https://plone.org/products/plone/security/advisories/20151208-preannounce
This is a pre-announcement of availability of this security fix.
CVE numbers not yet issued.
Versions Affected: All supported Plone versions.
Versions Not Affected: None.
The patch will be released on Tuesday, December 8, 2015 (2015-12-08) at 15:00 UTC.
I'd like to know if I need to schedule time and people to deploy this the moment this is released.
Is this a fix for remote escalation of privileges, or alike the previous security update which only fixed CSRF?
Can we get a general indication of severity and impact, or is this unknown at the moment?
Thanks!
Impact can depend a little on what you're doing. The patch will address unauthorized disclosure of registered user information.
Thanks, much appreciated!
Patch has been released at https://plone.org/products/plone/security/advisories/20151208-announcement