Plone

Plone 4.3.20

  1. Series 4.3
  2. 4.3.20

Milestone information

Project:
Plone
Series:
4.3
Version:
4.3.20
Released:
 
Registrant:
Maurits van Rees
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
No bugs are targeted to this milestone.

Download files for this release

File Description Downloads

Release notes 

Release notes Plone 4.3.20

This is the last ever release of the Plone 4.3 series!
You should be moving to Plone 5.2 by now.
See also the release schedule: https://plone.org/download/release-schedule

Note that support for Python 2.6 was dropped a while ago.
It might still work, but you should use Python 2.7.

Some highlights of 4.3.20 are:

- Integrated PloneHotfix20200121 for increased security.

- Moved the security check if a url is in the portal to a small separate package: Products.isurlinportal.
  You can immediately use this on Plone 4.3 and higher.
  Keep an eye on updates for this package: newer versions will increase the security.
  Often the impact of fixes is too small to warrant a real security hotfix package,
  but we want to do more regular fixes here.

- Use Products.isurlinportal 1.1.0 with security hardening against whitespace:
  https://github.com/plone/Products.isurlinportal/issues/1

- Removed broken X-XSS-Protection header from classic theme and unstyled theme.

- Products.PluggableAuthService:
  Added new events to be able to notify when a principal is added to or removed from a group.
  Notify these events when principals are added or removed to a group in ZODBGroupManager.
  See https://github.com/zopefoundation/Products.PluggableAuthService/issues/17

- z3c.autoinclude:
  When environment variable Z3C_AUTOINCLUDE_DEBUG is set,
  log which packages are being automatically included.

Changelog 

View the full changelog

plone.recipe.alltests: 1.5.1 → 1.5.2
------------------------------------
Bug fixes:

- Minor packaging updates. (#1)

plone.app.robotframework: 1.2.3 → 1.2.4
---------------------------------------
Bug fixes:

- Reverted change in 1.2.1 for 'Log in' keyword which failed in Plone 4.3.
  Fixes `issue 107 <https://github.com/plone/plone.app.robotframework/issues/107>`_.
  [maurits]

lxml: 4.2.1 → 4.2.6
-------------------

Plone: 4.3.19 → 4.3.20
----------------------
New features:

- Release Plone 4.3.20.
  This will be the last release in the 4.3 series.
  See also the `Plone release schedule <https://plone.org/download/release-schedule>`_.
  [maurits]

Products.Archetypes: 1.9.20 → 1.9.21
------------------------------------
Bug fixes:

- textcount.js support for jquery>1.6.

  make it impossible to enter text longer than ``maxlimit``
  by replacing ``maxlimit alert()`` with highlighting textcountfield.
  [vkarppinen] (#93)

Products.CMFPlone: 4.3.19 → 4.3.20
----------------------------------
Bug fixes:

- Removed broken ``X-XSS-Protection`` header.
  [maurits] (#2964)

- Merge Hotfix20200121: isURLInPortal could be tricked into accepting malicious links. (#3021)

- Merge Hotfix20200121 Check of the strenth of password could be skipped. (#3021)

- Depend on new package ``Products.isurlinportal``.
  This contains the ``isURLInPortal`` method that was split off from our ``URLTool``.
  See `issue 3150 <https://github.com/plone/Products.CMFPlone/issues/3150>`_.
  [maurits] (#3150)

- Increased metadata version to 4322, to trigger Plone upgrade for Plone 4.3.20.
  This is the last release ever of the Plone 4.3.x line.
  See also the `Plone release schedule <https://plone.org/download/release-schedule>`_.
  [maurits] (#3166)

Products.GenericSetup: 1.8.10 → 1.8.11
--------------------------------------
Bug fixes:

- Force saving unpersisted changes in toolset registry.
  Fixes `issue 86 <https://github.com/zopefoundation/Products.GenericSetup/issues/86>`_.

- No longer test on Python 2.6.

Products.PloneLanguageTool: 3.2.9 → 3.2.10
------------------------------------------
Bug fixes:

- Minor packaging updates. (#1)

Products.PluggableAuthService: 1.11.2 → 1.11.3
----------------------------------------------
- Add new events to be able to notify when a principal is added to
  or removed from a group. Notify these events when principals are
  added or removed to a group in ZODBGroupManager
  (`#17 <https://github.com/zopefoundation/Products.PluggableAuthService/issues/17>`_)

Products.ZSQLMethods: 2.13.5 → 2.13.6
-------------------------------------

archetypes.referencebrowserwidget: 2.5.10 → 2.5.11
--------------------------------------------------
Bug fixes:

- Minor packaging updates. [various] (#1)

collective.monkeypatcher: 1.2 → 1.2.1
-------------------------------------
Bug fixes:

- Minor packaging updates. [various] (#1)

collective.z3cform.datetimewidget: 1.2.8 → 1.2.9
------------------------------------------------
Bug fixes:

