Plone 4.3.12

There may be hotfixes applicable to this release. Always check the Plone Hotfix page before production deployment.

Release notes

LicenseGPL
Date released2017-03-15
Release managerEric Steele

Windows users: use the Vagrant kit. We anticipate having a binary Windows installer for later releases.

OS X users: use the Vagrant kit or install XCode command-line tools and use the Unified Installer.

Automated provisioning: See Plone's Ansible Playbook for a full-stack installation kit.

Downloads

Changes

collective.recipe.template: 1.9 → 1.13

setuptools: 20.1.1 → 26.1.1

mr.developer: 1.33 → 1.34

plone.recipe.zeoserver: 1.2.9 → 1.3

New features:
  • Add support for log rotation.
    [hvelarde]
Bug fixes:
  • Typo in documentation. [ale-rt]

plone.recipe.zope2instance: 4.2.21 → 4.2.22

Bug fixes:
  • Add coding headers on python files.
    [gforcada]

plone.app.robotframework: 1.0 → 1.0.1

Bug fixes:
  • fix broken links
    [staeff]

Plone: 4.3.11 → 4.3.12

New features:
  • Release Plone 4.3.12

Products.Archetypes: 1.9.12 → 1.9.13

Bug fixes:
  • no allowable_content_types for description (avoid validation)
    [tschorr]

  • add item here

Products.CMFDiffTool: 2.2.0 → 2.2.1

Bug fixes:
  • Fix error when showing changes to objects of type "set" [deankarlen]

Products.CMFDynamicViewFTI: 4.1.4 → 4.1.5

Bug fixes:
  • Don't instantiate browser view to check for existence.
    [malthe]

Products.CMFEditions: 2.2.21 → 2.2.23

Bug fixes:
  • In ShadowStorage's isRegistered and getHistory methods,
    avoid checking for a history_id of None in the storage's BTree.
    This fixes compatibility with BTrees 4.x,
    which disallows comparing keys to None.
    [davisagli]

  • Fix deprecated import from Globals that is changed in Zope4.
    [pbauer]

  • Do not log using plone restricted python logging script.
    [jensens]

Products.CMFFormController: 3.0.6 → 3.0.8

Bug fixes:
  • Applied security hotfix 20160830 for redirect_to. This action
    refuses to redirect to unknown external sites. Added
    external_redirect_to action in case someone does need to
    redirect to an external site. This option is also there in the
    hotfix. [maurits]

  • Move patch from plone.protect 3.x to Actions.RedirectTo so it allows ATContentTypes add forms to append auth token.
    Issue https://github.com/plone/Products.CMFPlone/issues/1335
    [staeff, fredvd]

Products.CMFPlacefulWorkflow: 1.5.13 → 1.5.14

Bug fixes:
  • Fixed workflow tests for new comment_one_state_workflow. [maurits]

Products.CMFPlone: 4.3.11 → 4.3.12

New features:
  • Added ok view. This is useful for automated checks, for example
    httpok, to see if the site is still available. It returns the text
    OK and sets headers to avoid caching.
    [maurits]

  • Add sort_on field to search controlpanel.
    [rodfersou]

Bug fixes:
  • Added security checks for str.format. Part of PloneHotfix20170117. [maurits]

  • Fixed workflow tests for new comment_one_state_workflow. [maurits]

  • Fix base tag differs from actual URL (fixes #86_).
    [rodfersou]

  • Load some patches earlier, instead of in our initialize method.
    This is part of PloneHotfix20161129.
    [maurits]

  • Apply security hotfix 20160830 for z3c.form widgets. [maurits]

  • Fixed tests in combination with newer CMFFormController which has the hotfix. [maurits]

  • Apply security hotfix 20160830 for @@plone-root-login. [maurits]

  • Apply security hotfix 20160830 for isURLInPortal. [maurits]

  • Include inactive content in worklists. [sebasgo]

Products.CMFQuickInstallerTool: 3.0.13 → 3.0.15

Bug fixes:
  • Fix imports since Globals was removed in Zope4
    [pbauer]

  • Added link to the Add-ons control panel in the QI ZMI form.
    And say the form itself is deprecated.
    [maurits]

  • Apply security hotfix 20160830 for installProducts redirection.
    On top of that, we require a POST request. [maurits]

Products.contentmigration: 2.1.13 → 2.1.15

Bug fixes:
  • Errors has been dropped/deprecated errors from OFS.CopySupport.
    [tschorr]

  • Remove unused import of Archetypes. [davisagli]

