Plone 4.3.2 (Dec 23, 2013)

Bugfix release for the Plone 4.3.x series.

For additional information about this project, please visit the overview page .

For installation instructions go to:

There may be hotfixes applicable to this release. Always check the Plone Hotfix Page before production deployment.

Available downloads

VirtualBox/Vagrant install kit

For all platforms (Installs Plone development/evaluation virtual environment from source on any VirtualBox/Vagrant compatible system.)

Release Notes

State Final release
License GPL
Release Manager Eric Steele
For Windows installers, please see the 4.3.1 release. You may easily upgrade to 4.3.2 after installation.

Change log

AccessControl: 3.0.6 → 3.0.8

plone.recipe.zope2instance: 4.2.11 → 4.2.13

  • adding support for zopectl umask [hman]
  • be able to set zeo client as read only from buildout configuration [vangheem]

plone.recipe.zeoserver: 1.2.5 → 1.2.6

  • nothing changed yet
  • add support for setting zeoserver as read only [vangheem]
  • Add integration with ZRS [vangheem]

robotframework: 2.7.6 → 2.7.7

robotframework-selenium2library: 1.1 → 1.2

robotsuite: 1.2.1 → 1.3.3

selenium: 2.31 → 2.34

Plone: 4.3.1 → 4.3.2

  • Release Plone 4.3.2 [esteele]

Products.Archetypes: 1.9.1 → 1.9.4

  • Fixed error of validate_content_types when checking a field that was an instance of OFS.Image.File [ichim-david]
  • Fix transaction note so long notes do not bork the transaction [vangheem]
  • Avoid UnicodeDecodeError in @@at_utils.translate if the value contains special chars [gbastien]
  • Make some methods of TypesWidget unpublishable. [davisagli]
  • Remove UIDResolver's resolve_url and protect UIDCatalogBrains' getObject. Protect ReferenceEngine's getReferences and getBackReferences. Add security declarations to functions in (Security fixes from PloneHotfix20130618) [davisagli]
  • Pass request to field validation so errors are translated properly. [davisagli]
  • Add a transaction note when setting a default value for a field which doesn't have a storage yet [frapell]

Products.CMFPlone: 4.3.1 → 4.3.2

  • fix wrong download url for podcast syndication [Rudd-O]

  • Applied security fixes from PloneHotfix20130618:

    Protected methods on the ZCatalog.

    Added missing module security declarations.

    Sanitize url in isURLInPortal.

    Check 'Set own password' permission in mailPassword.

    Prevent the Zope request from being traversed.

    Protected sendto method.

    Sanitize input to spamProtect script.


  • Get portal_discussion properly with getToolByName. [maurits]

  • Fix dependency ordering problem with plone-final import step. [davisagli]

  • remove bbb-kss.css from css registry registration [vangheem]

  • Stop unload-protection from popping up needlessly if tinyMCE is used on tabbed forms [href]

Products.contentmigration: 2.1.4 → 2.1.5

  • Keep redirections from when migrating. [maurits]

Products.GenericSetup: 1.7.3 → 1.7.4

  • On import, avoid clearing indexes whose state is unchanged.

Products.MimetypesRegistry: 2.0.4 → 2.0.5

  • Add missing module security declarations.

Products.PasswordResetTool: 2.0.14 → 2.0.15

  • Nothing changed yet.

Products.PlacelessTranslationService: 2.0.3 → 2.0.4

  • Add module security declarations. Prevent publishing of the translate method. (Fixes from PloneHotfix20130618.) [davisagli]

Products.TinyMCE: 1.3.4 → 1.3.5

  • Fixed an issue where the search button wasn't doing anything when livesearch is disabled since checkSearch wasn't checking for a click keycode [ichim-david]
  • Handle brain.Description when it's None or unicode because decoding None or unicode is not supported. [saily]
  • Better match the CSS selectors of the rendered HTML, use the same body_class in the editor as would be for the default view of the context. [rpatterson]
  • Check for a 'enable_tinymce_livesearch'property in order to override the enable_livesearch of site_properties for instances where you want to have livesearch enabled on the portal_search and yet you do not want it enabled within TinyMCE and the other way around [ichim-david]
  • Remove unused getImageScales method from the tinymce utility, and remove the hard dependency on Archetypes. [davisagli]
  • Added base-query for json search. This makes it easier to override the search, just as was done for the folderlisting-view. [maurits]
  • Fixed i18n. [jianaijun]
  • Fixed language variants Toolbar does not display issue. [jianaijun]
  • Remove bogus 'class=" "' refs [maartenkling]
  • Include the history on [maurits]
  • Display workflow state information about content in popups, refs [maartenkling]
  • Fix popup for existing image in IE8. [maurits]
  • Updated italian translation [keul]
  • Make JSON-methods more failsafe [tom_gross]

