Zope 5.8.5 → 5.8.6 ------------------ - Make sure the object title in the ZMI breadcrumbs is quoted to prevent a cross-site scripting issue. - Update to newest compatible versions of dependencies. - Base the inline/attachment logic developed for CVE-2023-42458 on the media type proper (ignore parameters and whitespace and normalize to lowercase) (`#1167 `_). pip: 23.2 → 23.3.1 ------------------ setuptools: 68.0.0 → 68.2.2 --------------------------- wheel: 0.40.0 → 0.41.2 ---------------------- borg.localrole: 3.1.10 → 3.1.11 ------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) five.intid: 1.2.7 → 2.0.0 ------------------------- Breaking changes: - Drop support for python 2.7. [gforcada] (#1) Internal: - Update configuration files. [plone devs] (cfffba8c) Plone: 6.0.7 → 6.0.8 -------------------- plone.api: 2.0.4 → 2.0.6 ------------------------ Bug fixes: - More informative error message in plone.api.content.create() [ajung] (#516) - Replace deprecated assert methods. [gforcada] (#1) Internal: - Update GHA [gforcada] (#1) - Fixup tests because PloneSite gets IContentish again. @Akshat2Jain @jaroel (#518) plone.app.caching: 3.1.2 → 3.1.3 -------------------------------- Bug fixes: - Fix ``locked`` component of ETag to discriminate between different locks. @JeffersonBledsoe, @davisagli #122 plone.app.content: 4.0.2 → 4.1.0 -------------------------------- Bug fixes: - Fix cut / delete for content with lock created by current user. [laulaz] (#266) - Fixed inapproriate ``sort()`` in ``folderfactories.py``. [ajung] (#268) Internal: - Mark ``INameFromTitle`` deprecated, in this distribution, as it has been moved to ``plone.base``. It will be removed in Plone 7.0. We do not show a deprecation warning, because doing so would break content types with this interface name in the behaviors list. Recommended is to use ``plone.namefromtitle`` as behavior name, then it works in all supported Plone versions. [gforcada] (#3858) - Update configuration files. [plone devs] (5cdbd962) - chore: move tests from `plone.app.dexterity` To avoid a circular dependency between the two of them. (#3858) plone.app.contentlisting: 3.0.3 → 3.0.4 --------------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.app.contentrules: 5.0.2 → 5.0.3 ------------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.app.contenttypes: 3.0.3 → 3.0.5 ------------------------------------- Bug fixes: - Fix link_redirect_view, respect vhm vs none-vhm url schemes @1letter (#671) Internal: - Update configuration files. [plone devs] (7723aeaf) plone.app.customerize: 2.0.0 → 2.0.1 ------------------------------------ Internal: - Update configuration files. [plone devs] (cfffba8c) plone.app.dexterity: 3.1.1 → 3.2.0 ---------------------------------- Internal: - Make the dependency on ``plone.app.content`` conditional. This is for ``INameFromTitle``, which we want to move to ``plone.base``. [maurits] (#3858) - Update configuration files. [plone devs] (55bda5c9) - Move some tests to `plone.app.content` to avoid a circular dependency with that package. [gforcada] (#3858) plone.app.event: 5.1.0 → 5.1.1 ------------------------------ Tests - Fix test_long_event when run around midnight of the first day of the month. Fixes `issue 334 `_. [maurits] (#334) Internal: - Require setuptools 68.2 or higher for building the package. When built with setuptools 68.1, you could not import the package, at least not an editable package. Note that you can still *install* this package with older setuptools versions. See `Plone meta issue 172 `_ for details. [maurits] (#172) plone.app.linkintegrity: 4.0.2 → 4.0.3 -------------------------------------- Bug fixes: - Report sources once per breach in delete_confirmation_info. [jaroel] plone.app.locales: 6.0.16 → 6.0.17 ---------------------------------- - Fixes in German translation [pbauer] plone.app.lockingbehavior: 1.0.7 → 2.0.0 ---------------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.app.querystring: 2.0.6 → 2.1.0 ------------------------------------ New features: - Add a way to specific a context for getting vocabularies in the QuerystringRegistryReader. @davisagli (#137) plone.app.registry: 2.0.2 → 2.0.3 --------------------------------- Internal: - Require ``setuptools`` 68.2+ for building the package. [plone devs] (18d04723) - Update configuration files. [plone devs] (cfffba8c) plone.app.robotframework: 2.1.0 → 2.1.1 --------------------------------------- Internal: - Update configuration files. [plone devs] (434550cc) plone.app.theming: 5.0.4 → 5.0.5 -------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.app.upgrade: 3.0.8 → 3.1.0 -------------------------------- New features: - Added upgrade to 6100, Plone 6.1.0a1. [maurits] (#6100) Bug fixes: - Added upgrade