Plone Hotfix 20151006 (Oct 06, 2015)

A hotfix for all versions of Plone 4.x. Fixes multiple CSRF vulnerabilities in Zope: https://plone.org/products/plone-hotfix/releases/20151006

This is the follow up to Announcement: Security vulnerability pre-announcement: 20151006

The Plone Security Best Practices docs have been udpated: http://docs.plone.org/manage/deploying/production/securitybestpractices.html

Hi I notice that plone4.csrffixes is now up to 1.0.6.

Can someone clarify whether 1.0.6 is necessary? or are you still secure with version 1.0.0 and
the fixes are just to minimize false positives?

Hi there,

Could there please be a new category on this community site, just for Security?

I imagine this would be highly useful for many maintaining Plone sites, who need to monitor Security announcements, but do not have the capacity to parse other announcements for immediate priority Security vulnerability announcements and hotfixes etc..

Thanks!
Anna

1 Like

+1 for a new subcategory under Announcements named Security

I created https://community.plone.org/c/announcements/security and limited posting of new posts to staff/moderators.

1 Like