Plone

Plone 5.2.11

  1. Series 5.2
  2. 5.2.11

Milestone information

Project:
Plone
Series:
5.2
Version:
5.2.11
Released:
 
Registrant:
Maurits van Rees
Release registered:
Active:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata

Activities

Assigned to you:
No blueprints or bugs assigned to you.
Assignees:
No users assigned to blueprints and bugs.
Blueprints:
No blueprints are targeted to this milestone.
Bugs:
No bugs are targeted to this milestone.

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon Plone-5.2.11-UnifiedInstaller-1.0.zip (md5, sig) Unified Installer zip -- same as tarball, but easier to extract on Windows 143
last downloaded 14 weeks ago
download icon Plone-5.2.11-UnifiedInstaller-1.0.tgz (md5, sig) Unified Installer tarball -- builds Plone on most Linux/macOS/Windows 10 systems 5,343
last downloaded 24 hours ago
Total downloads: 5,486

Release notes 

# Release notes for Plone 5.2.11

* Released: Monday January 30, 2023
* Check the [release schedule](https://plone.org/download/release-schedule).
* Read the [upgrade guide](https://5.docs.plone.org/manage/upgrading/version_specific_migration/upgrade_to_52.html), explaining the biggest changes compared to 5.1.
* Canonical place for these [release notes](https://dist.plone.org/release/5.2.11/RELEASE-NOTES.md) and the full [packages changelog](https://dist.plone.org/release/5.2.11/changelog.txt).

For technical wizards who want to jump straight in, here are two important links:

* With pip you can use the constraints file at [https://dist.plone.org/release/5.2.11/constraints.txt](https://dist.plone.org/release/5.2.11/constraints.txt)
* With Buildout you can use the versions file at [https://dist.plone.org/release/5.2.11/versions.cfg](https://dist.plone.org/release/5.2.11/versions.cfg).

## Highlights

Major changes since 5.2.10:

* `Zope`:
  * Set the published default Content-Type header to text/plain if none has been set explicitly to prevent a cross-site scripting attack. Also remove the old behavior of constructing an HTML page for published methods returning a two-item tuple. This fix was already included in Plone 5.2.10.1 and 5.2.10.2.
  * Various other packages have fixes for this to avoid regressions.
* `plone.app.caching`: Apply weak caching to GET requests of content with application/json, handled by `plone.restapi`. See [`plone.rest` issue 73](https://github.com/plone/plone.rest/issues/73).
* `Products.CMFPlone`: When autologin after password reset is enabled (this is the default), use the same adapters as during normal login. Specifically: the `IInitialLogin` and `IRedirectAfterLogin` adapters.

## Python compatibility

This release supports Python 2.7, 3.7, and 3.8.

Python 3.6 support was [dropped in Plone 5.2.10](https://community.plone.org/t/plone-5-2-drops-python-3-6-support/15706).
Note that both Python 2.7 and 3.6 have reached end of life, and Python 3.7 will reach end of life in June 2023.
Plone 5.2 supports Python 2.7, but it should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.

## Versions of pip, zc.buildout, setuptools

Plone 5.2 ships with a `requirements.txt` that pins `pip`, `zc.buildout`, `setuptools`, and `wheel` (plus a few more unpinned packages when you are on Windows). In the `versions.cfg` for Buildout we have the same versions.
We have been very conservative with these versions. The main reason is that we wanted to use the same versions for Python 2 and 3.

This is starting to harm the Python 3 side. See one personal ["war" story](https://github.com/zopefoundation/zope.container/issues/48) on Mac where one package could be installed on Python 3.8.13, but not on 3.8.14 or higher. Using the latest versions of pip and Buildout and friends, all was well.
So starting with Plone 5.2.11, we pin different versions of these packages on Python 2 and 3.

You should know that you are free to use whatever versions you like for these tools. Use whatever versions work on your system, especially on Python 3.
Note that in a `buildout.cfg` you can "unpin" versions to tell Buildout to just use whatever has already been installed by pip:

```
[buildout]
newest = false

[versions]
pip =
setuptools =
wheel =
zc.buildout =
```

## Installation

For installation instructions, see the [documentation](https://5.docs.plone.org/manage/installing/index.html).

## Issues

If you find any issues, please report them in the [main issue tracker](https://github.com/plone/Products.CMFPlone/issues).

Changelog 

View the full changelog

Zope: 4.8.3 → 4.8.7
-------------------

- Only set response header Content-Type as text/html on exception views when the response has content. (#1089)

- Update dependencies to the latest releases for each supported Python version.

- Explicitly serve App.Dialogs.MessageDialog and exception views as HTML due to the changed default content type from #1075.

- Fix some broken ZMI pages due to the changed default content type from PR https://github.com/zopefoundation/Zope/pull/1075 (#1078)

- Set the published default Content-Type header to text/plain if none has been set explicitly to prevent a cross-site scripting attack. Also remove the old behavior of constructing an HTML page for published methods returning a two-item tuple.