- Removed compiled ``.mo`` files from repository.
  I will create a new release, which should still contain those, including the missing Dutch ``.mo`` file.
  [maurits]

plone.app.imaging: 1.0.13 → 1.0.14
----------------------------------
Bug fixes:

- Fix IOError: cannot write mode RGBA as JPEG on ImageField scale
  [avoinea]

plone.app.locales: 4.3.16 → 4.3.17
----------------------------------
- Backport new translations from Plone 5.2.
  [vincentfretin]

plone.app.querystring: 1.2.12 → 1.2.13
--------------------------------------
Bug fixes:

- Integer criterions: try to convert all input to integers.
  Most notably this did not happen for unicode on Python 2.
  So a ``u"42"`` was passed as value to the catalog query, and this matched either all or nothing.
  [maurits] (#93)

plone.app.upgrade: 1.4.6 → 1.4.7
--------------------------------
Bug fixes:

- Added null upgrade step to 4322, the metadata version of Plone 4.3.20.
  [maurits] (#3166)

plone.alterego: 1.1.3 → 1.1.5
-----------------------------
Bug fixes:

- Minor packaging updates. (#1)

- Minor packaging updates. [various] (#1)

plone.behavior: 1.3.0 → 1.3.2
-----------------------------
Bug fixes:

- Minor packaging updates. (#1)

- Improved documentation. [jensens] (#0)

plone.contentrules: 2.0.9 → 2.0.10
----------------------------------
Bug fixes:

- Minor packaging updates. (#1)

plone.indexer: 1.0.6 → 1.0.7
----------------------------
Bug fixes:

- Minor packaging updates. (#1)

plone.intelligenttext: 3.0.0 → 3.1.0
------------------------------------
New features:

- Drop Python 2.6 support from tests.
  Start testing on 3.7 and 3.8.
  [maurits] (#9)

plone.reload: 3.0.0 → 3.0.1
---------------------------
Bug fixes:

- Minor packaging updates.

plone.subrequest: 1.8.6 → 1.8.7
-------------------------------
Bug fixes:

- Restored to 1.8.4 version. Kept only the optional Archetypes test dependency.
  Plone 4.3, 5,0 and 5.1 do not need the Python 3 and Zope 4 fixes, and may give errors.
  Plone 5.2 does not use this branch.
  Fixes `issue 2995 <https://github.com/plone/Products.CMFPlone/issues/2995>`_. [maurits]

plone.synchronize: 1.0.3 → 1.0.4
--------------------------------
New features:

- Drop Python 2.6 support.
  Support 2.7, 3.5-3.8, PyPy2/3.
  Added tox for local testing.
  [maurits] (#2)

plone.uuid: 1.0.5 → 1.0.6
-------------------------
Bug fixes:

- Minor packaging updates. (#1)

plonetheme.classic: 1.5.0 → 1.5.1
---------------------------------
Bug fixes:

- Removed broken ``X-XSS-Protection`` header.
  Fixes `issue 2964 <https://github.com/plone/Products.CMFPlone/issues/2964>`_.
  [maurits]

z3c.autoinclude: 0.3.9 → 0.4.0
------------------------------
Breaking changes:

- Drop support for Python 3.4.

New features:

- When environment variable ``Z3C_AUTOINCLUDE_DEBUG`` is set,
  log which packages are being automatically included.
  Do this in a form that you can copy to a ``configure.zcml`` file.

- Add support for Python 3.8.

collective.z3cform.datagridfield: 1.3.1 → 1.3.3
-----------------------------------------------

grokcore.component: 2.5 → 2.5.1
-------------------------------

plone.app.contenttypes: 1.1.6 → 1.1.9
-------------------------------------

plone.app.event: 1.1.12 → 1.1.13
--------------------------------
Bug fixes:

- Fixed Spanish translations. [Corina Riba] (#0)

plone.app.lockingbehavior: 1.0.5 → 1.0.7
----------------------------------------

plone.app.referenceablebehavior: 0.7.7 → 0.7.8
----------------------------------------------
Bug fixes:

- Minor packaging updates. (#1)

plone.api: 1.10.0 → 1.10.2
--------------------------
Bug fixes:

- Minor packaging updates. (#1)

- Remove deprecation warnings [ale-rt] (#432)

- In tests, use stronger password.
  [maurits] (#436)

- Removed duplicate and failing inline doctest for content.find.
  [maurits] (#437)

plone.formwidget.autocomplete: 1.3.0 → 1.4.0
--------------------------------------------
New features:

- Add Plone 5 compatibility
  [laulaz]

plone.formwidget.contenttree: 1.1.0 → 1.2.0
-------------------------------------------
New features:

- Added Python 3 compatibility. [cekk]

plone.app.blocks: 4.3.0 → 4.3.2
-------------------------------

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.