Products.DCWorkflow: 2.2.4 → 2.2.5

Products.ExternalEditor: 1.1.0 → 1.1.3

  • Fixed reflective XSS in findResult.
    This applies PloneHotfix20170117. [maurits]

  • Quote variable in manage_tabs to avoid XSS.
    From Products.PloneHotfix20160830. [maurits]

  • Reverted dtml to older Zope 2.12/2.13. Version 2.0.0 had changes
    for Zope trunk that were making the management interface ugly
    (missing icons) in older Zopes. So there now is a branch 1.1.x to
    support those versions. Note that our code patches
    OFS.ObjectManager.manage_main and
    App.Management.Tabs.manage_tabs, adding external edit icons to
    those files.

  • Moved code to https://github.com/zopefoundation/Products.ExternalEditor

Products.GenericSetup: 1.8.3 → 1.8.6

  • Added a purge_old option to the tarball import form.
    By default this option is checked, which matches the previous behavior.
    If you uncheck it, this avoids purging old settings for any import step
    that is run. [maurits]

  • Stopped using a form library to render the components form.

  • Made _profile_upgrade_versions a PersistentMapping. When
    (un)setLastVersionForProfile is called, we migrate the original
    Python dictionary. This makes some code easier and plays nicer with
    transactions, which may especially help during tests. [maurits]

Products.PlacelessTranslationService: 2.0.6 → 2.0.7

Bug fixes:
  • Fix import from Globals that is removed in Zope4.
    [pbauer]

Products.PlonePAS: 5.0.11 → 5.0.13

Bug fixes:
  • In getMemberInfo, if a property is not present it now returns an
    empty string, rather than raising an exception. This fixes login for
    sites that have location removed.
    [MatthewWilkes]

  • Depend on plone.protect 2.0.3 or higher.
    Fixes https://github.com/plone/Products.PlonePAS/issues/21
    [maurits]

Products.TinyMCE: 1.3.23 → 1.3.25

Bug fixes:
  • Allow HTML 5.1 allowfullscreen attribute for iframe. This is needed for
    some embed videos to allow full screen functionality.
    [vincentfretin]

  • Breadcrumbs on browser plugin will not longer be emtpy when one of the parents
    is not accessible. See #150_.
    [keul]

Products.ZSQLMethods: 2.13.4 → 2.13.5

Products.statusmessages: 4.1.1 → 4.1.2

Bug fixes:
  • Fix deprecated import in test.
    [pbauer]

plone.app.collection: 1.0.13 → 1.0.15

Bug fixes:
  • Fix summary view for results with Discussion Items
    [ichim-david]

  • Check with getattr if item isPrincipiaFolderish as Comment does
    not have this attribute which would render an AttributeError
    [ichim-david]

  • Make formatting of start & end dates in tabular view consistent with other
    dates
    [djowett]

plone.app.content: 2.1.5 → 2.1.7

Bug fixes:
  • Removed registry settings for download behaviour of blobs based on mimetype patterns.
    This was missing support in upgrades, and was not used in core,
    and did not end up in Plone 5.0 or 5.1. So let's not use it in a version for Plone 4.3.
    See issue 119 <https://github.com/plone/plone.app.content/issues/119>_.
    [maurits]

  • Apply security hotfix 20160830 for folder factories redirection. [maurits]

  • Added registry settings for download behaviour of blobs based on mimetype patterns. [djay]

plone.app.controlpanel: 2.3.9 → 2.3.11

New features:
  • Added options to change default search order.
    [rodfersou]
Bug fixes:
  • Fix tests for syndication control panel to pass also with
    new plone.app.registry versions
    [Asko Soukka]

plone.app.discussion: 2.2.18 → 2.2.20

Bug fixes:
  • Make comment on private content not publicly available in search results.
    Part of PloneHotfix20161129. [vangheem, maurits]

  • Apply security hotfix 20160830 for redirects. [maurits]

plone.app.iterate: 2.1.17 → 2.1.18

Bug fixes:
  • Remove broken references when making checkout.
    Fixes issue 30 <https://github.com/plone/plone.app.iterate/issues/30>_.
    [maurits]

plone.app.jquerytools: 1.8.0 → 1.9.0

New features:
  • An overlay registered by the prepOverlay function can now be optionally be
    triggered by a hover or doubleclick event, instead of click.
    [petri]

plone.app.layout: 2.3.15 → 2.3.17

Bug fixes:
  • Fix error in viewlet when related dexterity item has been deleted.
    [maurits]

