Last week, the Zope and Plone security teams announced the discovery
of a serious security issue affecting all recent versions of Zope and
Plone, as well as the planned release of a Hotfix to address this
issue to be made today, June 28th at 1500 UTC.
The Plone and Zope security teams are announcing that this security
hotfix is now available for download. For full instructions on how to
get and install the Hotfix, go here:
http://plone.org/products/plone-hotfix/releases/20110622
To find out more about the details of the issue, answers to common
questions and which versions of Zope and Plone are affected, please
see: http://plone.org/products/plone/security/advisories/20110622
Assistance in installing this hotfix is available free of charge via
IRC in #plone-tuneup. If you don't have in-house server administrators
or a service agreement supporting your website, you can find
consultancy companies under the providers section of Plone.org -
http://plone.org/support/network
On behalf of the Zope and Plone security teams,
Laurence
This is an update on today's security hotfix release.
The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011
(11:00am US EDT.) Updated versions of Zope 2 containing the security
fix will be released at the same time.
For details on which versions of Zope and Plone are affected, please
see: http://plone.org/products/plone/security/advisories/20110622
For installation instructions, please see:
http://plone.org/products/plone-hotfix/releases/20110622
On behalf of the Zope and Plone security teams,
Laurence
On behalf of the Plone and Zope Security Teams I'd like to draw your
attention to a security announcement that has just been published.
This is a pre-announcement only, it does not contain any vulnerability
details. Your sites are a safe today as they were yesterday. However,
as the problem that has been found is so serious we are giving you
advance warning that a patch is upcoming and recommending that you
plan a maintenance period for your sites to coincide with the full
announcement on Tuesday next week.
Full details are available at
http://plone.org/products/plone/security/advisories/pre-announcement-201106…
You can feel free to ask more questions on the plone-users mailing
list or in the #plone IRC channel about details and how to protect
yourself, but it is important to make a plan for this now. It is
important to plan down-time at the time specified in that announcement
or your site will potentially be at risk - following the release of a
hotfix for the previous serious security vulnerability we received
reports of automated attacks on unpatched sites.
Laurence