[Zope-Annce] Security announcement

Laurence Rowe l at lrowe.co.uk
Wed Jun 22 13:06:48 EDT 2011


On behalf of the Plone and Zope Security Teams I'd like to draw your
attention to a security announcement that has just been published.

This is a pre-announcement only, it does not contain any vulnerability
details. Your sites are a safe today as they were yesterday.  However,
as the problem that has been found is so serious we are giving you
advance warning that a patch is upcoming and recommending that you
plan a maintenance period for your sites to coincide with the full
announcement on Tuesday next week.

Full details are available at
http://plone.org/products/plone/security/advisories/pre-announcement-20110622

You can feel free to ask more questions on the plone-users mailing
list or in the #plone IRC channel about details and how to protect
yourself, but it is important to make a plan for this now.  It is
important to plan down-time at the time specified in that announcement
or your site will potentially be at risk - following the release of a
hotfix for the previous serious security vulnerability we received
reports of automated attacks on unpatched sites.


Laurence


More information about the Zope-Announce mailing list