From a0b9d41de9dc5e3401100bee18b18dc0fbaf64fa Mon Sep 17 00:00:00 2001 From: Maurits van Rees Date: Fri, 28 Jan 2022 15:07:00 +0100 Subject: [PATCH] Latest versions for 5.2.7. --- RELEASE-NOTES.txt | 6 +++--- changelog.txt | 48 ++++++++++++++++++++++++++++++++++++++--- release/constraints.txt | 12 +++++------ sources.cfg | 2 +- versions.cfg | 12 +++++------ 5 files changed, 61 insertions(+), 19 deletions(-) diff --git a/RELEASE-NOTES.txt b/RELEASE-NOTES.txt index e5e9f2d747..8e8f29a0f6 100644 --- a/RELEASE-NOTES.txt +++ b/RELEASE-NOTES.txt @@ -1,12 +1,12 @@ Release notes for Plone 5.2.7 ============================= -Not yet released. -Planned in January 2022 -Last updated: Tuesday January 25, 2022. +Released: Friday January 28, 2022. Some highlights of this release are: +- `plone.app.contenttypes` and `Products.ATContentTypes`: Security fix: prevent cache poisoning with the Referer header. + See `security advisory `. - `plone.app.linkintegrity`: Track integrity of video and audio files in HTML source tags. - `plone.app.z3cform` and `plone.app.textfield`: Enable multiple wysiwyg editors (use default editor registry setting). - `plone.namedfile`: Make `DefaultImageScalingFactory` more flexible, with methods you can override. diff --git a/changelog.txt b/changelog.txt index 07229a9974..18d7335a2b 100644 --- a/changelog.txt +++ b/changelog.txt @@ -56,6 +56,26 @@ Bug fixes: - Adapt the tests for Plone 6 [ale-rt] (#39) +plone.app.contenttypes: 2.2.2 → 2.2.3 +------------------------------------- +Bug fixes: + +- Security fix: prevent cache poisoning with the Referer header. + See `security advisory `. + [maurits] (#1) + +- Depend on `plone.namedfile` core instead of its empty `[blobs]` extra. + [maurits] (#106) + + +plone.app.dexterity: 2.6.9 → 2.6.10 +----------------------------------- +Bug fixes: + +- Depend on `plone.namedfile` core instead of its empty `[scales]` extra. + [maurits] (#106) + + plone.app.layout: 3.4.6 → 3.5.1 ------------------------------- New features: @@ -178,10 +198,14 @@ New features: - Fix tests for Plone 4.3 and 5.2 with Python 2.7 @ichim-david (#1243) -Products.CMFPlone: 5.2.6 → 5.2.7rc1 ------------------------------------ +Products.CMFPlone: 5.2.6 → 5.2.7 +-------------------------------- Bug fixes: +- Release Plone 5.2.7 final. + No changes compared to last release candidate. + [maurits] (#3413) + - Add plone.synchronize as dependency, because plone.dexterity 2.10.5 has removed this dependency. Core Plone does not need the package anymore, but in case someone uses it, it is not nice to lose it in a bugfix release of Plone. [maurits] (#157) @@ -240,10 +264,13 @@ Bug fixes: - Fix a compatibility issue with Python 3.8 (#27) -plone.app.versioningbehavior: 1.4.3 → 1.4.4 +plone.app.versioningbehavior: 1.4.3 → 1.4.5 ------------------------------------------- Bug fixes: +- Depend on `plone.namedfile` core instead of its empty `[blobs]` extra. + [maurits] (#106) + - Fix tests on Python 2 with newer plone.dexterity using repr for the schema. [wesleybl] (#60) @@ -251,6 +278,12 @@ Bug fixes: z3c.jbot: 1.1.0 → 1.1.1 ----------------------- +plone.app.tiles: 3.2.0 → 3.2.3 +------------------------------ + +FormEncode: 1.3.1 → 2.0.1 +------------------------- + plone.app.blob: 1.8.1 → 1.8.2 ----------------------------- Bug fixes: @@ -258,3 +291,12 @@ Bug fixes: - Minor package improvements. (#56) +Products.ATContentTypes: 3.0.5 → 3.0.6 +-------------------------------------- +Bug fixes: + +- Security fix: prevent cache poisoning with the Referer header. + See `security advisory `. + [maurits] (#1) + + diff --git a/release/constraints.txt b/release/constraints.txt index 5e3b49f02f..5aed8bfe0e 100644 --- a/release/constraints.txt +++ b/release/constraints.txt @@ -20,7 +20,7 @@ Paste==3.5.0 PasteDeploy==2.1.1 Persistence==3.0 Plone==5.2.7 -Products.ATContentTypes==3.0.5; python_version < "3.0" +Products.ATContentTypes==3.0.6; python_version < "3.0" Products.Archetypes==1.16.6; python_version < "3.0" Products.BTreeFolder2==4.3 