With PloneHotfix20210518-1.1, our 5.0.7 site doesn't allow viewing page history


I'm finding that on our 5.0.7 site after applying PloneHotfix20210518-1.1, anyone trying to look at @@historyview is getting "Insufficient Privileges".

In event.log I'm seeing

2021-05-18T15:14:50 WARNING plone.protect error parsing dom, failure to add csrf token to response for url https://[...]/portals/[...]@@historyview

Has anyone else seen something similar? Thanks!

Yes. As discussed here Security patch released 20210518 - #15 by mauritsvanrees there should be new patch version later today.

1 Like