Plone 4.3.12
There may be hotfixes applicable to this release. Always check the Plone Hotfix page before production deployment.
Release notes
License | GPL |
---|---|
Date released | 2017-03-15 |
Release manager | Eric Steele |
Windows users: use the Vagrant kit. We anticipate having a binary Windows installer for later releases.
OS X users: use the Vagrant kit or install XCode command-line tools and use the Unified Installer.
Automated provisioning: See Plone's Ansible Playbook for a full-stack installation kit.
Downloads
Changes
collective.recipe.template: 1.9 → 1.13
setuptools: 20.1.1 → 26.1.1
mr.developer: 1.33 → 1.34
plone.recipe.zeoserver: 1.2.9 → 1.3
New features:
- Add support for log rotation.
[hvelarde]
Bug fixes:
- Typo in documentation. [ale-rt]
plone.recipe.zope2instance: 4.2.21 → 4.2.22
Bug fixes:
- Add coding headers on python files.
[gforcada]
plone.app.robotframework: 1.0 → 1.0.1
Bug fixes:
- fix broken links
[staeff]
Plone: 4.3.11 → 4.3.12
New features:
- Release Plone 4.3.12
Products.Archetypes: 1.9.12 → 1.9.13
Bug fixes:
-
no allowable_content_types for description (avoid validation)
[tschorr] -
add item here
Products.CMFDiffTool: 2.2.0 → 2.2.1
Bug fixes:
- Fix error when showing changes to objects of type "set" [deankarlen]
Products.CMFDynamicViewFTI: 4.1.4 → 4.1.5
Bug fixes:
- Don't instantiate browser view to check for existence.
[malthe]
Products.CMFEditions: 2.2.21 → 2.2.23
Bug fixes:
-
In ShadowStorage's
isRegistered
andgetHistory
methods,
avoid checking for a history_id of None in the storage's BTree.
This fixes compatibility with BTrees 4.x,
which disallows comparing keys to None.
[davisagli] -
Fix deprecated import from Globals that is changed in Zope4.
[pbauer] -
Do not log using plone restricted python logging script.
[jensens]
Products.CMFFormController: 3.0.6 → 3.0.8
Bug fixes:
-
Applied security hotfix 20160830 for
redirect_to
. This action
refuses to redirect to unknown external sites. Added
external_redirect_to
action in case someone does need to
redirect to an external site. This option is also there in the
hotfix. [maurits] -
Move patch from plone.protect 3.x to Actions.RedirectTo so it allows ATContentTypes add forms to append auth token.
Issue https://github.com/plone/Products.CMFPlone/issues/1335
[staeff, fredvd]
Products.CMFPlacefulWorkflow: 1.5.13 → 1.5.14
Bug fixes:
- Fixed workflow tests for new
comment_one_state_workflow
. [maurits]
Products.CMFPlone: 4.3.11 → 4.3.12
New features:
-
Added
ok
view. This is useful for automated checks, for example
httpok, to see if the site is still available. It returns the text
OK
and sets headers to avoid caching.
[maurits] -
Add sort_on field to search controlpanel.
[rodfersou]
Bug fixes:
-
Added security checks for
str.format
. Part of PloneHotfix20170117. [maurits] -
Fixed workflow tests for new
comment_one_state_workflow
. [maurits] -
Fix base tag differs from actual URL (fixes
#86
_).
[rodfersou] -
Load some patches earlier, instead of in our initialize method.
This is part of PloneHotfix20161129.
[maurits] -
Apply security hotfix 20160830 for
z3c.form
widgets. [maurits] -
Fixed tests in combination with newer CMFFormController which has the hotfix. [maurits]
-
Apply security hotfix 20160830 for
@@plone-root-login
. [maurits] -
Apply security hotfix 20160830 for
isURLInPortal
. [maurits] -
Include inactive content in worklists. [sebasgo]
Products.CMFQuickInstallerTool: 3.0.13 → 3.0.15
Bug fixes:
-
Fix imports since Globals was removed in Zope4
[pbauer] -
Added link to the Add-ons control panel in the QI ZMI form.
And say the form itself is deprecated.
[maurits] -
Apply security hotfix 20160830 for
installProducts
redirection.
On top of that, we require a POST request. [maurits]
Products.contentmigration: 2.1.13 → 2.1.15
Bug fixes:
-
Errors has been dropped/deprecated errors from OFS.CopySupport.