to 6019, Plone 6.0.8. [maurits] (#6019) plone.app.users: 3.0.3 → 3.0.4 ------------------------------ Internal: - Update configuration files. [plone devs] (cfffba8c) plone.app.vocabularies: 5.0.3 → 5.0.4 ------------------------------------- Bug fixes: - Fix the untranslated table-column-heading "Title" in listing_tabular for collections and folders. [pbauer] (#82) plone.app.workflow: 5.0.2 → 5.0.3 --------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.base: 1.1.4 → 1.2.0 ------------------------- New features: - Move interface INameFromTitle from `plone.app.content` here. This helps avoiding a circular dependency between `plone.app.dexterity` and `plone.app.content`. [gforcada] (#3858) plone.browserlayer: 3.0.1 → 3.0.2 --------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.cachepurging: 3.0.1 → 3.0.2 --------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.caching: 2.0.0 → 2.0.1 ---------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.event: 2.0.0 → 2.0.1 -------------------------- Bug fixes: - Ignore dtstart and until time in rrule in recurrence_sequence_ical [mamico] (#23) Internal: - Update configuration files. [plone devs] (b940914a, cfffba8c) plone.formwidget.namedfile: 3.0.2 → 3.0.3 ----------------------------------------- Internal: - Update configuration files. [plone devs] (243ca9ec) plone.i18n: 5.0.1 → 5.0.2 ------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.intelligenttext: 4.0.0 → 4.0.1 ------------------------------------ Internal: - Update configuration files. [plone devs] (cfffba8c) plone.namedfile: 6.2.1 → 6.2.3 ------------------------------ Bug fixes: - Be more strict when checking if mimetype is allowed to be displayed inline. [maurits] (#1167) - Fix calculation of file modification time. @davisagli (#153) plone.recipe.zope2instance: 6.12.1 → 6.12.2 ------------------------------------------- New features: - Add ``dos_protection`` config. With Zope 5.8.4+ you may get ``zExceptions.BadRequest: data exceeds memory limit`` when uploading an image or file of more than 1 MB. To increase this limit, you can add this in your instance recipe, and choose your own limit:: zope-conf-additional = form-memory-limit 4MB [@mamico] (#191) plone.resourceeditor: 4.0.0 → 4.0.1 ----------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.rest: 3.0.1 → 4.1.2 ------------------------- Breaking changes: - Drop support for Python 2.7, 3.6, and 3.7 @tisto (#141) New features: - Add support for Python 3.12. @tisto (#167) Bug fixes: - Fix parsing mimetypes in Accept header with an extra slash. @djay (#153) - Make REST endpoints check for acquired items. @jaroel (#166) Internal: - Fix test leakage, enabling the publication check when it shouldn't be active. @jaroel (#168) plone.restapi: 8.43.3 → 9.1.1 ----------------------------- Breaking changes: - Remove deprecated @unlock, @refresh-lock endpoints @avoinea (#1235) - Remove `plone.tiles` and the `@tiles` endpoint. @tisto (#1308) - Change the @linkintegrity endpoint to add `items_total`, the number of contained items which would be deleted. @davisagli, @danalvrz, @pgrunewald (#1636) - The default branch was renamed from `master` to `main`. @tisto, @davisagli (#1695) - Drop support for Python 3.7. Set python_requires to >= 3.8 @tisto (#1709) New features: - Add support for Python 3.12. @tisto (#1722) - Add Spanish translation @macagua (#1684) - Add support for getting the `/@querystring` endpoint in a specific context. @davisagli (#1704) Bug fixes: - Fix jwt_auth extractCredentials plugin to only try to read credentials from the request body if there is a `Content-Type: application/json` header. @davisagli (#1728) - Temporarily disable form memory limit checking for files and images. This fixes a regression due to a low Zope form memory limit of 1MB used since Plone 6.0.7. See `CMFPlone issue 3848 `_ and `Zope PR 1142 `_. @maurits (#3848) - Be more strict when checking if mimetype is allowed to be displayed inline. [maurits] (#1167) - Treat sub-items like items in ``@linkintegrity`` endpoint. @jaroel (#1714) - Limits the use of multilingual services only if multilingual is actually installed. @mamico (#1723) - Fix stored XSS (Cross Site Scripting) for SVG image in user portrait. Done by forcing a download instead of displaying inline. Normal accessing via an image tag is not affected and is safe. See `security advisory `_. @maurits (#1) - Use incoming request to produce location for `@tus-upload`. @instification (#1570) - Undeprecate comma separated expansion parameters (that were deprecated in plone.restapi 8) @tisto (#1696) - Undeprecate token parameter from vocabularies endpoint @tisto (#1697) - Improve RESOLVEUID_RE regexp to catch also paths generated by Link content-types. @cekk (#1699) Internal: - Remove unused code. @davisagli (#1703) - Replace deprecated assert methods. @gforcada (#1719) - Drop, already unused plone.app.robotframework test. @gforcada (#1720) - Upgrade buildout: Plone 6.0.6 -> 6.0.7 and Plone 5.2.12 -> 5.2.14 @tisto (#1706) Documentation: - Remove regular expression from `sphinx-copybutton` configuration, now that `linenos` are excluded by default. @stevepiercy (#1725) - Fix redirect for https://json-schema.org/. @stevepiercy (#1718) - Added translation code through expansion. @Akshat2Jain (#1374) - Restores formatting and fixes some MyST syntax from #1689. @stevepiercy (#1691) - Documentation fixes for #1599. @stevepiercy (#1692) - Fix linkcheckbroken 301 redirect to https://www.4teamwork.ch/en. @stevepiercy (#1693) - Polish docs for v9 release. @stevepiercy (#1698) plone.scale: 4.0.1 → 4.1.0 -------------------------- New features: - Keep scaled WEBP images in WEBP format instead of converting to JPEG. @mamico (#85) Bug fixes: - Fix KeyError in ScalesDict conflict resolution. @davisagli (#84) Internal: - Update configuration files. [plone devs] (cfffba8c) plone.schema: 2.0.0 → 2.0.1 --------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.schemaeditor: 4.0.4 → 4.0.5 --------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.staticresources: 2.1.7 → 2.1.8 ------------------------------------ Bug fixes: - Update `mockup=5.1.6` [petschki] (#309) plone.testing: 8.0.4 → 9.0.0 ---------------------------- Breaking changes: - Drop python 2.7 support. [gforcada] (#1) - Drop ZServer support. [gforcada] (#2) Internal: - Update configuration files. [plone devs] (5cc689e5) plone.theme: 4.0.0 → 4.0.1 -------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plone.z3cform: 2.0.1 → 2.0.2 ---------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) plonetheme.barceloneta: 3.1.5 → 3.1.6 ------------------------------------- Internal: - Fix typo (BS version) in README [petschki] #0 Products.CMFDynamicViewFTI: 7.0.1 → 7.0.2 ----------------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) Products.CMFEditions: 4.0.1 → 4.0.2 ----------------------------------- Bug fixes: - Allow principal in sys_metadata with ArchivistTool init (#101) Products.CMFPlone: 6.0.7 → 6.0.8 -------------------------------- Bug fixes: - Fix problem when adding a Plone site with a custom INonInstallable utility without a getNonInstallableProfiles method. Fixes [issue 3862](https://github.com/plone/Products.CMFPlone/issues/3862). #3862 - Updated metadata version to 6019. [maurits] #6019 Products.MimetypesRegistry: 3.0.0 → 3.0.1 ----------------------------------------- Internal: - Update configuration files. [plone devs] (cfffba8c) icalendar: 5.0.7 → 5.0.10 ------------------------- Bug fixes: - Component._encode stops ignoring parameters argument on native values, now merges them Fixes: #557 [zocker1999net] - PERIOD values now set the timezone of their start and end. #556 - Calendar components are now properly compared Ref: #550 Fixes: #526 [jacadzaca] - Update build configuration to build readthedocs. #538 - No longer run the ``plone.app.event`` tests. - Add documentation on how to parse ``.ics`` files. #152 - Move pip caching into Python setup action. - Check that issue #165 can be closed. - Updated about.rst for issue #527 - Avoid ``vText.__repr__`` BytesWarning. Products.CMFUid: 4.0 → 4.1 -------------------------- - Modified the code of ``handleUidAnnotationEvent`` to check if both the annotation tool and the UID tool exist before using them. This change ensures that the code won't run unless both tools are available. z3c.objpath: 1.3 → 2.0 ---------------------- zope.app.locales: 4.3 → 5.0 --------------------------- zope.sendmail: 5.3 → 6.0 ------------------------ cryptography: 41.0.3 → 41.0.5 ----------------------------- exceptiongroup: 1.1.2 → 1.1.3 ----------------------------- jsonschema: 4.18.2 → 4.18.6 --------------------------- jsonschema-specifications: 2023.6.1 → 2023.7.1 ---------------------------------------------- Markdown: 3.4.3 → 3.4.4 ----------------------- PyYAML: 6.0 → 6.0.1 ------------------- referencing: 0.29.1 → 0.29.3 ---------------------------- responses: 0.23.1 → 0.23.3 -------------------------- robotframework-assertion-engine: 1.0.0 → 2.0.0 ---------------------------------------------- robotframework-browser: 16.2.0 → 17.5.2 --------------------------------------- robotframework-pythonlibcore: 4.1.2 → 4.2.0 ------------------------------------------- rpds-py: 0.8.10 → 0.8.12 ------------------------ simplejson: 3.19.1 → 3.19.2 --------------------------- trio-websocket: 0.10.3 → 0.10.4 ------------------------------- Unidecode: 1.3.6 → 1.3.7 ------------------------ wcwidth: 0.2.6 → 0.2.8 ----------------------