Hotfix to patch various vulnerabilities
CVE numbers not yet issued.
Versions Affected: All supported Plone versions (4.x, 5.x). Previous versions could be affected but have not been tested.
Versions Not Affected: None.
Nature of vulnerability: the patch will address several cross site scripting (XSS) vulnerability issues.
The patch was released at 2016-08-30 15:00 UTC.
Full installation instructions are available on the HotFix release page at https://plone.org/security/hotfix/20160830
If you do not have in-house server administrators or a website maintenance service agreement, you can find consulting companies at plone.com/providers .
There is also free support available online via the Plone IRC channel and the Plone community forum (here).
See the full announcement at https://plone.org/security/announcements/security-patch-released-20160830