[tschorr] -
Remove unused import of Archetypes. [davisagli]
Products.DCWorkflow: 2.2.4 → 2.2.5
Products.ExternalEditor: 1.1.0 → 1.1.3
-
Fixed reflective XSS in findResult.
This applies PloneHotfix20170117. [maurits] -
Quote variable in manage_tabs to avoid XSS.
From Products.PloneHotfix20160830. [maurits] -
Reverted dtml to older Zope 2.12/2.13. Version 2.0.0 had changes
for Zope trunk that were making the management interface ugly
(missing icons) in older Zopes. So there now is a branch 1.1.x to
support those versions. Note that our code patches
OFS.ObjectManager.manage_main
and
App.Management.Tabs.manage_tabs
, adding external edit icons to
those files. -
Moved code to https://github.com/zopefoundation/Products.ExternalEditor
Products.GenericSetup: 1.8.3 → 1.8.6
-
Added a
purge_old
option to the tarball import form.
By default this option is checked, which matches the previous behavior.
If you uncheck it, this avoids purging old settings for any import step
that is run. [maurits] -
Stopped using a form library to render the components form.
-
Made
_profile_upgrade_versions
a PersistentMapping. When
(un)setLastVersionForProfile
is called, we migrate the original
Python dictionary. This makes some code easier and plays nicer with
transactions, which may especially help during tests. [maurits]
Products.PlacelessTranslationService: 2.0.6 → 2.0.7
Bug fixes:
- Fix import from Globals that is removed in Zope4.
[pbauer]
Products.PlonePAS: 5.0.11 → 5.0.13
Bug fixes:
-
In getMemberInfo, if a property is not present it now returns an
empty string, rather than raising an exception. This fixes login for
sites that have location removed.
[MatthewWilkes] -
Depend on plone.protect 2.0.3 or higher.
Fixes https://github.com/plone/Products.PlonePAS/issues/21
[maurits]
Products.TinyMCE: 1.3.23 → 1.3.25
Bug fixes:
-
Allow HTML 5.1 allowfullscreen attribute for iframe. This is needed for
some embed videos to allow full screen functionality.
[vincentfretin] -
Breadcrumbs on browser plugin will not longer be emtpy when one of the parents
is not accessible. See#150
_.
[keul]
Products.ZSQLMethods: 2.13.4 → 2.13.5
Products.statusmessages: 4.1.1 → 4.1.2
Bug fixes:
- Fix deprecated import in test.
[pbauer]
plone.app.collection: 1.0.13 → 1.0.15
Bug fixes:
-
Fix summary view for results with Discussion Items
[ichim-david] -
Check with getattr if item isPrincipiaFolderish as Comment does
not have this attribute which would render an AttributeError
[ichim-david] -
Make formatting of start & end dates in tabular view consistent with other
dates
[djowett]
plone.app.content: 2.1.5 → 2.1.7
Bug fixes:
-
Removed registry settings for download behaviour of blobs based on mimetype patterns.
This was missing support in upgrades, and was not used in core,
and did not end up in Plone 5.0 or 5.1. So let's not use it in a version for Plone 4.3.
Seeissue 119 <https://github.com/plone/plone.app.content/issues/119>
_.
[maurits] -
Apply security hotfix 20160830 for folder factories redirection. [maurits]
-
Added registry settings for download behaviour of blobs based on mimetype patterns. [djay]
plone.app.controlpanel: 2.3.9 → 2.3.11
New features:
- Added options to change default search order.
[rodfersou]
Bug fixes:
- Fix tests for syndication control panel to pass also with
new plone.app.registry versions
[Asko Soukka]
plone.app.discussion: 2.2.18 → 2.2.20
Bug fixes:
-
Make comment on private content not publicly available in search results.
Part of PloneHotfix20161129. [vangheem, maurits] -
Apply security hotfix 20160830 for redirects. [maurits]
plone.app.iterate: 2.1.17 → 2.1.18
Bug fixes:
- Remove broken references when making checkout.
Fixes issue30 <https://github.com/plone/plone.app.iterate/issues/30>
_.
[maurits]
plone.app.jquerytools: 1.8.0 → 1.9.0
New features:
- An overlay registered by the prepOverlay function can now be optionally be
triggered by a hover or doubleclick event, instead of click.
[petri]
plone.app.layout: 2.3.15 → 2.3.17
Bug fixes:
-
Fix error in viewlet when related dexterity item has been deleted.
