Plone 5.2.2 released

A bugfix release with many fixes and package version upgrades

Plone 5.2.2 is a bug fix release of Plone 5.2. Release Manager for this version is Maurits van Rees.

Download Plone 5.2.2

Note: We want to do releases more often, to avoid having very big changes between two bugfix releases. Plone 5.2.3 is expected in October 2020. We announce pending releases for testing on https://community.plone.org, and we announce a final release there once it is out of the pending phase, even when the installers are not ready yet.

Installers are being made, so not all links below will work yet. Experienced users can update their buildout config by pointing to https://dist.plone.org/release/5.2.2/versions.cfg.

  • Linux/BSD/Unix users: Use the Unified Installer. It is a configuration and setup kit with build scripts.
  • Windows 10 users: Use the Unified Installer. See Windows-specific installation instructions. Consider using the Unified Installer within the Windows Subsystem for Linux (WSL).
  • OS X users: use the Vagrant kit or install XCode command-line tools and use the Unified Installer.
  • Automated provisioning: See Plone's Ansible Playbook for a full-stack installation kit.
  • Cross-platform Docker: install Docker and use the Plone Docker image.

For the Plone 5.2 upgrade guide, see https://docs.plone.org/manage/upgrading/

Release notes for Plone 5.2.2

This release packs a lot of changes: the previous release was from January 2020. Some highlights are:

  • Zope was upgraded from 4.1 to 4.5. This means the support for WebDav is back. And the logic around template engines got updated. There should now be fewer differences in behavior between various kinds of templates (Zope/Acquisition-aware or not) or which template engine is used (zope.pagetemplate or chameleon). There were some problems due to this change, but all should have been fixed now.
  • ZODB goes from 5.5.1 to 5.6.0. These  updated packages are needed for zodbupdate and ZEO. So if you are doing low-level transactional stuff, please take a look at its changes.
  • plone.recipe.zope2instance: changes for relstorage, sqlite, webdav, Windows.
  • Fixed problems running Plone on Windows. You may want to keep an eye out for newer releases of plone.recipe.zope2instance. See especially this issue: https://github.com/plone/plone.recipe.zope2instance/issues/144
  • Mockup and plone.staticresources: lots and lots of improvements and bug fixes in styling and javascript.
  • Big push in fixing various internationalization issues.
  • Integrated PloneHotfix20200121 for increased security.
  • Moved the security check if a url is in the portal to a small separate package: Products.isurlinportal. You can immediately use this on Plone 4.3 and higher. Keep an eye on updates for this package: newer versions will increase the security. Often the impact of fixes is too small to warrant a real security hotfix package, but we want to do more regular fixes here.
  • Use Products.isurlinportal 1.1.0 with security hardening against whitespace: https://github.com/plone/Products.isurlinportal/issues/1
  • plone.app.discussion: Extended existing review workflow by states rejected and spam.
  • plone.app.theming: Add custom CSS settings to theming control panel. You now have a textarea where you can simply add CSS without needing to override things or play with less/scss.
  • plone.namedfile and several other packages: support for Range requests.
  • plone.outputfilters has a possibly breaking change: change the image caption template to use <figure> and <figcaption>. If you want to change this, there is a new ImageCaptioningEnabler utility.
  • plone.restapi was upgraded from 6.1.0 to 6.13.7, with lots of new features.
  • plone.scale: the method signature for scaling was made clearer. The mode argument replaces the old direction argument. Direction is still supported, but now deprecated. The new name for direction down is: mode contain or scale-crop-to-fit. The new name for direction up is: mode cover or scale-crop-to-fill. The new name for direction thumbnail is: mode scale.
  • plone.testing 8.0.1 drops the z2 extra. If you need this, use the zope extra instead.
  • Products.CMFPlone: Add markdown extension settings to markup control panel.
  • z3c.autoinclude: When environment variable Z3C_AUTOINCLUDE_DEBUG is set, log which packages are being automatically included.
  • zope.interface was upgraded from 4.6.0 to 5.0.2. This has performance fixes that may have backwards incompatible changes. This makes the inheritance and method resolution order for interfaces more logical and more in line with how it works for 'normal' classes. In corner cases there can be subtle differences when there are several utility or adapter registrations for similar interfaces. For example, when looking for browser view X and there are two such views, Zope looks for the most specific matching interface, and this may have changed.

Changes

For detailed changelog, go to https://plone.org/download/releases/5.2.2