  • Rework sitemap.xml.gz to allow filtering of sitemap elements; and supply such
    a filter if LinguaPlone is installed.
    [djowett]

plone.app.locales: 4.3.11 → 4.3.12

  • Update French translations for plone.protect 3.0.x
    (backported from Plone 5 French translations).
    [vincentfretin]

plone.app.portlets: 2.5.5 → 2.5.6

Bug fixes:
  • Apply security hotfix 20160830 for redirects. Also, made sure that
    all form views have a referer property: until now some did not
    have it, some had it as property, some had it as method. [maurits]

plone.app.querystring: 1.2.10 → 1.2.11

Bug fixes:
  • Import DateTimeError from DateTime.interfaces, class attribute
    DateTime.DateTimeError was removed in DateTime 3.0
    [vincentfretin]

plone.app.search: 1.1.8 → 1.1.11

New features:
  • Added options to change default search order.
    [rodfersou]
Bug fixes:
  • Fixed sometimes failing search order tests. [maurits]

  • Fix Search RSS link condition to use search_rss_enabled option and use
    rss.png instead of rss.gif that doesn't exist anymore.
    [vincentfretin]

plone.app.textfield: 1.2.7 → 1.2.8

New features:
  • Enable the RichText field to work together with a simple ITextAreaWidget.
    [jensens]
Bug fixes:
  • Cleanup:
    Use more zope.interface decorators,
    add utf8 headers,
    isort imports,
    zcml conditions are enough.
    [jensens]

plone.app.upgrade: 1.3.27 → 2.0.0

plone.app.users: 1.2.4 → 1.2.5

Bug fixes:
  • Give a 404 when the user-information form is called with a not
    existing userid. [maurits]

  • Don't show unescaped user id in user-information form.
    This applies PloneHotfix20160830. [maurits]

plone.app.uuid: 1.1.1 → 1.1.3

Bug fixes:
  • Fix test in Zope 4.
    [davisagli]

  • Update code to follow Plone styleguide.
    [gforcada]

plone.alterego: 1.0.1 → 1.1.1

New features:
  • Add compatibility with Python 3. [datakurre]
Bug fixes:
  • Update code to follow Plone styleguide.
    [gforcada]

plone.behavior: 1.1.2 → 1.1.4

New features:
  • Support Python 3. [davisagli]
Bug fixes:
  • Add already introduced attribute name to interface IBehavior.
    This was missing.
    Also modernized other IBehavior interface descriptions a bit.
    [jensens]

plone.browserlayer: 2.1.6 → 2.1.7

Bug fixes:
  • Removed ZopeTestCase. We were importing from it but not using it...
    [ivanteoh, maurits]

plone.cachepurging: 1.0.12 → 1.0.13

Bug fixes:
  • Code-Style: isort, utf8-headers, zca-decorators, manual cleanup.
    [jensens]

plone.dexterity: 2.2.7 → 2.2.8

Bug fixes:
  • Fix error when copying DX containers with AT children which caused the
    children to not have the UID updated properly. [jone]

plone.locking: 2.0.9 → 2.0.10

Bug fixes:
  • Update README.rst with Compatibility
    [djowett]

plone.namedfile: 3.0.9 → 3.0.10

New features:
  • Add Pdata storage
    [vangheem]

plone.outputfilters: 1.15.1 → 1.15.3

New features:
  • Added tel: to ignored link types.
    [julianhandl]
Bug fixes:
  • Do not transform a and img tags when inside script tag.
    [gotcha]

  • Explicitly exclude mailto: links from being UID-resolved.
    [thet]

plone.portlets: 2.2.3 → 2.3

New features:
  • Support Python 3. [davisagli]

plone.registry: 1.0.4 → 1.0.5

Bug fixes:
  • Fix endless recursion on getting values from broken records proxy objects
    This fixes https://github.com/plone/plone.registry/issues/13.
    [tomgross, maurits]

plone.resource: 1.0.6 → 1.2.1

New features:
  • Fire events on resources creation/modification
    [jpgimenez, ebrehault]

  • Use mimetypes_registry utility to dertermine mimetype if available.
    [jensens]

Bug fixes:
  • 'unittest2' is a test dependency, make this explicit in setup.py.
    [jensens]

  • Remove duplicte import
    [jensens]

  • Add coding headers on python files.
    [gforcada]

  • Applied 20160830 security hotfix. [maurits]

plone.scale: 1.4.1 → 1.4.2

Bug fixes:
  • When getting an outdated scale, don't throw it away when there is no
    factory. [maurits]