[maurits] -
Rework sitemap.xml.gz to allow filtering of sitemap elements; and supply such
a filter if LinguaPlone is installed.
[djowett]
plone.app.locales: 4.3.11 → 4.3.12
- Update French translations for plone.protect 3.0.x
(backported from Plone 5 French translations).
[vincentfretin]
plone.app.portlets: 2.5.5 → 2.5.6
Bug fixes:
- Apply security hotfix 20160830 for redirects. Also, made sure that
all form views have areferer
property: until now some did not
have it, some had it as property, some had it as method. [maurits]
plone.app.querystring: 1.2.10 → 1.2.11
Bug fixes:
- Import DateTimeError from DateTime.interfaces, class attribute
DateTime.DateTimeError was removed in DateTime 3.0
[vincentfretin]
plone.app.search: 1.1.8 → 1.1.11
New features:
- Added options to change default search order.
[rodfersou]
Bug fixes:
-
Fixed sometimes failing search order tests. [maurits]
-
Fix Search RSS link condition to use search_rss_enabled option and use
rss.png instead of rss.gif that doesn't exist anymore.
[vincentfretin]
plone.app.textfield: 1.2.7 → 1.2.8
New features:
- Enable the
RichText
field to work together with a simpleITextAreaWidget
.
[jensens]
Bug fixes:
- Cleanup:
Use more zope.interface decorators,
add utf8 headers,
isort imports,
zcml conditions are enough.
[jensens]
plone.app.upgrade: 1.3.27 → 2.0.0
plone.app.users: 1.2.4 → 1.2.5
Bug fixes:
-
Give a 404 when the user-information form is called with a not
existing userid. [maurits] -
Don't show unescaped user id in user-information form.
This applies PloneHotfix20160830. [maurits]
plone.app.uuid: 1.1.1 → 1.1.3
Bug fixes:
-
Fix test in Zope 4.
[davisagli] -
Update code to follow Plone styleguide.
[gforcada]
plone.alterego: 1.0.1 → 1.1.1
New features:
- Add compatibility with Python 3. [datakurre]
Bug fixes:
- Update code to follow Plone styleguide.
[gforcada]
plone.behavior: 1.1.2 → 1.1.4
New features:
- Support Python 3. [davisagli]
Bug fixes:
- Add already introduced attribute
name
to interface IBehavior.
This was missing.
Also modernized other IBehavior interface descriptions a bit.
[jensens]
plone.browserlayer: 2.1.6 → 2.1.7
Bug fixes:
- Removed ZopeTestCase. We were importing from it but not using it...
[ivanteoh, maurits]
plone.cachepurging: 1.0.12 → 1.0.13
Bug fixes:
- Code-Style: isort, utf8-headers, zca-decorators, manual cleanup.
[jensens]
plone.dexterity: 2.2.7 → 2.2.8
Bug fixes:
- Fix error when copying DX containers with AT children which caused the
children to not have the UID updated properly. [jone]
plone.locking: 2.0.9 → 2.0.10
Bug fixes:
- Update README.rst with Compatibility
[djowett]
plone.namedfile: 3.0.9 → 3.0.10
New features:
- Add Pdata storage
[vangheem]
plone.outputfilters: 1.15.1 → 1.15.3
New features:
- Added
tel:
to ignored link types.
[julianhandl]
Bug fixes:
-
Do not transform a and img tags when inside script tag.
[gotcha] -
Explicitly exclude
mailto:
links from being UID-resolved.
[thet]
plone.portlets: 2.2.3 → 2.3
New features:
- Support Python 3. [davisagli]
plone.registry: 1.0.4 → 1.0.5
Bug fixes:
- Fix endless recursion on getting values from broken records proxy objects
This fixes https://github.com/plone/plone.registry/issues/13.
[tomgross, maurits]
plone.resource: 1.0.6 → 1.2.1
New features:
-
Fire events on resources creation/modification
[jpgimenez, ebrehault] -
Use
mimetypes_registry
utility to dertermine mimetype if available.
[jensens]
Bug fixes:
-
'unittest2' is a test dependency, make this explicit in setup.py.
[jensens] -
Remove duplicte import
[jensens] -
Add coding headers on python files.
[gforcada] -
Applied 20160830 security hotfix. [maurits]
plone.scale: 1.4.1 → 1.4.2
Bug fixes:
-
When getting an outdated scale, don't throw it away when there is no
factory. [maurits] -
Avoid TypeErrors when looking for outdated scales.