Products.CMFCore==2.5.4 @@ -29,7 +29,7 @@ Products.CMFDynamicViewFTI==6.0.3 Products.CMFEditions==3.3.4 Products.CMFFormController==4.1.4 Products.CMFPlacefulWorkflow==2.0.4 -Products.CMFPlone==5.2.7rc1 +Products.CMFPlone==5.2.7 Products.CMFQuickInstallerTool==4.0.4 Products.CMFUid==3.1.0 Products.DCWorkflow==2.5.0 @@ -209,11 +209,11 @@ plone.app.content==3.8.8 plone.app.contentlisting==2.0.6 plone.app.contentmenu==2.3.4 plone.app.contentrules==4.1.6 -plone.app.contenttypes==2.2.2 +plone.app.contenttypes==2.2.3 plone.app.controlpanel==4.0.1; python_version < "3.0" plone.app.customerize==1.3.11 plone.app.debugtoolbar==1.2.3 -plone.app.dexterity==2.6.9 +plone.app.dexterity==2.6.10 plone.app.discussion==3.4.5 plone.app.drafts==1.1.3 plone.app.event==3.2.14 @@ -239,11 +239,11 @@ plone.app.standardtiles==2.3.2 plone.app.testing==6.1.9 plone.app.textfield==1.3.6 plone.app.theming==4.1.7 -plone.app.tiles==3.2.0 +plone.app.tiles==3.2.3 plone.app.upgrade==2.1.0 plone.app.users==2.6.6 plone.app.uuid==2.0.2 -plone.app.versioningbehavior==1.4.4 +plone.app.versioningbehavior==1.4.5 plone.app.viewletmanager==3.1.2 plone.app.vocabularies==4.3.0 plone.app.widgets==3.0.6 diff --git a/sources.cfg b/sources.cfg index 6a1528fb73..4b441d1d83 100644 --- a/sources.cfg +++ b/sources.cfg @@ -104,7 +104,7 @@ plone.intelligenttext = git ${remotes:plone}/plone.intelligenttext plone.keyring = git ${remotes:plone}/plone.keyring.git pushurl=${remotes:plone_push}/plone.keyring.git branch=master plone.locking = git ${remotes:plone}/plone.locking.git pushurl=${remotes:plone_push}/plone.locking.git branch=master plone.memoize = git ${remotes:plone}/plone.memoize.git pushurl=${remotes:plone_push}/plone.memoize.git branch=master -plone.namedfile = git ${remotes:plone}/plone.namedfile.git pushurl=${remotes:plone_push}/plone.namedfile.git branch=master +plone.namedfile = git ${remotes:plone}/plone.namedfile.git pushurl=${remotes:plone_push}/plone.namedfile.git branch=5.x plone.outputfilters = git ${remotes:plone}/plone.outputfilters.git pushurl=${remotes:plone_push}/plone.outputfilters.git branch=master plone.portlet.collection = git ${remotes:plone}/plone.portlet.collection.git pushurl=${remotes:plone_push}/plone.portlet.collection.git branch=3.3.x plone.portlet.static = git ${remotes:plone}/plone.portlet.static.git pushurl=${remotes:plone_push}/plone.portlet.static.git branch=3.1.x diff --git a/versions.cfg b/versions.cfg index c1abbf2eb6..6647e7ae25 100644 --- a/versions.cfg +++ b/versions.cfg @@ -135,9 +135,9 @@ plone.app.content = 3.8.8 plone.app.contentlisting = 2.0.6 plone.app.contentmenu = 2.3.4 plone.app.contentrules = 4.1.6 -plone.app.contenttypes = 2.2.2 +plone.app.contenttypes = 2.2.3 plone.app.customerize = 1.3.11 -plone.app.dexterity = 2.6.9 +plone.app.dexterity = 2.6.10 plone.app.discussion = 3.4.5 plone.app.event = 3.2.14 plone.app.folder = 1.3.2 @@ -218,7 +218,7 @@ Products.CMFDynamicViewFTI = 6.0.3 Products.CMFEditions = 3.3.4 Products.CMFFormController = 4.1.4 Products.CMFPlacefulWorkflow = 2.0.4 -Products.CMFPlone = 5.2.7rc1 +Products.CMFPlone = 5.2.7 Products.CMFQuickInstallerTool = 4.0.4 Products.CMFUid = 3.1.0 Products.contentmigration = 2.2.2 @@ -262,7 +262,7 @@ collective.z3cform.datagridfield = 1.5.3 collective.z3cform.datetimewidget = 1.2.9 plone.app.debugtoolbar = 1.2.3 plone.app.relationfield = 2.0.3 -plone.app.versioningbehavior = 1.4.4 +plone.app.versioningbehavior = 1.4.5 plone.formwidget.autocomplete = 1.4.0 plone.formwidget.contenttree = 1.2.0 plone.formwidget.datetime = 1.3.5 @@ -281,7 +281,7 @@ plone.app.blocks = 5.0.0 plone.app.drafts = 1.1.3 plone.app.mosaic = 2.2.3 plone.app.standardtiles = 2.3.2 -plone.app.tiles = 3.2.0 +plone.app.tiles = 3.2.3 plone.tiles = 2.3.1 plone.jsonserializer = 0.9.10 @@ -374,7 +374,7 @@ plone.app.blob = 1.8.2 plone.app.collection = 1.2.8 plone.app.imaging = 2.1.2 Products.Archetypes = 1.16.6 -Products.ATContentTypes = 3.0.5 +Products.ATContentTypes = 3.0.6 Products.Marshall = 2.4.1 Products.TinyMCE = 1.4.3