------
- Added a ``purge_old`` option to the tarball import form.
  By default this option is checked, which matches the previous behavior.
  If you uncheck it, this avoids purging old settings for any import step
  that is run. [maurits]

- Stopped using a form library to render the components form.

- Made ``_profile_upgrade_versions`` a PersistentMapping. When
  ``(un)setLastVersionForProfile`` is called, we migrate the original
  Python dictionary. This makes some code easier and plays nicer with
  transactions, which may especially help during tests. [maurits]

Products.PlacelessTranslationService: 2.0.6 → 2.0.7
---------------------------------------------------
Bug fixes:

- Fix import from Globals that is removed in Zope4.
  [pbauer]

Products.PlonePAS: 5.0.11 → 5.0.13
----------------------------------
Bug fixes:

- In getMemberInfo, if a property is not present it now returns an
  empty string, rather than raising an exception. This fixes login for
  sites that have location removed.
  [MatthewWilkes]

- Depend on plone.protect 2.0.3 or higher.
  Fixes https://github.com/plone/Products.PlonePAS/issues/21
  [maurits]

Products.TinyMCE: 1.3.23 → 1.3.25
---------------------------------
Bug fixes:

- Allow HTML 5.1 allowfullscreen attribute for iframe. This is needed for
  some embed videos to allow full screen functionality.
  [vincentfretin]

- Breadcrumbs on browser plugin will not longer be emtpy when one of the parents
  is not accessible. See `#150`_.
  [keul]

Products.ZSQLMethods: 2.13.4 → 2.13.5
-------------------------------------

Products.statusmessages: 4.1.1 → 4.1.2
--------------------------------------
Bug fixes:

- Fix deprecated import in test.
  [pbauer]

plone.app.collection: 1.0.13 → 1.0.15
-------------------------------------
Bug fixes:

- Fix summary view for results with Discussion Items
  [ichim-david]

- Check with getattr if item isPrincipiaFolderish as Comment does
  not have this attribute which would render an AttributeError
  [ichim-david]

- Make formatting of start & end dates in tabular view consistent with other
  dates
  [djowett]

plone.app.content: 2.1.5 → 2.1.7
--------------------------------
Bug fixes:

- Removed registry settings for download behaviour of blobs based on mimetype patterns.
  This was missing support in upgrades, and was not used in core,
  and did not end up in Plone 5.0 or 5.1. So let's not use it in a version for Plone 4.3.
  See `issue 119 <https://github.com/plone/plone.app.content/issues/119>`_.
  [maurits]

- Apply security hotfix 20160830 for folder factories redirection. [maurits]

- Added registry settings for download behaviour of blobs based on mimetype patterns. [djay]

plone.app.controlpanel: 2.3.9 → 2.3.11
--------------------------------------
New features:

- Added options to change default search order.
  [rodfersou]

Bug fixes:

- Fix tests for syndication control panel to pass also with
  new plone.app.registry versions
  [Asko Soukka]

plone.app.discussion: 2.2.18 → 2.2.20
-------------------------------------
Bug fixes:

- Make comment on private content not publicly available in search results.
  Part of PloneHotfix20161129. [vangheem, maurits]

- Apply security hotfix 20160830 for redirects. [maurits]

plone.app.iterate: 2.1.17 → 2.1.18
----------------------------------
Bug fixes:

- Remove broken references when making checkout.
  Fixes issue `30 <https://github.com/plone/plone.app.iterate/issues/30>`_.
  [maurits]

plone.app.jquerytools: 1.8.0 → 1.9.0
------------------------------------
New features:

- An overlay registered by the prepOverlay function can now be optionally be
  triggered by a hover or doubleclick event, instead of click.
  [petri]

plone.app.layout: 2.3.15 → 2.3.17
---------------------------------
Bug fixes:

- Fix error in viewlet when related dexterity item has been deleted.
  [maurits]

- Rework sitemap.xml.gz to allow filtering of sitemap elements; and supply such
  a filter if LinguaPlone is installed.
  [djowett]

plone.app.locales: 4.3.11 → 4.3.12
----------------------------------
- Update French translations for plone.protect 3.0.x
  (backported from Plone 5 French translations).
  [vincentfretin]

plone.app.portlets: 2.5.5 → 2.5.6
---------------------------------
Bug fixes:

- Apply security hotfix 20160830 for redirects. Also, made sure that
  all form views have a ``referer`` property: until now some did not
  have it, some had it as property, some had it as method. [maurits]

plone.app.querystring: 1.2.10 → 1.2.11
--------------------------------------
Bug fixes:

- Import DateTimeError from DateTime.interfaces, class attribute
  DateTime.DateTimeError was removed in DateTime 3.0
  [vincentfretin]

plone.app.search: 1.1.8 → 1.1.11
--------------------------------
New features:

- Added options to change default search order.
  [rodfersou]

Bug fixes:

- Fixed sometimes failing search order tests. [maurits]

- Fix Search RSS link condition to use search_rss_enabled option and use
  rss.png instead of rss.gif that doesn't exist anymore.
  [vincentfretin]

plone.app.textfield: 1.2.7 → 1.2.8
----------------------------------
New features:

- Enable the ``RichText`` field to work together with a simple ``ITextAreaWidget``.
  [jensens]

Bug fixes:

- Cleanup:
  Use more zope.interface decorators,
  add utf8 headers,
  isort imports,
  zcml conditions are enough.
  [jensens]

plone.app.upgrade: 1.3.27 → 2.0.0
---------------------------------

plone.app.users: 1.2.4 → 1.2.5
------------------------------
Bug fixes:

- Give a 404 when the user-information form is called with a not
  existing userid. [maurits]

- Don't show unescaped user id in user-information form.
  This applies PloneHotfix20160830. [maurits]

plone.app.uuid: 1.1.1 → 1.1.3
-----------------------------
Bug fixes:

- Fix test in Zope 4.
  [davisagli]

- Update code to follow Plone styleguide.
  [gforcada]

plone.alterego: 1.0.1 → 1.1.1
-----------------------------
New features:

- Add compatibility with Python 3. [datakurre]

Bug fixes:

- Update code to follow Plone styleguide.
  [gforcada]

plone.behavior: 1.1.2 → 1.1.4
-----------------------------
New features:

- Support Python 3. [davisagli]

Bug fixes:

- Add already introduced attribute ``name`` to interface IBehavior.
  This was missing.
  Also modernized other IBehavior interface descriptions a bit.
  [jensens]

plone.browserlayer: 2.1.6 → 2.1.7
---------------------------------
Bug fixes:

- Removed ZopeTestCase. We were importing from it but not using it...
  [ivanteoh, maurits]

plone.cachepurging: 1.0.12 → 1.0.13
-----------------------------------
Bug fixes:

- Code-Style: isort, utf8-headers, zca-decorators, manual cleanup.
  [jensens]

plone.dexterity: 2.2.7 → 2.2.8
------------------------------
Bug fixes:

- Fix error when copying DX containers with AT children which caused the
  children to not have the UID updated properly. [jone]

plone.locking: 2.0.9 → 2.0.10
-----------------------------
Bug fixes:

- Update README.rst with Compatibility
  [djowett]

plone.namedfile: 3.0.9 → 3.0.10
-------------------------------
New features:

- Add Pdata storage
  [vangheem]

plone.outputfilters: 1.15.1 → 1.15.3
------------------------------------
New features:

- Added ``tel:`` to ignored link types.
  [julianhandl]

Bug fixes:

- Do not transform a and img tags when inside script tag.
  [gotcha]

- Explicitly exclude ``mailto:`` links from being UID-resolved.
  [thet]

plone.portlets: 2.2.3 → 2.3
---------------------------
New features:

- Support Python 3. [davisagli]

plone.registry: 1.0.4 → 1.0.5
-----------------------------
Bug fixes:

- Fix endless recursion on getting values from broken records proxy objects
  This fixes https://github.com/plone/plone.registry/issues/13.
  [tomgross, maurits]

plone.resource: 1.0.6 → 1.2.1
-----------------------------
New features:

- Fire events on resources creation/modification
  [jpgimenez, ebrehault]

- Use ``mimetypes_registry`` utility to dertermine mimetype if available.
  [jensens]

Bug fixes:

- 'unittest2' is a test dependency, make this explicit in setup.py.
  [jensens]

- Remove duplicte import
  [jensens]

- Add coding headers on python files.
  [gforcada]

- Applied 20160830 security hotfix. [maurits]

plone.scale: 1.4.1 → 1.4.2
--------------------------
Bug fixes:

- When getting an outdated scale, don't throw it away when there is no
  factory. [maurits]

- Avoid TypeErrors when looking for outdated scales.
  Fixes `issue 12 <https://github.com/plone/plone.scale/issues/12>`_.
  [maurits]