Fixesissue 12 <https://github.com/plone/plone.scale/issues/12>
_.
[maurits] -
Catch KeyError when deleting non existing scale. This can happen in corner cases.
Fixesissue 15 <https://github.com/plone/plone.scale/issues/15>
_.
[maurits] -
Set
zip_safe=False
insetup.py
. Otherwise you cannot run
the tests of the released package because the test runner does not
find any tests in the egg file. Note that this is only a problem in
zc.buildout 1.x: it uses unzip=False by default. zc.buildout 2.x no
longer has this option and always unzips eggs. [maurits]
plone.schemaeditor: 1.3.11 → 1.4.1
Bug fixes:
-
Re-add overlay registration for Plone 4 accidentally removed in 1.4.
[seanupton] -
Make tests and mocks for plone keyring work fine for both plone.protect
2.x and 3.x. This required adding test dependency on lxml, as
plone.protect 3.x transform outputs HTML varying from 2.x.
[seanupton] -
Backport doctest (functional/browser) fix for choices from 2.0.
[seanupton] -
Auto-include plone.protect in ZCML, so that tests will run (backport).
[seanupton] -
Use window.href.pathname for re-order URL construction, to avoid muddled
URL concatenation conflicting with authenticator token possibly in
querystring.
[seanupton] -
Removed debugger statement from schemaeditor.js.
[seanupton] -
Backport field reorder compatbility fixes from 2.0.3 for jquery.event
drag and drop (vangheem).
[seanupton] -
Backport CSRF protection from plone.schemaeditor 2.0.2, for AJAX
compatibility with plone.protect 3.0.x in Plone 4.3.x.
[seanupton] -
Fix for cases where _authenticator is injected into the
querystring of the URL; in such cases, we get appropriate base URL.
This may be particular to use of plone.protect 3.0.x in Plone 4, in
some circumstances.
[seanupton]
plone.stringinterp: 1.0.13 → 1.0.14
New features:
- Provide a ContextWrapper adapter in order to easily pass custom messages
to StringInterpoator
[avoinea]
plone.subrequest: 1.7.0 → 1.8
New features:
- Provide an exception-handler for rewriting Unauthorized to 401's.
[jensens]
plone.synchronize: 1.0.1 → 1.0.2
New features:
- Test Python 3 compatibility.
[datakurre]
plone4.csrffixes: 1.0.9 → 1.1
z3c.form: 3.2.9 → 3.2.11
-
Fix TypeError: object of type 'generator' has no
len()
.
Happens with z3c.formwidget.query. [maurits] -
Turned
items
into a property again on all widgets.
For the select widget it was a method since 2.9.0.
For the radio and checkbox widgets it was a method since 3.2.10.
For orderedselect and multi it was always a property.
Fixes https://github.com/zopefoundation/z3c.form/issues/44
[maurits] -
Removed
z3c.coverage
fromtest
extra. [gforcada, maurits] -
RadioWidget items are better determined when they are needed [agroszer]
-
CheckBoxWidget items are better determined when they are needed [agroszer]
-
Bugfix: The
ChoiceTerms
adapter blindly assumed that the passed in field
is unbound, which is not necessarily the case in interesting ObjectWidget
scenarios. Not it checks for a non-None field context first. [srichter]
plone.app.event: 1.1.6 → 1.1.8
Bug fixes:
-
Do not index
sync_uid
,start
andend
fields if they are empty.
[bsuttor] -
Fix bug when an event is in creation and has not yet uid.
[bsuttor]
plone.app.referenceablebehavior: 0.7.5 → 0.7.6
Bug fixes:
- Add coding header on python files.
[gforcada]
plone.formwidget.autocomplete: 1.2.10 → 1.2.11
Bug fixes:
- Better handling of undefined data
[agitator]
Products.LinguaPlone: 4.1.5 → 4.1.8
Bug fixes:
-
Fix Home link in the translationbrowser_popup template to point to
navigation root, not the site root.
[vincentfretin] -
Add tests for sitemap
[djowett] -
Fixed bug where even Manager could not view a folder with private default page.
Fixes https://github.com/plone/Products.CMFPlone/issues/1822
[maurits] -
Fixed CSRF protection bug on @@language-setup-folders view.
[syzn] -
Show also current language link in header hreflang links.
[erral]