archetypes.querywidget: 1.0.8 → 1.0.9

  • Fix CSS to ensure that multiple selection widgets are accessible and visible to the user. [davidjb]

archetypes.referencebrowserwidget: 2.4.18 → 2.4.19

  • Modified pagination links selector to use only ".listingBar" instead of "div.listingBar". The template can be customized in a theme and use a different structure, "ul.listingBar" for example. [vincentfretin]
  • If we have a sort_on parameter in base_query, use it instead of getObjPositionInParent to display folder content. [thomasdesvenain]

collective.z3cform.datetimewidget: 1.2.3 → 1.2.5

  • Fix package distribution. [hvelarde]
  • Make Date widget configurable by using the min/max field properties or the default values stored in portal's site properties. [hvelarde]

diazo: 1.0.3 → 1.0.4

  • Provide the request's query string as the $query_string variable for use in the rules file. [davidjb]
  • Fix diazo.scheme definition to be correct. Previously, this was defined as [davidjb] 1.1.4 → 1.1.6

  • Fix double purge of paths for items whose default view is the same as /view [eleddy]
  • Register the plone.atobjectfields adapter not only when Products.Archetypes but also is installed. [thet] 1.0.10 → 1.0.11

  • Add CSS classes on tabular_view table headers and cells in order to easily customize them. [avoinea]
  • Use 'structure value' for tabular_view field value in order to easily insert images, links or other HTML entities in this table [avoinea] 2.1.2 → 2.1.3

  • Fix translations of selectable restriction-options. [pbauer] 1.0.4 → 1.0.5

  • Add missing getDataOrigin method to interfaces. [timo] 3.0.3 → 3.0.4

  • When we assign a rule, it is enabled by default and is applied to subfolders. When we apply a rule to subfolders, it is enabled if it wasn't. [thomasdesvenain]
  • Provides an API to easily deal with rules assignment management. [thomasdesvenain]
  • Do not display Rules action unless some Content Rules are defined. [runyaga]
  • Fix overlay acting funky on the delete action [vangheem]
  • Move, Removed and Added handlers are not launched anymore on non contentish objects. This fixes plone upgrades - content rules where launched on tools. [thomasdesvenain]
  • Fixed i18n [jianaijun] 2.3.6 → 2.3.7

  • In the users listing and group membership listing, show the user's login name instead of the user id, which is an internal identifier. [davisagli]
  • In the groups listing, don't show the group name if it is the same as the group title. [davisagli]
  • Don't display the upgrade portal message unless the logged in user actually has the permission to upgrade the portal. No one likes a tease. [eleddy] 2.0.8 → 2.0.9

  • Add documentation for defaultFactory tag in XML ref. [smcmahon]
  • Removed line breaks within documentation URLs in [smcmahon]
  • Fixed XML export so that GenericSetup's parser can successfully parse it later on at install time. [zupo]
  • Use @@ploneform-render-widget to render widgets in display mode. [cedricmessiant]
  • Call the IBasic description field 'Summary' and give it help text that is actually helpful. [davisagli]
  • Don't show the 'Allow Discussion' field on an item's default view. [davisagli] 2.2.6 → 2.2.8

  • Re-release 2.2.7 with .mo files. Seems like 2.2.7 has been released twice on two different dates. The first release seems to be made without a github push. [timo]
  • Fix comments viewlet's get_replies for non-annotatable objects. [witsch]
  • making sure .mo files are present at release [garbas]
  • Revert change that silently added mime_type attribute values to old discussion items that had none. [pjstevns] 2.2.2 → 2.2.3 1.5.5 → 1.5.6 2.3.5 → 2.3.7

  • Don't try to getId() for the template-name body when there is no template. Corrects an issue with the Dexterity schema editor. [esteele]
  • Fix conflict with <body> class attribute improvement in TinyMCE. [rpatterson]
  • Implement a canonical link relation viewlet to be displayed by IHtmlHeadLinks viewlet manager; this will prevent web indexers from indexing the same object more than once, improving also the way these indexers deal with images and files. [hvelarde]
  • Add Dexterity support for the related items viewlet. [pabo]
  • Personal bar viewlet home link simply links to the user actions list. [danjacka] 1.5.2 → 1.5.3

