A hotfix for all versions of Plone 4.x. Fixes multiple CSRF vulnerabilities in Zope: https://plone.org/products/plone-hotfix/releases/20151006
This is the follow up to Announcement: Security vulnerability pre-announcement: 20151006
The Plone Security Best Practices docs have been udpated: http://docs.plone.org/manage/deploying/production/securitybestpractices.html
Hi I notice that plone4.csrffixes is now up to 1.0.6.
Can someone clarify whether 1.0.6 is necessary? or are you still secure with version 1.0.0 and
the fixes are just to minimize false positives?
Could there please be a new category on this community site, just for Security?
I imagine this would be highly useful for many maintaining Plone sites, who need to monitor Security announcements, but do not have the capacity to parse other announcements for immediate priority Security vulnerability announcements and hotfixes etc..
+1 for a new subcategory under
I created https://community.plone.org/c/announcements/security and limited posting of new posts to staff/moderators.