Plone 2.0.2 released

Plone 2.0.2 has been released. This release fixes a few bugs and a potential mail header vulnerability, and includes some usability enhancements. This is a highly recommended upgrade.

Just before Plone 2.0.1 was on the verge of being released, a potential security problem with the 'Send To' functionality was identified, and we chose to withdraw 2.0.1 to fix the bug, and release 2.0.2 instead. See "separate security announcement":plone-2.0-security. Please update your servers to 2.0.2 or apply the simple fix included. Plone 1.0.x sites are not affected. "Download Plone 2.0.2":/downloads from the download pages. Plone 2.0.2 - Hicks - Changes since 2.0 - Added the 'listingNext' and 'listingPrevious' class for the batch navigator. The old span.next/previous will still work visually at least until 2.1 comes out, but are deprecated. Please update any batch listings to the new format. (limi) - Added a email address validator to the Plone tool and validate the email addresses for the send to feature, fix for http://plone.org/collector/2975 (tiran) - Some templates were broken with Zope 2.6. Fixed by adding a surrounding metal:block with i18n:domain='plone' around colophon and footer. (dreamcatcher) - Moving definitions (webdav-locking) from edit-templates to global_defines, where they belong. (limi) - Added missing definition of filterOut. (ajung) - Removed unnecessary hook in FactoryTool that is handled by Archetypes itself now. (dtremea) - Default position of the "Recent" portlet is now on the left. (limi) - Added a new variable 'current_page_url' to 'global_defines'. Since it's pretty much impossible to get the correct URL to the current page once you're inside CMF, the base tag and Zope and a VHM, I added this convenience variable. For those who are curious, here's how it looks: 'current_page_url request/VIRTUAL_URL|string:${request/SERVER_URL}${request/PATH_TRANSLATED}' Easy, eh? Updated the Plone templates to use this variable instead. Use this if you need a variable to use with HTML anchors, it will give you the actual URL that is currently being displayed in your browser. (limi) - Default text on member pages are now disabled, since it just pollutes the search results. You can insert the default text in 'homePageText.pt' like before, the only difference is that it's disabled by default, and uses Plone's built-in mechanism to show relevant help text if you're the owner of the document instead. (limi) - Added scoring details + i18n information in the search results. Thanks to Andrew Veitch for the suggestion. (limi) - Renamed METAL macro "list-item" to "listitem" in news.pt and folder_listing.pt to fix Zope 2.6 compatibility. (limi) - Commented out the javascript that auto-focuses on the first field in a form. There are too many places that causes a lot of trouble by moving focus away from a field in which the user is actually typing. (elvix)