Plone 5.2.10

There may be hotfixes applicable to this release. Always check the Plone Hotfix page before production deployment.

Release notes

Date released2022-10-31
Release managerEric Steele

Plone 5.2.10 is a bug fix release of Plone 5.2. Release Manager for this version is Maurits van Rees (despite the automated text above).

Installers can be downloaded with the buttons below. Experienced users can update their buildout config by pointing to

Linux/BSD/Unix users: Use the Unified Installer. It is a configuration and setup kit with build scripts.

Windows 10 users: use the Unified Installer. See Windows-specific installation instructions. Consider using the unified installer within the Windows Subsystem for Linux (WSL).

OS X users: use the Vagrant kit or install XCode command-line tools and use the Unified Installer.

Automated provisioning: See Plone's Ansible Playbook for a full-stack installation kit.

Cross-platform Docker: install Docker and use the Plone Docker image.

For the Plone 5.2 upgrade guide, see

Specific release notes for Plone 5.2.10:

Some highlights of this release are:

  • Products.PluggableAuthService: Set the Cookie Auth Helper cookies with SameSite set to Lax by default and allow admins to change the setting as well as the secure flag from the Properties tab in the ZMI.

  • i18ndude: Add boolean --no-line-numbers option to rebuild-pot. Use this to prevent including line numbers in pot files.

  • diazo: Remove dependency on future package.

Python compatibility

This release supports Python 2.7, 3.7, and 3.8.

Python 3.6 is no longer supported. See the community announcement.
Note that both Python 2.7 and 3.6 have reached end of life. This means the wider Python community no longer supports it. For example, the default WSGI server used by Plone, which is waitress, has a security problem that is only solved on Python 3.7 and higher. If you use waitress on earlier Python versions, you are vulnerable.

Python 3.7 will reach end of life in June 2023. See Status of Python Versions for the canonical information. It will get harder to test and support Plone on unsupported Python versions. Especially Python 2.7 should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.



Zope: 4.8.2 → 4.8.3

  • Update dependencies to the latest releases for each supported Python version.
  • Fix cookie path parameter handling: If the cookie path value contains % it is assumed to be fully quoted and used as is; if it contains only characters allowed (unquoted) in an URL path (with the exception of ;), it is used as is; otherwise, it is quoted using Python's urllib.parse.quote (#1052).
  • Change functional testing utilities to support percent encoded and unicode paths (#1058).
  • Decode basic authentication header as utf-8, not latin1 anymore (#1061).
  • Make ZPublisher.utils.basic_auth_encode support non-ascii strings on Python 2 (#1062).

zc.buildout: 2.13.7 → 2.13.8

  • Support python310-315 in conditional section expressions.

plone.releaser: 1.8.6 → 1.8.7

Bug fixes:

  • report: add sleep and start parameters. [maurits] (#44)

i18ndude: 5.4.2 → 5.5.0

New features:

  • Add boolean --no-line-numbers option to rebuild-pot. Use this to prevent including line numbers in pot files. The default is to still include them, so no behavior change. The default could change in the future. If you want to be sure to keep your line numbers in the future, use the new --line-numbers option. [maurits] (#77)

Sphinx: 1.8.5 → 1.8.6

python-dateutil: 2.8.1 → 2.8.2

simplejson: 3.17.0 → 3.17.6

diazo: 1.4.2 → 1.5.0

New features:

  • Remove dependency on future package. [petschki] (#85)

Plone: 5.2.9 → 5.2.10

Bug fixes:

  • Release Plone 5.2.10. [maurits] 3.8.8 → 3.8.9

Bug fixes:

  • Fix TypeError: 'NoneType' object is not subscriptable in reference browser widget. [maurits] (#2921) 2.0.7 → 2.0.8

Bug fixes:

  • Build the mime-type icon url with an absolute url. Fixes #44 [erral] (#44) 3.5.1 → 3.5.2

Bug fixes:

  • get the title of the navigation root from the registry when the navigation root object is the portal object [erral] (#317) 4.4.7 → 4.4.8

Bug fixes:

  • Use the portal url to build the mimetype icon url [erral] (#168) 4.1.7 → 4.1.8

Bug fixes:

  • Make sure Parameters Expressions are string when saving custom styles [frapell] (#209) 2.1.2 → 2.1.3

Bug fixes:

  • Add a timezone property to portal memberdata if it is missing Backports #296 to Plone 5.2. [ale-rt] (#296)
  • Added upgrade to 5218, Plone 5.2.10. [maurits] (#5218) 2.6.6 → 2.6.7

Bug fixes:

  • Ensure that, when no timezone is selected, the value of the stored timezone is an empty string (#109)

plone.memoize: 2.1.1 → 3.0.0

Breaking changes:

  • Drop support for Python 3.5 and 3.6. Add support for Python 3.9, 3.10, and 3.11. [davisagli] (#27)

plone.restapi: 7.8.0 → 7.8.1

Bug fixes:

  • Document needed version pins for Plone 4.3. [erral] (#1150)

plone.resourceeditor: 3.0.3 → 3.0.4

Bug fixes:

  • Fix unclosed file warnings [petschki] (#29)

Products.CMFEditions: 3.3.4 → 3.3.5

Bug fixes:

  • Fix test to work with updated CMFUid. [davisagli] (#89)

Products.CMFPlone: 5.2.9 → 5.2.10

Bug fixes:

  • Fixed an issue that prevented the user to select the preferred timezone (#1290)
  • Fixed adding control panel action via ZMI. [maurits] (#1959)
  • Set portal title in registry when creating a new Plone site [erral] (#3584)
  • Change test to make sure email is sent in utf-8 [erral] (#3588)
  • Update metadata version to 5218, Plone 5.2.10. [maurits] (#5218)

Products.CMFUid: 3.3 → 3.4

  • When an object is reindexed after its UID is set, only reindex the cmf_uid index rather than all indexes.

Products.PluggableAuthService: 2.7.0 → 2.7.1

  • Set the Cookie Auth Helper cookies with SameSite set to Lax by default and allow admins to change the setting as well as the secure flag from the Properties tab in the ZMI. The SameSite cookie flag is not currently set, which causes modern browsers to show warnings at the console. Such cookies may be rejected in the future and break the Cookie Auth Helper. See for information about the SameSite cookie attribute and why its handling in browsers is changing.

Products.PortalTransforms: 3.2.0 → 3.2.1

Bug fixes:

  • Fixed regular expression in tests on Python 3.11. [maurits] (#48)
  • Tests: fixed incompatibility with lxml 3.9+ on Linux. This gives slightly different output. [maurits] (#818)

Products.Sessions: 4.13 → 4.14

  • Add ability to set the session cookie's SameSite flag. See for some background on how browsers change handling SameSite. The behavior of existing sites will not change unless the site administrator changes the cookie configuration explicitly. New browser id managers will use Lax by default.

z3c.formwidget.query: 0.17 → 1.0.0

  • Add Chinese translation.
  • Add support for Python 3.5, 3.8, 3.9, 3.10. 5.1.0 → 5.2.0 2.4.2 → 2.5.0

launchpadlib: 1.10.16 → 1.10.17

lazr.restfulclient: 0.14.4 → 0.14.5

smmap: 3.0.1 → 3.0.5

wadllib: 1.3.3 → 1.3.6

colorama: 0.4.5 → 0.4.6

distlib: 0.3.4 → 0.3.6

virtualenv: 20.14.0 → 20.14.1

Project resources

Learn about Plone