Skip to content

Commit

Permalink
Merge pull request #893 from plone/maurits-61-take-over-60
Browse files Browse the repository at this point in the history
6.1: take over changes from 6.0.
  • Loading branch information
mauritsvanrees authored Oct 6, 2023
2 parents 163fec1 + 34e3a69 commit 2aabfe1
Show file tree
Hide file tree
Showing 8 changed files with 543 additions and 11,547 deletions.
2,254 changes: 0 additions & 2,254 deletions Untitled.ipynb

This file was deleted.

114 changes: 51 additions & 63 deletions release/RELEASE-NOTES.md
Original file line number Diff line number Diff line change
@@ -1,80 +1,72 @@
# Release notes for Plone 6.0.6
# Release notes for Plone 6.0.7

* Released: Tuesday June 27, 2023
* Released: Thursday September 21, 2023
* Check the [release schedule](https://plone.org/download/release-schedule).
* Read the [upgrade guide](https://6.docs.plone.org/upgrade/index.html), explaining the biggest changes compared to 5.2.
* Canonical place for these [release notes](https://dist.plone.org/release/6.0.6/RELEASE-NOTES.md) and the full [packages changelog](https://dist.plone.org/release/6.0.6/changelog.txt).
* Canonical place for these [release notes](https://dist.plone.org/release/6.0.7/RELEASE-NOTES.md) and the full [packages changelog](https://dist.plone.org/release/6.0.7/changelog.txt).

If you want to jump straight in, here are two important links:

* With pip you can use the constraints file at [https://dist.plone.org/release/6.0.6/constraints.txt](https://dist.plone.org/release/6.0.6/constraints.txt)
* With Buildout you can use the versions file at [https://dist.plone.org/release/6.0.6/versions.cfg](https://dist.plone.org/release/6.0.6/versions.cfg), plus optionally [`versions-extra.cfg`](https://dist.plone.org/release/6.0.6/versions-extra.cfg) and [`versions-ecosystem.cfg`](https://dist.plone.org/release/6.0.6/versions-ecosystem.cfg).
* With pip you can use the constraints file at [https://dist.plone.org/release/6.0.7/constraints.txt](https://dist.plone.org/release/6.0.7/constraints.txt)
* With Buildout you can use the versions file at [https://dist.plone.org/release/6.0.7/versions.cfg](https://dist.plone.org/release/6.0.7/versions.cfg), plus optionally [`versions-extra.cfg`](https://dist.plone.org/release/6.0.7/versions-extra.cfg) and [`versions-ecosystem.cfg`](https://dist.plone.org/release/6.0.7/versions-ecosystem.cfg).


## Highlights

Major changes since 6.0.5:

* `plonetheme.barceloneta` and `plone.staticresources`: Update to Bootstrap 5.3 release. Adopt colormode related variables from Bootstrap 5.3.
You may need to update your custom themes. See note below.
* `plone.restapi`: Added `@site` and `@navroot` endpoints.
* `plone.app.relationfield`: Removed unneeded dependency on plone.app.dexterity.
This fixes a cyclic dependency: `plone.app.dexterity` depends on `plone.app.layout` which depends on `plone.app.relationfield`.
* `plone.app.locales`: updates for eu, es, pt_BR.
* `plone.volto`: Two bugfixes for migration from Classic UI to Volto:
* Let the migration-form @@migrate_to_volto transform richtext to slate-blocks by default.
* Fix value of unchecked checkboxes in migrate_to_volto.
Major changes since 6.0.6:

* This includes security fixes from today's announcement:
* https://community.plone.org/t/plone-security-advisory-2023-09-21/17941
* https://plone.org/security/hotfix/20230921
* `Zope`:
* Security fixes in `AccessControl` and `RestrictedPython`. See [community announcement](https://community.plone.org/t/zope-4-8-9-and-5-8-4-released-with-a-security-fix/17849).
* Allow only some image types to be displayed inline. Force download for others, especially SVG images.
* Tighten down the ZMI frame source logic to only allow site-local sources.
* Added image dimensions to SVG file properties.
* `plone.namedfile`:
* Fix stored XSS (Cross Site Scripting) for SVG images.
* Add internal modification timestamp with fallback to _p_mtime.
* Use new internal modification timestamp as part of the hash key for scales.
* Fixed issue with SVG images that contain extensive metadata.
* `plone.rest`: When ``++api++`` is in the url multiple times, redirect to the proper url.
* `plone.restapi`:
* Fix stored XSS (Cross Site Scripting) for SVG image in user portrait.
* Allow passing additional parameters to the delete users endpoint to request not to delete local roles and memberareas.
* When serializing blocks, `image_scales` is now added to blocks that contain a resolveuid-based `url`.
* When deserializing blocks, `image_scales` is removed.
* Add `visit_blocks` util for finding all nested blocks.
* `plone.dexterity`: Fix a memory leak. For details see [issue 3829](https://github.com/plone/Products.CMFPlone/issues/3829).
* `plone.app.widgets`: Make this package deprecated. It still works, and is included in Plone 6.0, but Plone 6.1 will not ship with it.
Widget base classes have been moved to ``plone.app.z3cform.widgets.patterns``.
Also see ``plone.app.widgets.utils`` for information about moving utility methods to their new location.
* `plone.app.robotframework`: Add support for `playwright`-based tests via `robotframework-browser`.
* `plone.app.z3cform`: Introduce new Email-Widget which is used for `plone.schema.email.IEmail` fields. It uses the input type `email`.
* `plone.volto`: Add `block_types` index to zcatalog. By default it is only added for new Plone sites.
To add it to an existing site, run `plone.volto.upgrades.add_block_types_index` manually.
* `plone.app.multilingual`: Fixes for Indonesian in a multilingual site. Fix `set_recursive_language` to actually find child objects.
* `plone.app.querystring`: Fix the `currentUser`` operation when the current user's username is different from their user id.
* `plone.staticresources`: Update Bootstrap to `5.3.2`, bootstrap-icons to `1.11.1` and Mockup to `5.1.5`:
* pat structure: Fix popover-structure-columns, use 2-column layout. (9fb499e)
* pat structure: Fix sticky position when toolbar is on top.
* pat tinymce: Fix image modal with selected image. Properly await the select2 initialization when using it from the insert image or insert link dialogs.
* `plonetheme.barceloneta`: Update Bootstrap to `5.3.2`
* `Products.CMFCore`:
* Improve handling of PortalFolder filter input.
* Provide a way to not publish items that are acquired.
* `plone.app.locales`: Updates to nl translations.


