Hotfix to patch various vulnerabilities
CVE numbers not yet issued.
Versions Affected: All supported Plone versions (4.x, 5.x). Previous versions could be affected but have not been tested.
Versions Not Affected: None.
Nature of vulnerability: the patch will address several cross site scripting (XSS) and private data exposure vulnerabilities.
The patch was released at 2016-11-29 15:00 UTC.
Full installation instructions are available on the HotFix release page.
If you do not have in-house server administrators or a website maintenance service agreement, you can find consulting companies at plone.com/providers .
There is also free support available online via the Plone IRC channel and the Plone community forum.
See the full announcement