Plone 5.2.14
Milestone information
- Project:
- Plone
- Series:
- 5.2
- Version:
- 5.2.14
- Released:
- Registrant:
- Maurits van Rees
- Release registered:
- Active:
- Yes. Drivers can target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
# Release notes for Plone 5.2.14
* Released: Thursday September 21, 2023
* This is expected to be the last maintenance release.
* Check the [release schedule](https:/
* Read the [upgrade guide](https:/
* Canonical place for these [release notes](https:/
If you want to jump straight in, here are two important links:
* With pip you can use the constraints file at [https:/
* With Buildout you can use the versions file at [https:/
## Highlights
Major changes since 5.2.13:
* This includes security fixes from today's announcement:
* https:/
* https:/
* `Zope`:
* Security fixes in `AccessControl` and `RestrictedPython`. See [community announcement](https:/
* Allow only some image types to be displayed inline. Force download for others, especially SVG images.
* Tighten down the ZMI frame source logic to only allow site-local sources.
* `plone.namedfile`: Fix stored XSS (Cross Site Scripting) for SVG images.
* `plone.rest`: When ``++api++`` is in the url multiple times, redirect to the proper url.
* `plone.restapi`:
* Fix stored XSS (Cross Site Scripting) for SVG image in user portrait.
* `Products.CMFCore`: Make `decodeFolderFi
This is the workaround from [CVE-2023-36814](https:/
* `plone.
* Fix various problems when using the Indonesian language in a multilingual setup.
This language has ``id`` as code. This is not allowed as an id in Plone, so it has always been created as ``id-id`` instead.
This needs some special handling.
* Fix ``set_recursive
## Last maintenance release
Plone 5.2.14 is planned to be the last regular release of Plone 5.2.
This release was originally planned for October, but we moved it forward to have the security fixes in a full release. If there are good reasons, we can still make a new release.
After October 2023, Plone 5.2 is out of maintenance support.
There is still one year of security support, until October 31, 2024.
At that moment, even Python 3.8 is out of security support by the Python community.
## Python compatibility
This release supports Python 2.7 and 3.8.
Python 3.6 and 3.7 should still work, but these are end of life and no longer supported.
Plone 5.2 still supports Python 2.7, but this is end-of-life since 2020. It should only be used as a temporary stepping stone before you migrate your Plone site to Python 3.
## Versions of pip, zc.buildout, setuptools
In Plone core we use these versions to install Plone on Python 2:
```
setuptools==42.0.2
zc.buildout==2.13.8
wheel==0.37.1
```
and these on Python 3:
```
setuptools==65.7.0
zc.buildout==3.0.1
wheel==0.38.4
```
In general you are free to use whatever versions work for you, especially newer ones, but these worked for us.
Note that `setuptools` 66 is more strict with what versions it can recognize. If you run `pip` or `buildout` and it suddenly cannot find a package with a non-standard version, then this may be the cause. This is why we stayed at version 65 for Plone 5.2.
## Installation
For installation instructions, see the [documentation](https:/
There is still a [Unified Installer](https:/
## Issues
If you find any issues, please report them in the [main issue tracker](https:/
Changelog
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.