## Volto frontend

The default frontend for new Plone 6 sites is Volto. Latest release is [16.21.2](https://www.npmjs.com/package/@plone/volto/v/16.21.2). See the [changelog](https://github.com/plone/volto/blob/16.21.2/CHANGELOG.md).
The default frontend for new Plone 6 sites is Volto. Latest release is [16.24.0](https://www.npmjs.com/package/@plone/volto/v/16.24.0). See the [changelog](https://github.com/plone/volto/blob/16.24.0/CHANGELOG.md).
Note that this is a JavaScript frontend that you need to run in a separate process with NodeJS.

Also, existing Plone sites need some or more extensive changes to be upgraded before they can use the Volto Frontend. Please read the guide on [migrating from Plone Classic UI to Volto](https://6.docs.plone.org/backend/upgrading/version-specific-migration/migrate-to-volto.html).


## Classic UI

The HTML based and server side rendered UI that was present in Plone 5.2 and earlier major Plone releases is still available and has also been updated and improved upon in Plone 6. Our documentation now refers to this frontend as 'Classic UI'. Support for Classic UI is especially relevant for existing Plone sites which for whatever reason or requirements are not yet ready to be upgraded to the Volto frontend.


## Updating custom themes

Now that Bootstrap 5.3 is available, you may need to update your custom theme for Classic UI.
This is *not* caused by Plone 6.0.6 moving to Bootstrap 5.3.
You could stay on Plone 6.0.5, and *still* have a problem with your custom theme, simply because Bootstrap 5.3 is available.

The problem is described in this [`bobtemplates.plone` issue](https://github.com/plone/plonetheme.barceloneta/issues/335).
Let's assume that a while ago you have followed the [theming training](https://training.plone.org/theming/preparation.html) to create a theme based on the standard Barceloneta theme. All is working fine.
But now you want to have a fresh install, so you remove `node_modules` and `package-lock.json`.
You run `npm install`, still fine.
Then you run `npm run build` and get an error:

```
Error: Undefined variable.
55 │ "primary": $primary-text-emphasis-dark,
```

The problem here is that you get Bootstrap 5.3, but your theme expects 5.2.
There are two ways to solve this.

If you want to keep using Bootstrap 5.2:

* Edit `package.json` and let the `dependencies` contain this: `"@plone/plonetheme-barceloneta-base": "~3.0.3"`.
This version has a proper pin so you stay on Bootstrap 5.2.
* Run `rm -rf node_modules package-lock.json && npm install && npm run build`.
* If you want to create a new theme based on Bootstrap 5.2, make sure to use `bobtemplates.plone==6.2.7`.

If you are fine with upgrading to Bootstrap 5.3:

* Edit `package.json` and let the `dependencies` contain this: `"@plone/plonetheme-barceloneta-base": "~3.1.0"`.
* In `styles/theme.scss` add two imports in part 3:
* After `variables.colors.plone` add this line: `@import "@plone/plonetheme-barceloneta-base/scss/variables.colors.dark.plone";`
* After `bootstrap/scss/variables` add this line: `@import "bootstrap/scss/variables-dark";`
* Run `rm -rf node_modules package-lock.json && npm install && npm run build`.
* If you want to create a new theme based on Bootstrap 5.3, make sure to use `bobtemplates.plone>=6.3`.
The HTML based and server side rendered UI that was present in Plone 5.2 and earlier major Plone releases is still available and has also been updated and improved upon in Plone 6. Our documentation now refers to this frontend as 'Classic UI'. Support for Classic UI is especially relevant for existing Plone sites which for whatever reason or requirements are not yet ready to be upgraded to the Volto frontend.


## Python compatibility
Expand All @@ -87,20 +79,16 @@ This release supports Python 3.8, 3.9, 3.10, and 3.11.
In Plone core we use these versions to install Plone:

```
pip==23.1.2
setuptools==67.8.0
pip==23.2
setuptools==68.0.0
wheel==0.40.0
zc.buildout==3.0.1
```

In general you are free to use whatever versions work for you, but these worked for us.

Note that `setuptools` 66 or higher is more strict with what versions it can recognize. If you run `pip` or `buildout` and it suddenly cannot find a package with a non-standard version, then this may be the cause.

When you install Plone with `pip` on Python 3.11, you may want to set environment variable `_PIP_USE_IMPORTLIB_METADATA=0`.
This can give a large performance increase when reinstalling packages.
Or wait on a new pip version with a fix.
See [pip issue 12079](https://github.com/pypa/pip/issues/12079).
And `setuptools` 68.1.0 until at least 68.1.2 may give problems with namespace packages, especially when they have multiple levels, like `plone.app.*`, and are installed in editable mode. And pinning a specific version of `setuptools` in your virtual environment may not even be enough for this case. See https://github.com/plone/meta/issues/172


## Installation
Expand Down
Loading

0 comments on commit 2aabfe1

Please sign in to comment.