Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Maurits van Rees
    @mauritsvanrees
    @reinhardt We are preparing a 1.1 version.
    Maurits van Rees
    @mauritsvanrees
    @reinhardt and @/all There is a version 1.1 of the hotfix: https://pypi.org/project/Products.PloneHotfix20210518/1.1/
    New zip is up on plone.org. You may need to add a cache busting parameter to get a fresh version:
    https://plone.org/security/hotfix/20210518/@@download/hotfix?x=1
    Maurits van Rees
    @mauritsvanrees
    @erral For the record, I have a Plone 4.3 site with Products.Collage and it seems to work fine with the hotfix.
    brlec
    @brlec:matrix.org
    [m]
    On our 5.0.7 site (using the 1.1 patch) anyone trying to look at historyview is getting "Insufficient Privileges". in event.log I'm seeing
    2021-05-18T15:14:50 WARNING plone.protect error parsing dom, failure to add csrf token to response for url https://[...]/portals/[...]@@historyview
    Maurits van Rees
    @mauritsvanrees
    @brlec:matrix.org I see the same when I try the hotfix in the Plone core development buildout on 5.1.
    It is caused by the 'expressions' patch. But I don't yet know why. And it really is time for me to sleep. I will try to have a look tomorrow.
    brlec
    @brlec:matrix.org
    [m]
    Thank you, it not a high priority for us or anything. Thanks to you and everyone for the truly excellent work.
    Mikel Larreategi
    @erral
    @mauritsvanrees for the record: the 1.1 version of the patch doesn't break the 3.3.x sites with Collage that broke yesterday with the 1.0 version, so it may be related to the view/name thing
    Manuel Reinhardt
    @reinhardt
    Thank you! Unfortunately I'm seeing Unauthorizeds with 1.1 as well.
    FWIW the site is heavily customized, so we should be able to work around it, but it may be some effort.
    Thanks anyway for the great work and quick response!
    Manuel Reinhardt
    @reinhardt
    Well, what's weird is that the failure happens in line 46 of the expressions module, when the condition is not hit and _orig_traverse is called as a fallback. That seems to suggest that the fallback is borked in some way...
    Manuel Reinhardt
    @reinhardt
    Asko seems to have a lead
    Maik Derstappen
    @MrTango
    I also have trouble with some PloneFormGen forms showing page not found after submit. Deactivating the expression hotfix inside the __init__.py helps for now.
    Mikel Larreategi
    @erral
    @MrTango I have some issues with PloneFormGen forms also
    in my case is a multipage form that doesn't go to the second form
    T. Kim Nguyen
    @tkimnguyen

    There is a version 1.2 of the hotfix: https://pypi.org/project/Products.PloneHotfix20210518/1.2/
    New zip is up on plone.org. You may need to add a cache busting parameter to get a fresh version:
    https://plone.org/security/hotfix/20210518/@@download/hotfix?x=222

    What it fixes:
    various Unauthorized errors, for example for the historyview page
    a NotFound error when submitting a PloneFormGen form, and maybe similar situations

    brlec
    @brlec:matrix.org
    [m]
    Fantastic, thank you. Fixes the historyview issue in our test instance.
    T. Kim Nguyen
    @tkimnguyen
    👍
    Mikel Larreategi
    @erral
    just for the record: we have seen an increase of the server load in a Plone 5.2 site after the installation of the 1.0 version of the security hotfix of last week. The server load has created several restart of the site and some unavailability of the site. We have just updated the patch to the 1.2 version and the server load has gone and the site is back as usual.
    This is the monitoring tool's screenshot of today; https://prnt.sc/13h9foi
    T. Kim Nguyen
    @tkimnguyen
    Thanks Mikel – could you post that to the forum too?
    lisperatu
    @lisperatu
    I have some Folders and Documents and Dexterity fields which are set to some value. I traverse objects and folders in shell script and I'm trying to change the value of that field directly, like obj.some_attr = <some value> or setattr(obj, 'some_attr', <some value>) and call transaction.get().commit(). I guess these attributes are just getter/setter property where setter doesn't do a thing. The value is not changed. How can I change that value (got from Dexterity field) and store the change from the script?
    Everton Zanella Alvarenga
    @everton137

    Hi, folks! Here's Everton (or Tom). I returned to develop for Plone after a couple of years (also working with @ericof) and it's nice to see how Plone improved! Congratulations!

    I'm not sure if here is the best place to ask or in the community forum. I've just set up a Plone 5 in a dev server and everything was fine without SSL. After setting up the certificate, the CSS is not loading and it's saying that images are not secure. I am using the minimal nginx config suggest on the documentation for a Plone on production: https://docs.plone.org/manage/deploying/front-end/nginx.html#minimal-nginx-front-end-configuration-for-plone-on-ubuntu-debian-linux

    Any tip what could it be? Maybe the nginx config?

