From bbf41cab9edf3860d7a06d37d0f05f1b74608c62 Mon Sep 17 00:00:00 2001 From: Maurits van Rees Date: Mon, 19 Dec 2022 17:32:33 +0100 Subject: [PATCH] Zope 4.8.6 fixes regressions on the security fix. --- release/RELEASE-NOTES.md | 4 +- release/changelog.txt | 2 +- release/constraints.txt | 103 ++++++++++++++++++++------------------- versions.cfg | 2 +- 4 files changed, 57 insertions(+), 54 deletions(-) diff --git a/release/RELEASE-NOTES.md b/release/RELEASE-NOTES.md index 3b632abd17..d93e0845da 100644 --- a/release/RELEASE-NOTES.md +++ b/release/RELEASE-NOTES.md @@ -1,6 +1,6 @@ # Release notes for Plone 5.2.10.1 -* Released: Friday December 16, 2022 +* Released: Monday December 19, 2022 * Check the [release schedule](https://plone.org/download/release-schedule). * Read the [upgrade guide](https://5.docs.plone.org/manage/upgrading/version_specific_migration/upgrade_to_52.html), explaining the biggest changes compared to 5.1. * Canonical place for these [release notes](https://dist.plone.org/release/5.2.10.1/RELEASE-NOTES.md) and the full [packages changelog](https://dist.plone.org/release/5.2.10.1/changelog.txt). @@ -15,7 +15,7 @@ For technical wizards who want to jump straight in, here are two important links Major changes since 5.2.10: -* Zope: Security fix for a Cross Site Scripting vulnerability. See [announcement](https://community.plone.org/t/zope-4-8-4-and-5-7-1-released/15992). +* Zope: Security fix for a Cross Site Scripting vulnerability. See [announcement](https://community.plone.org/t/zope-4-8-4-and-5-7-1-released/15992). The security fix is in Zope 4.8.4, but there were a few regressions, so we use 4.8.6. * plone.protect: fix test that failed after the security fix. diff --git a/release/changelog.txt b/release/changelog.txt index 6b7ae71cf9..dd65da06f5 100644 --- a/release/changelog.txt +++ b/release/changelog.txt @@ -1,4 +1,4 @@ -Zope: 4.8.3 → 4.8.4 +Zope: 4.8.3 → 4.8.6 ------------------- Security fix for a Cross Site Scripting vulnerability. diff --git a/release/constraints.txt b/release/constraints.txt index 25a845fce3..2a3ee58237 100644 --- a/release/constraints.txt +++ b/release/constraints.txt @@ -1,16 +1,16 @@ AccessControl==4.3 -Acquisition==4.10 +Acquisition==4.13 AuthEncoding==4.3 -BTrees==4.10.1 +BTrees==4.11.3 Babel==2.9.1; python_version < "3.0" -Babel==2.10.3; python_version >= "3.0" +Babel==2.11.0; python_version >= "3.0" Chameleon==3.9.1; python_version < "3.0" Chameleon==3.10.1; python_version >= "3.0" -DateTime==4.4 +DateTime==4.8 Deprecated==1.2.13 DocumentTemplate==3.4; python_version < "3.0" -DocumentTemplate==4; python_version >= "3.0" -ExtensionClass==4.6 +DocumentTemplate==4.1; python_version >= "3.0" +ExtensionClass==4.9 FormEncode==1.3.1; python_version < "3.0" FormEncode==2.0.1; python_version >= "3.0" Genshi==0.7.7 @@ -19,15 +19,16 @@ Jinja2==2.11.3; python_version < "3.0" Jinja2==3.1.2; python_version >= "3.0" MarkupSafe==1.1.1; python_version < "3.0" MarkupSafe==2.1.1; python_version >= "3.0" -Missing==4.1 +Missing==4.2 MultiMapping==4.1 Paste==3.5.2 -PasteDeploy==2.1.1 -Persistence==3.3 +PasteDeploy==2.1.1; python_version < "3.0" +PasteDeploy==3.0.1; python_version >= "3.0" +Persistence==3.6 Plone==5.2.10 Products.ATContentTypes==3.0.7; python_version < "3.0" Products.Archetypes==1.16.6; python_version < "3.0" -Products.BTreeFolder2==4.3 +Products.BTreeFolder2==4.4 Products.CMFCore==2.6.0 Products.CMFDiffTool==3.3.3 Products.CMFDynamicViewFTI==6.0.3 @@ -73,8 +74,8 @@ PyGithub==1.45; python_version < "3.0" PyGithub==1.47; python_version >= "3.0" PyYAML==5.3.1 Pygments==2.5.2; python_version < "3.0" -Pygments==2.12.0; python_version >= "3.0" -Record==3.5 +Pygments==2.13.0; python_version >= "3.0" +Record==3.6 RestrictedPython==5.2 SecretStorage==2.3.1; python_version < "3.0" SecretStorage==3.1.2; python_version >= "3.0" @@ -84,12 +85,12 @@ WSGIProxy2==0.5.1; python_version >= "3.0" WebOb==1.8.7 WebTest==2.0.35; python_version < "3.0" WebTest==3.0.0; python_version >= "3.0" -ZConfig==3.6.0 +ZConfig==3.6.1 ZEO==5.3.0 -ZODB==5.7.0 +ZODB==5.8.0 ZODB3==3.11.0 ZServer==4.0.2; python_version < "3.0" -Zope==4.8.4 +Zope==4.8.6 Zope2==4.0 ZopeUndo==4.3 alabaster==0.7.12 @@ -116,9 +117,10 @@ cachecontrol==0.12.11; python_version >= "3.0" cached-property==1.5.2 calmjs.parse==1.2.5 certifi==2020.4.5.1; python_version < "3.0" -certifi==2021.10.8; python_version >= "3.0" +certifi==2022.12.7; python_version >= "3.0" cffi==1.15.1 -chardet==4.0.0 +chardet==4.0.0; python_version < "3.0" +chardet==5.1.0; python_version >= "3.0" check-manifest==0.41; python_version < "3.0" check-manifest==0.45; python_version >= "3.0" click==7.1.2 @@ -157,7 +159,7 @@ filelock==3.8.0; python_version >= "3.0" five.customerize==2.1.0 five.globalrequest==99.1 five.intid==1.2.6 -five.localsitemanager==3.3 +five.localsitemanager==3.4 freezegun==0.3.15 funcsigs==1.0.2 functools32==3.2.3.post2; python_version < "3.0" @@ -170,8 +172,8 @@ httplib2==0.18.1 i18ndude==5.5.0 icalendar==4.1.0 idna==2.10; python_version < "3.0" -idna==3.3; python_version >= "3.0" -imagesize==1.3.0 +idna==3.4; python_version >= "3.0" +imagesize==1.4.1 importlib-metadata==0.23 importlib-resources==3.3.1 incremental==17.5.0 @@ -204,14 +206,14 @@ oauthlib==3.1.1; python_version >= "3.0" olefile==0.46 ordereddict==1.1 packaging==20.9; python_version < "3.0" -packaging==21.3; python_version >= "3.0" +packaging==22.0; python_version >= "3.0" pathlib==1.0.1 pathlib2==2.3.7.post1 pathtools==0.1.2 pbr==5.11.0 pdbpp==0.10.3 pep517==0.9.1 -persistent==4.9.1 +persistent==4.9.3 piexif==1.1.3 pillow==6.2.2 pip==20.3.4; python_version < "3.0" @@ -345,11 +347,12 @@ pyrsistent==0.15.7 pyscss==1.3.7 python-dateutil==2.8.2 python-dotenv==0.15.0 -python-gettext==4.0 -pytz==2022.1 +python-gettext==4.1 +pytz==2022.6 readme-renderer==28.0 repoze.xmliter==0.6.1 -requests==2.27.1 +requests==2.27.1; python_version < "3.0" +requests==2.28.1; python_version >= "3.0" requests-toolbelt==0.9.1 robotframework==3.1.2 robotframework-debuglibrary==1.2.1 @@ -373,7 +376,7 @@ snowballstemmer==2.2.0 soupsieve==1.9.6; python_version < "3.0" soupsieve==2.3.2.post1; python_version >= "3.0" sourcecodegen==0.6.14; python_version < "3.0" -sphinx-rtd-theme==1.0.0 +sphinx-rtd-theme==1.1.1 stdlib-list==0.6.0 tempstorage==5.2 testresources==2.0.1 @@ -387,7 +390,7 @@ twine==1.15.0; python_version < "3.0" twine==3.1.1; python_version >= "3.0" typing==3.10.0.0; python_version < "3.0" unidecode==0.04.1 -urllib3==1.26.12 +urllib3==1.26.13 virtualenv==20.14.1 wadllib==1.3.6 waitress==1.4.4; python_version < "3.0" @@ -424,28 +427,28 @@ zc.recipe.testrunner==2.2 zc.relation==1.1.post2 zc.relationship==2.0.post1 zc.sourcefactory==1.1 -zdaemon==4.3 +zdaemon==4.4 zest.pocompile==1.5.0 zest.releaser==6.22.2 zestreleaser.towncrier==1.2.0 zipp==1.1.1 -zodbpickle==2.3 +zodbpickle==2.6 zodbupdate==1.5 zodbverify==1.2.0 -zope.annotation==4.7.0 +zope.annotation==4.8 zope.app.intid==3.7.1 zope.app.locales==4.1 zope.browser==2.4 zope.browsermenu==4.4 zope.browserpage==4.4.0 zope.browserresource==4.4 -zope.cachedescriptors==4.3.1 +zope.cachedescriptors==4.4 zope.component==4.6.2 zope.componentvocabulary==2.3.0 zope.configuration==4.4.1 -zope.container==4.5.0 +zope.container==4.10 zope.contentprovider==4.2.1 -zope.contenttype==4.5.0 +zope.contenttype==4.6 zope.copy==4.2 zope.copypastemove==4.1.0 zope.datetime==4.3.0 @@ -454,42 +457,42 @@ zope.deprecation==4.4.0 zope.dottedname==4.3; python_version < "3.0" zope.dottedname==5.0; python_version >= "3.0" zope.dublincore==4.2.0 -zope.event==4.5.0 -zope.exceptions==4.5 +zope.event==4.6 +zope.exceptions==4.6 zope.filerepresentation==5.0.0 zope.formlib==5.0.1 -zope.globalrequest==1.5 -zope.hookable==5.1.0 +zope.globalrequest==1.6 +zope.hookable==5.4 zope.i18n==4.9.0 -zope.i18nmessageid==5.0.1 -zope.interface==5.4.0 +zope.i18nmessageid==5.1.1 +zope.interface==5.5.2 zope.intid==4.3.0 zope.keyreference==4.2.0 zope.lifecycleevent==4.4 -zope.location==4.2 +zope.location==4.3 zope.mkzeoinstance==4.1 zope.pagetemplate==4.6.0 zope.password==4.3.1 -zope.processlifetime==2.3.0 -zope.proxy==4.5.1 +zope.processlifetime==2.4 +zope.proxy==4.6.1 zope.ptresource==4.3.0 zope.publisher==6.1.0 zope.ramcache==2.4 zope.schema==6.2.1 -zope.security==5.3 -zope.sendmail==5.2 +zope.security==5.8 +zope.sendmail==5.3 zope.sequencesort==4.2 -zope.site==4.5.0 -zope.size==4.3 +zope.site==4.6.1 +zope.size==4.4 zope.structuredtext==4.4 zope.tal==4.5 -zope.tales==5.1 +zope.tales==5.2 zope.testbrowser==5.6.1 zope.testing==4.10 -zope.testrunner==5.4.0 +zope.testrunner==5.6 zope.traversing==4.4.1 zope.viewlet==4.3 -charset-normalizer==2.0.12; python_version >= "3.0" +charset-normalizer==2.1.1; python_version >= "3.0" jeepney==0.4.3; python_version >= "3.0" sgmllib3k==1.0.0; python_version >= "3.0" sphinxcontrib-applehelp==1.0.2; python_version >= "3.0" @@ -499,4 +502,4 @@ sphinxcontrib-jsmath==1.0.1; python_version >= "3.0" sphinxcontrib-qthelp==1.0.3; python_version >= "3.0" sphinxcontrib-serializinghtml==1.1.5; python_version >= "3.0" sphinxcontrib-websupport==1.2.4; python_version >= "3.0" -typing-extensions==4.1.1; python_version >= "3.0" +typing-extensions==4.4.0; python_version >= "3.0" diff --git a/versions.cfg b/versions.cfg index a4f47fa343..5660866c88 100644 --- a/versions.cfg +++ b/versions.cfg @@ -5,7 +5,7 @@ # Based on latest development Zope: # extends = https://raw.githubusercontent.com/zopefoundation/Zope/4.x/versions.cfg # Based on released Zope: -extends = https://zopefoundation.github.io/Zope/releases/4.8.4/versions.cfg +extends = https://zopefoundation.github.io/Zope/releases/4.8.6/versions.cfg [versions] ##############################################################################