  • Avoid TypeErrors when looking for outdated scales.
    Fixes issue 12 <https://github.com/plone/plone.scale/issues/12>_.
    [maurits]

  • Catch KeyError when deleting non existing scale. This can happen in corner cases.
    Fixes issue 15 <https://github.com/plone/plone.scale/issues/15>_.
    [maurits]

  • Set zip_safe=False in setup.py. Otherwise you cannot run
    the tests of the released package because the test runner does not
    find any tests in the egg file. Note that this is only a problem in
    zc.buildout 1.x: it uses unzip=False by default. zc.buildout 2.x no
    longer has this option and always unzips eggs. [maurits]

plone.schemaeditor: 1.3.11 → 1.4.1

Bug fixes:
  • Re-add overlay registration for Plone 4 accidentally removed in 1.4.
    [seanupton]

  • Make tests and mocks for plone keyring work fine for both plone.protect
    2.x and 3.x. This required adding test dependency on lxml, as
    plone.protect 3.x transform outputs HTML varying from 2.x.
    [seanupton]

  • Backport doctest (functional/browser) fix for choices from 2.0.
    [seanupton]

  • Auto-include plone.protect in ZCML, so that tests will run (backport).
    [seanupton]

  • Use window.href.pathname for re-order URL construction, to avoid muddled
    URL concatenation conflicting with authenticator token possibly in
    querystring.
    [seanupton]

  • Removed debugger statement from schemaeditor.js.
    [seanupton]

  • Backport field reorder compatbility fixes from 2.0.3 for jquery.event
    drag and drop (vangheem).
    [seanupton]

  • Backport CSRF protection from plone.schemaeditor 2.0.2, for AJAX
    compatibility with plone.protect 3.0.x in Plone 4.3.x.
    [seanupton]

  • Fix for cases where _authenticator is injected into the
    querystring of the URL; in such cases, we get appropriate base URL.
    This may be particular to use of plone.protect 3.0.x in Plone 4, in
    some circumstances.
    [seanupton]

plone.stringinterp: 1.0.13 → 1.0.14

New features:
  • Provide a ContextWrapper adapter in order to easily pass custom messages
    to StringInterpoator
    [avoinea]

plone.subrequest: 1.7.0 → 1.8

New features:
  • Provide an exception-handler for rewriting Unauthorized to 401's.
    [jensens]

plone.synchronize: 1.0.1 → 1.0.2

New features:
  • Test Python 3 compatibility.
    [datakurre]

plone4.csrffixes: 1.0.9 → 1.1

z3c.form: 3.2.9 → 3.2.11

  • Fix TypeError: object of type 'generator' has no len().
    Happens with z3c.formwidget.query. [maurits]

  • Turned items into a property again on all widgets.
    For the select widget it was a method since 2.9.0.
    For the radio and checkbox widgets it was a method since 3.2.10.
    For orderedselect and multi it was always a property.
    Fixes https://github.com/zopefoundation/z3c.form/issues/44
    [maurits]

  • Removed z3c.coverage from test extra. [gforcada, maurits]

  • RadioWidget items are better determined when they are needed [agroszer]

  • CheckBoxWidget items are better determined when they are needed [agroszer]

  • Bugfix: The ChoiceTerms adapter blindly assumed that the passed in field
    is unbound, which is not necessarily the case in interesting ObjectWidget
    scenarios. Not it checks for a non-None field context first. [srichter]

plone.app.event: 1.1.6 → 1.1.8

Bug fixes:
  • Do not index sync_uid, start and end fields if they are empty.
    [bsuttor]

  • Fix bug when an event is in creation and has not yet uid.
    [bsuttor]

plone.app.referenceablebehavior: 0.7.5 → 0.7.6

Bug fixes:
  • Add coding header on python files.
    [gforcada]

plone.formwidget.autocomplete: 1.2.10 → 1.2.11

Bug fixes:
  • Better handling of undefined data
    [agitator]

Products.LinguaPlone: 4.1.5 → 4.1.8

Bug fixes:
  • Fix Home link in the translationbrowser_popup template to point to
    navigation root, not the site root.
    [vincentfretin]

  • Add tests for sitemap
    [djowett]

  • Fixed bug where even Manager could not view a folder with private default page.
    Fixes https://github.com/plone/Products.CMFPlone/issues/1822
    [maurits]

  • Fixed CSRF protection bug on @@language-setup-folders view.
    [syzn]

  • Show also current language link in header hreflang links.
    [erral]

Project resources

Learn about Plone