    Maik Derstappen
    @MrTango
    @everton137 welcome back \o/ generally the forum is better. But what's wrong in your setup is probably, that you still have the http in the rewriting/proxy definition, this needs to be also https instead. So that Plone will render urls with https and not http.
    2 replies
    T. Kim Nguyen
    @tkimnguyen
    https://plone.org/news/security-patch-20210518-version-1-4-released
    Adam Morris
    @brainysmurf
    I am researching cms tools building an SIS (I work for a edtech company) and was wondering if there is anyone else in a similar space using Plone?
    T. Kim Nguyen
    @tkimnguyen
    There was one called something like School Tool based on Zope and several Plone-based LMSs
    Best to ask in the forum https://community.plone.org
    Steve Piercy
    @stevepiercy
    @tkimnguyen I would suggest changing this channel's topic to discourage its use for anything. Here's a draft:
    Steve Piercy
    @stevepiercy
    "plone/public" Gitter channel is not officially supported by the Plone Foundation. Please use officially supported channels. • Plone Community Forum: https://community.plone.org • Plone Discord (chat, voice, video, sprints): https://discord.com/invite/zFY3EBbjaj • Plone conference videos and slides: https://ploneconf.org • How to contribute: https://plone.org/get-started • Latest releases: https://plone.org/download • Intro to Plone: https://plone.com • Plone news and events: https://plone.org
    T. Kim Nguyen
    @tkimnguyen
    thx @stevepiercy yeah
    done (tweaked a bit)
    Gitter is no longer the official chat used by Plone. Please see the official Plone support channels at https://plone.org/support. • forum: https://community.plone.org • Discord (chat, voice, video, sprints): https://discord.com/invite/zFY3EBbjaj • conference videos and slides: https://ploneconf.org • How to contribute: https://plone.org/get-started • Latest releases: https://plone.org/download • Intro to Plone: https://plone.com • Plone news and events: https://plone.org
    T. Kim Nguyen
    @tkimnguyen

    For the switch from Gitter to Discord: the chat support page on plone.org is now updated and the plone.org top navigation bar has been adjusted to include a link to the Plone Discord

    https://discord.gg/zFY3EBbjaj

    see you over in the Discord!
    André Saraiva
    @andre2654
    Hi

    I'm really frustrated with the plone documentation, I'm trying to create a custom view by following the documentation: https://docs.plone.org/external/plone.app.dexterity/docs/custom-views.html#display-view

    The problem is that nowhere is it said where I need to add the <browser:page />

    Really the problem with documentation is that it was not made for those who want to learn, but for those who already have vast knowledge and just want to remove a small doubt.

    Armin Stross-Radschinski
    @acsr
    Hey @AndréSaraiva, did you first took a training tour with the Plone Trainings? Plone is community driven, the Trainings and docs are build by volunteers. Try a different place. A Training will be what you are looking for. There are recent changes in chat support like the move to discord in the post before yours on gitter. If you discover a flaw in the docs ir trainings, you can either file in a ticket or fix it yourself. There are tools to create safe boilerplate packages and examples. It is good practise to first go through such an example. Then you know the locations and the layout of the code package for your (maybe older) version of Plone. The challenge of finding older or wrong docs without proper context or missing details of your setup is still there. This is something the chat community can help if you provide proper context. Your claim “nowhere is said” is just your point if view. Change your standpoint an look from a different perspective and the big woodstick will go away and you may discover the solution on stackoverflow or elsewhere. If you find the solution, take the time to learn how to add it to the docs yourself if its missing or clarify the topic. You can search for existing tickets and fork the docs and create pull requests or comment your issues in context on github. You can learn a lot. I learned a lot this way. For example you can learn to add the proper context (version, example) to your question, and go to the right places to ask.
    Armin Stross-Radschinski
    @acsr
    @andre2654 Gitter is not in use anymore. Please go to discord. For the Classic UI use channel classic-ui https://discordapp.com/channels/786421998426521600/787254601656827924, for questions/suggestions related to the docs, use the #training-docs channel! https://discordapp.com/channels/786421998426521600/862642144401031188 good mood and some gain in joy and fun.
    T. Kim Nguyen
    @tkimnguyen
    You can find a link to Discord at https://plone.org/chat
    There is a big effort under way to revamp the docs
    Your help would be appreciated
    See the various sprint events on Plone.org
    The Mastering Plone training on training.plone.org will cover the material in a more narrative way
    T. Kim Nguyen
    @tkimnguyen
    @andre2654 ^
    lem-fr
    @lem-fr:matrix.org
    [m]
    Hi is it ok to delete older files (by find -delete on Linux cli) from a relstorage blob cache that is treated as a cache using shared-blob-dir false? Or will this totally corrupt the blob cache?
    lem-fr
    @lem-fr:matrix.org
    [m]
    ... while plone instances are running.
    T. Kim Nguyen
    @tkimnguyen
    @lem-fr we moved to Discord. See above 👆
    XxFALCONxX
    @amey-kudari
    image.png
    @tkimnguyen @acsr The discord link says there are no channels on the server.