Plone 4.0.4 (Mar 05, 2011)

Bugfix release for Plone 4.0.

For additional information about this project, please visit the overview page .

For installation instructions go to: http://docs.plone.org/manage/installing.

There may be hotfixes applicable to this release. Always check the Plone Hotfix Page before production deployment.

Available downloads

Release Notes

State Final release
License GPL
Release Manager Eric Steele

This release includes the patches for CVE-2011-0720, so hotfix 20110720 is not needed with this release.

Change log

Plone (4.0.4)

Products.Archetypes (1.6.5)

  • Remove method docstrings in Referenceable and ReferenceEngine to prevent making them publishable. [davisagli]
  • Handle getCharset() returning None in Field.encode/decode. [elro]
  • Avoid various deprecation warnings under Zope 2.13. [hannosch]
  • Fixed a SyntaxWarning when using assert in the migrations module. [deo]
  • Fixed textCounter JavaScript to work with fieldnames with hyphen. API of textCounter-method changed. Second parameter takes now the name of the counterfield, not the DOM object itself. http://dev.plone.org/plone/ticket/11334 [tom_gross]
  • Fixed handling of Anonymous ownership in ExtensibleMetadata, where the ownership tuple is None. Also triggered for views on FactoryTool-wrapped objects. [mj]

Products.CMFEditions (2.0.5)

  • Workaround some potential issues with event handlers and transaction.savepoint which can cause exceptions when, for example, zope.sendmail is used to send mail in the same transaction as saving an edition. [rossp]

Products.CMFQuickInstallerTool (3.0.4)

  • Protect isProductInstalled so it is only callable by Managers. [davisagli]
  • Remove utility mapping in site manager's dictionary to enable a complete uninstall. This fixes an issue where a cascade-based uninstall would not entirely remove utilities, but merely unregister them from the component registry.

Products.PlonePAS (4.0.4)

  • Fix missing and broken security declarations. [davisagli]
  • Avoid breaking on startup if PIL isn't present. [davisagli]
  • Use 'defaultUser.png' as the default user portrait, since the .gif version has been deprecated for a long time now. Seehttp://dev.plone.org/plone/changeset/36350 [mj]

Products.PluggableAuthService (1.7.3)

  • The ZODBRoleManager made it clearer that adding a removing a role does not have much effect if you do not do the same in the root of the site (at the bottom of the Security tab at manage_access). Fixes https://bugs.launchpad.net/zope-pas/+bug/672694
  • Return the created user in _doAddUser, to match change in AccessControl 2.13.4.
  • Fixed possible binascii.Error in extractCredentials of CookieAuthHelper. This is a corner case that might happen after a browser upgrade.

Products.PortalTransforms (2.0.5)

  • Fix regression due to the security declarations added in 2.0.4: convertTo should still be public, but not publishable. [davisagli]
  • Fix missing security declarations. [davisagli]

Products.TinyMCE (1.1.8)

  • Suppress the WYSIWYG editor for fields whose text format is not HTML, and provide a "Edit without visual editor" link like kupu did so that the format can be switched from HTML to something else. [davisagli]
  • Fix wysiwyg_support to correctly respect a user's preference to use no wysiwyg editor. [davisagli]
  • Updated Norwegian translations. [mj]
  • Add tests to make sure user can switch between editors using personalize_form [msmith64]
  • Merged test fixes from http://dev.plone.org/collective/changeset/226086/Products.TinyMCE/branches/plip9938-output-filters to fix Plone 3 compatibility test failure. [msmith64]
  • Fixed tests that were failing due to unpredictable dict key order. [msmith64]
  • Allow users to choose to have no WYSIWYG editor. Fixes http://dev.plone.org/plone/ticket/10810 [msmith64]
  • Do not crash when getting a configuration with styles that have an empty line at the end. [maurits]
  • Make sure that tinymce-jsonconfiguration is traversed as a view in tinymce_wysiwyg_support.pt. [davisagli]
  • Transform now handles resolveuid/12345/subobject links correctly. This fixes https://dev.plone.org/plone/ticket/11426 [fRiSi]

archetypes.referencebrowserwidget (2.2)

  • Fixed getStartupDirectory method if a startup_directory_method was defined, which cannot be traversed to. [hannosch]
  • Check the references in the overlay that are checked in the widget when the overlay is constructed or refreshed. [csenger]
  • Don't disable checkboxes in overlay when an item is selected. Remove the item from the value list when it is unchecked in the value list. fixeshttp://dev.plone.org/plone/ticket/10786 [csenger]

plone.app.blob (1.4)

  • Avoid breaking on startup if PIL is not present. [davisagli]

plone.app.customerize (1.2.2)

  • Add missing security declaration on the ViewTemplateContainer. [davisagli]

plone.app.form (2.0.2)

  • Stop stripping GMT when passed to widget display and replace dates that have "-" with "/" so the proper timezone is applied. See #11423 [eleddy]
  • Fix edge case of dates that are greater than the last minute interval. Now rounding down to last interval instead of returning "--". [eleddy]

plone.app.imaging (1.0.3)

  • Avoid breaking on startup if PIL is not present. [davisagli]
  • Add getAvailableSizes and getImageSize to the @@images view. [elro]
  • Protect the control panel with a custom permission, "Plone Site Setup: Imaging", instead of the generic "Manage portal". [davisagli]

plone.app.iterate (2.1)

  • Fixed stale catalog entries appearing for references of merged content. [maurits]
  • Fixed minor test failure for _doAddUser. [maurits]
  • Test Products.CMFPlone version to set default permission, keeping 4.0 compatibility - the next release can be 2.0.1 again. [elro]
  • Add autoinclude entry point. [elro]
  • Update permission defaults for Plone 4.1's Site Administrator role. [elro]

plone.app.layout (2.0.7)

plone.app.users (1.0.4)

  • Fixed test of the default user portrait, which changed from defaultUser.gif to defaultUser.png in Products.PlonePAS 4.0.5. [maurits]

plone.recipe.zope2instance (4.1.5)

  • Respect new include-site-packages buildout option introduced in buildout 1.5. Closes https://bugs.launchpad.net/bugs/716360. [yuppie, hannosch]
  • Added option import-directory to point to custom import folder. [garbas]

plone.recipe.zeoserver (1.2.0)

  • Only require a nt_svcutils distribution on Windows. [hannosch]