Plone 5.2.11 released
This is a minor patch release for Plone 5.2. For more detailed developer Release notes and updates in the individual packages, please see the Technical Release document written by our Release Manager Maurits van Rees.
After the previous Plone 5.2.10 there were two 'micro' patches 5.2.10.1 and 5.2.10.2 Those intermediate releases fixed a low risk security issue in Zope 4 upgrading the Zope release. Plone 5.2.11 contains additional fixes in other packages to avoid regressions because of this Zope 4 update and some other patches.
Highlights
Zope Set the published default Content-Type header to text/plain if none has been set explicitly to prevent a cross-site scripting attack. Also remove the old behavior of constructing an HTML page for published methods returning a two-item tuple. Various other packages have fixes for this to avoid regressions.
If your Plone site is using a caching server like Varnish Cache, Plone 5.2.11 contains an important fix for an edge case if you also have plone.restapi installed in your site. For more information see plone.rest issue 73. Another caching related issue which is fixed in this release is documented in Zope issue #1089. The CSS styling from your website was no longer parsed by the browser, but this happens only after a certain amount of time, depending on the TTL settings of your content items in the Caching control panel, and if you make use of Etags that trigger 304 not modified requests and used some (best practice) security related headers in your front webserver.
When a (new) User logs in automatically after a password reset or initial invite, some triggers were not processed like on a normal authorised login. For example the 'last login' and 'initial login' time stamps were not updated. So it seemed the new user had never logged in yet if you looked at this fields.
Python compatibility
This release supports Python 2.7, 3.7, and 3.8. Python 3.6 support was dropped in Plone 5.2.10. Note that both Python 2.7 and 3.6 have reached end of life, and Python 3.7 will reach end of life in June 2023.
Plone 5.2 supports Python 2.7, but it should only be used as a temporary stepping stone before you migrate your Plone site to Python 3, as Python 2.7 reached EOL status in 2020.
Full details and changes for every changed Python package in Plone 5.2.11 can be found in the Technical Release document .