- Catch KeyError when deleting non existing scale. This can happen in corner cases.
  Fixes `issue 15 <https://github.com/plone/plone.scale/issues/15>`_.
  [maurits]

- Set ``zip_safe=False`` in ``setup.py``. Otherwise you cannot run
  the tests of the released package because the test runner does not
  find any tests in the egg file. Note that this is only a problem in
  zc.buildout 1.x: it uses unzip=False by default. zc.buildout 2.x no
  longer has this option and always unzips eggs. [maurits]

plone.schemaeditor: 1.3.11 → 1.4.1
----------------------------------
Bug fixes:

- Re-add overlay registration for Plone 4 accidentally removed in 1.4.
  [seanupton]

- Make tests and mocks for plone keyring work fine for both plone.protect
  2.x and 3.x. This required adding test dependency on lxml, as
  plone.protect 3.x transform outputs HTML varying from 2.x.
  [seanupton]

- Backport doctest (functional/browser) fix for choices from 2.0.
  [seanupton]

- Auto-include plone.protect in ZCML, so that tests will run (backport).
  [seanupton]

- Use window.href.pathname for re-order URL construction, to avoid muddled
  URL concatenation conflicting with authenticator token possibly in
  querystring.
  [seanupton]

- Removed debugger statement from schemaeditor.js.
  [seanupton]

- Backport field reorder compatbility fixes from 2.0.3 for jquery.event
  drag and drop (vangheem).
  [seanupton]

- Backport CSRF protection from plone.schemaeditor 2.0.2, for AJAX
  compatibility with plone.protect 3.0.x in Plone 4.3.x.
  [seanupton]

- Fix for cases where _authenticator is injected into the
  querystring of the URL; in such cases, we get appropriate base URL.
  This may be particular to use of plone.protect 3.0.x in Plone 4, in
  some circumstances.
  [seanupton]

plone.stringinterp: 1.0.13 → 1.0.14
-----------------------------------
New features:

- Provide a ContextWrapper adapter in order to easily pass custom messages
  to StringInterpoator
  [avoinea]

plone.subrequest: 1.7.0 → 1.8
-----------------------------
New features:

- Provide an exception-handler for rewriting Unauthorized to 401's.
  [jensens]

plone.synchronize: 1.0.1 → 1.0.2
--------------------------------
New features:

- Test Python 3 compatibility.
  [datakurre]

plone4.csrffixes: 1.0.9 → 1.1
-----------------------------

z3c.form: 3.2.9 → 3.2.11
------------------------
- Fix TypeError: object of type 'generator' has no ``len()``.
  Happens with z3c.formwidget.query. [maurits]

- Turned ``items`` into a property again on all widgets.
  For the select widget it was a method since 2.9.0.
  For the radio and checkbox widgets it was a method since 3.2.10.
  For orderedselect and multi it was always a property.
  Fixes https://github.com/zopefoundation/z3c.form/issues/44
  [maurits]

- Removed ``z3c.coverage`` from ``test`` extra. [gforcada, maurits]

- RadioWidget items are better determined when they are needed [agroszer]

- CheckBoxWidget items are better determined when they are needed [agroszer]

- Bugfix: The ``ChoiceTerms`` adapter blindly assumed that the passed in field
  is unbound, which is not necessarily the case in interesting ObjectWidget
  scenarios. Not it checks for a non-None field context first. [srichter]

plone.app.event: 1.1.6 → 1.1.8
------------------------------
Bug fixes:

- Do not index `sync_uid`, `start` and `end` fields if they are empty.
  [bsuttor]

- Fix bug when an event is in creation and has not yet uid.
  [bsuttor]

plone.app.referenceablebehavior: 0.7.5 → 0.7.6
----------------------------------------------
Bug fixes:

- Add coding header on python files.
  [gforcada]

plone.formwidget.autocomplete: 1.2.10 → 1.2.11
----------------------------------------------
Bug fixes:

- Better handling of undefined data
  [agitator]

Products.LinguaPlone: 4.1.5 → 4.1.8
-----------------------------------
Bug fixes:

- Fix Home link in the translationbrowser_popup template to point to
  navigation root, not the site root.
  [vincentfretin]

- Add tests for sitemap
  [djowett]

- Fixed bug where even Manager could not view a folder with private default page.
  Fixes https://github.com/plone/Products.CMFPlone/issues/1822
  [maurits]

- Fixed CSRF protection bug on @@language-setup-folders view.
  [syzn]

- Show also current language link in header hreflang links.
  [erral]