  • Set a maxsize when decompressing request data. [davisagli]
  • Fixed dexterity referenceablebehavior integration. [maurits]
  • Fix #13681, documents referencing each other will now also trigger a link integrity warning. [do3cc] 4.3.1 → 4.3.2

  • Updated Romanian translation [ichim-david]
  • Update German translation. [jone]
  • Updated French translation.
  • Updated italian translation [keul] 2.4.4 → 2.4.5

  • Acquisition-wrap portlet assignments retrieved from storage. [davisagli]
  • Fixed calendar portlet from "Event" to portal_calendar types [dr460neye]
  • Fixed to all portal_calendar types. [dr460neye]
  • Fixed event portlet. Static Type removed and changed to portal_calendar type. [dr460neye] 1.1.4 → 1.1.5

  • Changed navigation_root_url to link-tag instead of meta-tag to ensure HTML5 validation. [bosim]
  • Stop preventDefault on live change handler on types filter. Prevents bug with IE <= 8. [do3cc] 1.3.3 → 1.3.4

  • Replace basic infrastructure for 4.4 series with same for 5.0 series. [davisagli]
  • Upgrade TinyMCE: Remove space from style to prevent bogus class. [maurits] 2.0.3 → 2.0.4

  • Handle exception during viewlet rendering process: log the exception and display an error message. [toutpt] 2.1.10 → 2.1.11

  • SlicableVocabulary context is not needed when initialing [garbas]
  • KeywordsVocabularyFactory now accepts query which filters keywords listed in vocabulary [garbas]
  • add support for a catalog vocabulary [vangheem] 2.1.5 → 2.1.6

  • Fixed sharing view when inherit is removed. [thomasdesvenain] 0.7.3 → 0.7.4

  • Display 'required' span only on input mode. [cedricmessiant]

plone.autoform: 1.4 → 1.5

  • Added an option on form to allow display of empty fieldsets. [thomasdesvenain]
  • fix tests [vangheem]

plone.formwidget.namedfile: 1.0.6 → 1.0.7

  • Add optional force parameter to the validate method to match a change in the z3c.form API.

plone.i18n: 2.0.8 → 2.0.9

  • German URL normalizer: handle German ‚single‘ and „double“ quotation marks, em dash –, paragraph § and € sign. [jnachtigall]

plone.outputfilters: 1.10 → 1.11.1

  • Fix README rst. [gotcha]
  • img unicode issue : fix resolve_image to avoid that it returns unicode [gotcha]
  • handle possibility of img tag being unicode to prevent unicode errors [vangheem]

plone.rfc822: 1.0.1 → 1.1

  • Branch for Plone 4.2/4.3 compatibility changes. [esteele]
  • Marshall collections as ASCII when possible. [davisagli]
  • Add support for marshalling decimal fields. [davisagli]

plone.schemaeditor: 1.3.2 → 1.3.3

  • Correct packaging issues in 1.3.2. [esteele]

plone.supermodel: 1.2.2 → 1.2.3

  • Add defaultFactory tag for Dexterity XML. Define an interface IDefaultFactory. defaultFactories specified via XML must implement it or IContextAwareDefaultFactory.

plonetheme.sunburst: 1.4.4 → 1.4.5

  • Fix tests to pass on Plone 4.4 (which currently has a Calendar portlet on the right by default) and keep them running on 4.3 too. [maurits]
  • Make portal messages display correctly (colors). [gbastien]

z3c.form: 3.0 → 3.0.2

  • Fix unicode decode error in weird cases in checkbox.CheckboxWidget.update and radio.RadioWidget.update (eg: when term.value is an Plone Archetype ATFile)
  • The alpha slipped out as 3.0.0, removed ZODB-4.0.0dev.tar.gz to reduce damage
  • Fixed a bug in def wrapCSSClass

grokcore.view: 2.7 → 2.8

grokcore.viewlet: 1.10.1 → 1.11

plone.formwidget.autocomplete: 1.2.4 → 1.2.5

  • Use jQuery.prop() instead of jQuery.attr() to deselect radio buttons.
  • Only do list marshalling for multiple selection.
  • Handle the case where the server responds with 204 No Content.

plone.formwidget.contenttree: 1.0.6 → 1.0.7

  • Add in some default binder instances, mostly for use with supermodel XML schemas. [lentinj]
  • Switch to [saily]
  • Add js and css registration tests [saily]
  • Added check in tree generation if it allready exists (reopening the contenttree window). [phgross]
  • Do not exclude content types which are not allowed in navigation [ebrehault]
  • Ignore missing values, content objects can go away or the content of a source may change. [gaudenz]