June 2011 - Zope-Announce

Security Hotfix 20110622 released
by Laurence Rowe 28 Jun '11

28 Jun '11

Last week, the Zope and Plone security teams announced the discovery of a serious security issue affecting all recent versions of Zope and Plone, as well as the planned release of a Hotfix to address this issue to be made today, June 28th at 1500 UTC. The Plone and Zope security teams are announcing that this security hotfix is now available for download. For full instructions on how to get and install the Hotfix, go here: http://plone.org/products/plone-hotfix/releases/20110622 To find out more about the details of the issue, answers to common questions and which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 Assistance in installing this hotfix is available free of charge via IRC in #plone-tuneup. If you don't have in-house server administrators or a service agreement supporting your website, you can find consultancy companies under the providers section of Plone.org - http://plone.org/support/network On behalf of the Zope and Plone security teams, Laurence

1 0

Security announcement update
by Laurence Rowe 28 Jun '11

28 Jun '11

This is an update on today's security hotfix release. The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 For installation instructions, please see: http://plone.org/products/plone-hotfix/releases/20110622 On behalf of the Zope and Plone security teams, Laurence

1 0

Security announcement
by Laurence Rowe 22 Jun '11

22 Jun '11

On behalf of the Plone and Zope Security Teams I'd like to draw your attention to a security announcement that has just been published. This is a pre-announcement only, it does not contain any vulnerability details. Your sites are a safe today as they were yesterday. However, as the problem that has been found is so serious we are giving you advance warning that a patch is upcoming and recommending that you plan a maintenance period for your sites to coincide with the full announcement on Tuesday next week. Full details are available at http://plone.org/products/plone/security/advisories/pre-announcement-201106… You can feel free to ask more questions on the plone-users mailing list or in the #plone IRC channel about details and how to protect yourself, but it is important to make a plan for this now. It is important to plan down-time at the time specified in that announcement or your site will potentially be at risk - following the release of a hotfix for the previous serious security vulnerability we received reports of automated attacks on unpatched sites. Laurence

1 0