Release Notes Plone 5.2.4 ========================= Some highlights of this release are: - Products.PluggableAuthService: security fix for open redirect and missing access control. - Zope: security fix for missing access control in some XML-RPC requests. - GenericSetup/CMFQuickInstallerTool: security fixes for possibly seeing information from installation logs and snapshots. - plone.recipe.zope2instance: Windows fixes - Products.MailHost: Use standard conforming ``\r\n`` line endings. If you use Microsoft Exchange to send mails, this should prevent empty mails. - mockup / plone.staticresources: various fixes in folder contents. - plone.app.caching: Restored ``resourceRegistries`` ETag, but now for Plone 5 resource registries. Fixes warning "Could not find value adapter for ETag component resourceRegistries". - plone.app.contenttypes: Various fixes for restoring references during migration. - plone.app.users: Fix setting "Use site default" for wysiwyg_editor. - plone.restapi 7.0.0 introduces new features, which should be backwards compatible: - Add ResolveUID functionality for Volto blocks, allowing Volto to preserve internal links when content is moved. - Add root element to the @breadcrumbs endpoint. - Mark restapi 7 with a zcml feature flag: plonerestapi-7 - Add new @contextnavigation endpoint. - Refactor navigation endpoint, add new nav_title attribute - Add "smart fields" concept: if block has a searchableText field, this will be indexed in Plone