Low-impact security issue in Products.GenericSetup

A low-impact security issue has been identified in Products.GenericSetup: Unauthorized users may be able to access GenericSetup log and snapshot files if they can guess the URL, see Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup · Advisory · zopefoundation/Products.GenericSetup · GitHub

The issue can be mitigated by upgrading to Products.GenericSetup version 2.1.1 or by following the manual steps in the ZMI described in the security advisory. The Plone release managers will apply this update with Plone bugfix releases they are planning to publish within the next few days.

2 Likes

Plone Foundation Code of Conduct