- Make Products.PageTemplates compatible with Chameleon 3.10.

plone.releaser: 1.8.7 → 1.8.8
-----------------------------
Bug fixes:

- Fix ValueError when calling ``bin/manage launchpad 5.2.10.1``.
  [maurits] (#45)

python-dotenv: 0.15.0 → 0.18.0
------------------------------

z3c.template: 3.1.0 → 3.2
-------------------------

Products.ExternalMethod: 4.6 → 4.7
----------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.MailHost: 4.12 → 4.13
------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.PythonScripts: 4.14 → 4.15
-----------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.StandardCacheManagers: 4.0.3 → 4.2
-------------------------------------------

zope.app.locales: 4.1 → 4.3
---------------------------

zope.copy: 4.2 → 4.3
--------------------

zope.copypastemove: 4.1.0 → 4.2.1
---------------------------------

zope.dublincore: 4.2.0 → 4.3.0
------------------------------

zope.intid: 4.3.0 → 4.4.0
-------------------------

zope.password: 4.3.1 → 4.4
--------------------------

simplejson: 3.17.6 → 3.18.1
---------------------------

borg.localrole: 3.1.8 → 3.1.9
-----------------------------
Bug fixes:

- Add PEP 508 style requirements to not depend on Zope2 in Python 3. [jensens] (#12)

Plone: 5.2.10 → 5.2.11
----------------------
Bug fixes:

- Release Plone 5.2.11.
  [maurits]

plone.app.caching: 2.1.0 → 2.2.0
--------------------------------
New features:

- Apply weak caching to GET requests of content with application/json.
  See `plone.rest issue 73 <https://github.com/plone/plone.rest/issues/73>`_.
  [maurits] (#73)

Bug fixes:

- Revert changes to tests to work with the Zope security fix.
  We must have an empty byte, not text, otherwise it is an indication that we get a possibly wrong Content-Type in a 304 status.
  See `Zope issue 1089 <https://github.com/zopefoundation/Zope/issues/1089>`_.
  [maurits] (#1089)

- Fix tests to work with the Zope security fix.
  [maurits] (#106)

plone.app.content: 3.8.9 → 3.8.10
---------------------------------
Bug fixes:

- Fix ValueError: Circular reference detected for RelationValue.
  [maurits] (#128)

- Fix ValueError: Circular reference detected for PersistentMapping.
  [maurits] (#246)

plone.app.upgrade: 2.1.3 → 2.1.4
--------------------------------
Bug fixes:

- Apply weak caching to GET requests of content with application/json.
  See `plone.rest issue 73 <https://github.com/plone/plone.rest/issues/73>`_.
  [maurits] (#73)

- Added upgrade to 5219, Plone 5.2.11.
  [maurits] (#5219)

plone.event: 1.4.1 → 1.4.2
--------------------------
Bug fixes:

- Fix AttributeError: 'NoneType' object has no attribute 'astimezone'.
  Fixes `issue 13 <https://github.com/plone/plone.event/issues/13>`_.
  [gogobd] (#13)

plone.protect: 4.1.6 → 4.1.8
----------------------------
Bug fixes:

- Testing: explicitly set response content type header to html. [jeromeperrin] (#97)

- Add missing z3c.zcmlhook dependency. [icemac] (#96)

Products.CMFCore: 2.6.0 → 2.7.0
-------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.CMFPlone: 5.2.10 → 5.2.11
----------------------------------
Bug fixes:

- During login, when login_time is invalid, warn and reset it to 2000/01/01.
  Fixes `issue 3656 <https://github.com/plone/Products.CMFPlone/issues/3656>`_.
  [maurits] (#3656)

- When autologin after password reset is enabled, use the same adapters as during normal login.
  Specifically: the ``IInitialLogin`` and ``IRedirectAfterLogin`` adapters.
  Autologin is enabled by default.
  Fixes `issue 3713 <https://github.com/plone/Products.CMFPlone/issues/3713>`_.
  [maurits] (#3713)

- Update metadata version to 5219, Plone 5.2.11.
  [maurits] (#5219)

Products.CMFUid: 3.4 → 3.5
--------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.DCWorkflow: 2.6.0 → 2.7.0
----------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.GenericSetup: 2.2.0 → 2.3.0
------------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.PluggableAuthService: 2.7.1 → 2.8.1
--------------------------------------------
- Explicitly set the response `Content-Type` header where needed
  due to the changed default content type from `Zope#1075
  <https://github.com/zopefoundation/Zope/pull/1075>`_.

- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.PluginRegistry: 1.10 → 1.11
------------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.Sessions: 4.14 → 4.15
------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.SiteErrorLog: 5.6 → 5.7
--------------------------------
- Fix insidious buildout configuration bug for tests against Zope 4.

- Add support for Python 3.11.

Products.ZODBMountPoint: 1.0 → 1.3
----------------------------------

Products.ZSQLMethods: 3.9 → 3.16
--------------------------------

z3c.zcmlhook: 1.0b1 → 1.1
-------------------------

plone.app.debugtoolbar: 1.2.3 → 1.3.0
-------------------------------------
Bug fixes:

- Add support for Python 3.11 [pbauer] (#30)

z3c.objpath: 1.2 → 1.3
----------------------

plone.app.blocks: 5.2.0 → 5.2.1
-------------------------------

plone.jsonserializer: 0.9.10 → 0.9.11
-------------------------------------

html5lib: 1.0.1 → 1.1
---------------------

httplib2: 0.18.1 → 0.21.0
-------------------------

launchpadlib: 1.10.17 → 1.10.18
-------------------------------

progress: 1.5 → 1.6
-------------------

PyYAML: 5.3.1 → 5.4.1
---------------------

stdlib-list: 0.6.0 → 0.8.0
--------------------------

zest.pocompile: 1.5.0 → 1.6.0
-----------------------------

requests-toolbelt: 0.9.1 → 0.10.1
---------------------------------

tox: 3.24.5 → 3.28.0
--------------------

tqdm: 4.64.0 → 4.64.1
---------------------

virtualenv: 20.14.1 → 20.17.1
-----------------------------

zipp: 1.1.1 → 1.2.0
-------------------

jeepney: 0.4.3 → 0.8.0
----------------------

0 blueprints and 0 bugs targeted

There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.

This milestone contains Public information
Everyone can see this information.