Plone 5.2.9

There may be hotfixes applicable to this release. Always check the Plone Hotfix page before production deployment.

Release notes

LicenseGPL
Date released2022-07-21
Release managerEric Steele

Plone 5.2.9 is a bug fix release of Plone 5.2. Release Manager for this version is Maurits van Rees (despite the automated text above).

Installers can be downloaded with the buttons below. Experienced users can update their buildout config by pointing to https://dist.plone.org/release/5.2.9/versions.cfg.

Linux/BSD/Unix users: Use the Unified Installer. It is a configuration and setup kit with build scripts.

Windows 10 users: use the Unified Installer. See Windows-specific installation instructions. Consider using the unified installer within the Windows Subsystem for Linux (WSL).

OS X users: use the Vagrant kit or install XCode command-line tools and use the Unified Installer.

Automated provisioning: See Plone's Ansible Playbook for a full-stack installation kit.

Cross-platform Docker: install Docker and use the Plone Docker image.

For the Plone 5.2 upgrade guide, see https://docs.plone.org/manage/upgrading/

Specific release notes for Plone 5.2.9:

Some highlights of this release are:

  • waitress: Updated to version 2.1.2, which has a bugfix for the previous security fix.
    Version 2.1.1 could cause Plone to crash and restart. See also remark above on Python compatibility.
  • plone.app.querystring:
    • Add negation-query operators string.isNot and selection.none.
    • Make SearchableText work when using and and or as search items.
  • zodbverify: Improve debugging output: show all objects that reference an oid.
    See Philip's blog post and discussion in pull request for more information.

Python compatibility

As usual, this release supports Python 2.7, 3.6, 3.7, and 3.8.

But note that both Python 2.7 and 3.6 have reached end of life. This means the wider Python community no longer supports it. For example, the default WSGI server used by Plone, which is waitress, has a security problem that is only solved on Python 3.7 and higher. If you use waitress on earlier Python versions, you are vulnerable.

Python 3.7 will reach end of life in June 2023. See Status of Python Versions for the canonical information. It will get harder to test and support Plone on unsupported Python versions. Especially Python 2.7 should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.

Downloads

Changes

Zope: 4.8.1 → 4.8.2

  • Update waitress to version 2.1.2.
  • Fix version pin specifications for Python 3.6 compatibility. (#1036)
  • Fix version pin specifications for Python 3.5 compatibility.
  • Add more notices to the documentation urging users to migrate to Zope 5.
  • Quote all components of a redirect URL (not only the path component) (#1027)
  • Drop the convenience script generation from the buildout configuration in order to get rid of a lot of dependency version pins. These were only needed for maintainers who can install them manually. (#1019)
  • Update dependencies to the latest releases that still support Python 2.
  • Strip leading . in cookie domain names. (#1041)

Genshi: 0.7.5 → 0.7.7

i18ndude: 5.4.1 → 5.4.2

Bug fixes:

  • Leading spaces in comments are kept stable. (#91)
  • Test on Python 3.10. No code changes needed. [maurits] (#310)

Products.ExternalMethod: 4.5 → 4.6

  • Add support for Python 3.10.

Products.PythonScripts: 4.13 → 4.14

  • Add support for Python 3.10.
  • Remove unused classes SecurityManager and RivilegedUser from .tests.testBindings.

five.customerize: 2.0.1 → 2.1.0

  • Add support for Python 3.5, 3.7, 3.8, 3.9, 3.10.
  • Fix tests to run successfully on Zope >= 5.2.1.

icalendar: 4.0.9 → 4.1.0

Plone: 5.2.8 → 5.2.9

Bug fixes:

  • Release Plone 5.2.9. [maurits]

plone.app.querystring: 1.5.0 → 1.6.1

New features:

  • Add negation-query operators string.isNot and selection.none. New plone.app.querystring.operation.string.isNot and plone.app.querystring.operation.selection.none including upgrade steps. [thet] (#110)

Bug fixes:

  • Make SearchableText work when using 'and' and 'or' as search items [erral] (#111)
  • Fix how to merge custom_query with parsedquery without overriding values. [cekk] (#103)

plone.app.upgrade: 2.1.1 → 2.1.2

Bug fixes:

  • Added upgrade to 5217, Plone 5.2.9. [maurits] (#5217)

plone.app.viewletmanager: 3.1.2 → 3.1.3

Bug fixes:

  • Change default message for i18n msgid [erral] (#25)

plone.supermodel: 1.6.3 → 1.6.5

Bug fixes:

  • Release 1.6.3 as 1.6.5. The 1.6.4 release in between was meant as a major release. I will rerelease that one as 2.0.0. [maurits] (#27)

Products.CMFCore: 2.5.4 → 2.6.0

  • Fix cookie test failure (#120).
  • Add support for Python 3.10.

Products.CMFPlone: 5.2.8 → 5.2.9

Bug fixes:

  • Update metadata version to 5217, Plone 5.2.9. [maurits] (#5217)

Products.CMFUid: 3.1.0 → 3.3

  • Add support for Python 3.10.
  • Add support for Python 3.9.
  • Change package structure to move package code into a src subfolder.

Products.DCWorkflow: 2.5.0 → 2.6.0

New features:

  • Add support for Python 3.10.

Products.ExternalEditor: 3.0.1 → 3.1.0

  • Add support for Python 3.9, 3.10.
  • Change package structure to move package code into a src subfolder.
  • Fix bug which prevented ZMI from rendering, when Products.ExternalEdit was installed. (#18)

Products.PluginRegistry: 1.9 → 1.10

  • Add support for Python 3.10

Products.Sessions: 4.9 → 4.13

  • Add support for Python 3.10.
  • Fix PY2 bug in BrowserIdManager.getNewBrowserId (#45)
  • Improve out-of-the-box experience by instantiating a session data container if the session data manager uses the default configuration that points to a temporary folder
  • Reinstate simple sessioning with Products.TemporaryFolder (#43)
  • Reduce usage of deprecated tempstorage for testing and remove warnings (#41)

Products.SiteErrorLog: 5.5 → 5.6

  • Add support for Python 3.10.
  • Render date in addition to time in ZMI error log. (#31)

Products.ZopeVersionControl: 2.0.0 → 3.0.0

Breaking changes:

  • Drop support for Zope 2.x.

New features:

  • Add support for Python 3.9, 3.10

zodbverify: 1.1.0 → 1.2.0

New features:

  • Improve debugging output: show all objects that reference a oid. See Philip's blog post for more information. See also discussion in pull request 8. [pbauer] (#8)

plone.app.blocks: 5.0.1 → 5.1.0

plone.app.mosaic: 2.2.3 → 2.2.5

cached-property: 1.5.1 → 1.5.2

Deprecated: 1.2.10 → 1.2.13

launchpadlib: 1.10.13 → 1.10.16

lazr.restfulclient: 0.14.3 → 0.14.4

lazr.uri: 1.0.3 → 1.0.6

pdbpp: 0.10.2 → 0.10.3

Project resources

Learn about Plone