Release Notes Plone 5.2.3
=========================

Some highlights of this release are:

- zope.interface:
  Fixed potential memory leak, see https://github.com/zopefoundation/zope.interface/issues/216.
  Fixed inconsistent resolution orders, see https://github.com/zopefoundation/zope.interface/issues/199.

- Zope: fixes for a few template syntax errors.  HTTP header encoding support.

- A few possible information disclosure problems in handling of XML and of ical urls were reported by MisakiKata.
  They have been fixed by the Plone Security Team.
  Since they require an attacker to already have Manager or Site Administrator rights, we decided it was not necessary to create a hotfix for this.
  See https://github.com/plone/Products.CMFPlone/issues/3209

- plone.recipe.zope2instance: added options clear-untrusted-proxy-headers and max-request-body-size.

- Products.MailHost: support messages with explicit Content-Transfer-Encoding 8bit, see https://github.com/zopefoundation/Products.MailHost/issues/30.
  Note: in add-ons this may require changes to the tests.

- mockup: fix plone toolbar action links being updated only on the first navigation action in the folder_contents structure pattern.

- plone.staticresources: updated Bootstrap Icons to 1.0.0 final.

- plone.app.contenttypes: allow passing a custom catalog-query to migrateCustomAT to constrain which objects to migrate.

- plone.dexterity: make sure that Dynamic schema is updated on all ZEO clients on change.

- z3c.form/plone.app.z3cform: fixed compatibility with changed repeat syntax in Zope 4.4, see https://github.com/zopefoundation/z3c.form/issues/94.

- Products.ATContentTypes: drop use of test() in templates, unsupported since Zope 4.4.

- Lots of deprecation warnings fixed, especially during startup.