Plone Hotfix
Hotfixes are updates for security or other issues that show up between official releases.
Project Description
These hotfix packages are temporary in nature, and should only be installed when there is a known problem affecting a specific Plone release. The rationale for these releases is to get fixes out without the overhead of a full release cycle if necessary.
Do not install these unless you know that it covers the specific problem you are experiencing with your exact version of Plone.
Most Recent Hotfix
Plone Hotfix 20121106
Released Nov 06, 2012 — tested with Plone 4.2, Plone 4.1, Plone 4, Plone 3, Plone 2.5, Plone 2.1
A hotfix for all versions of Plone <= 4.2.2 and Plone 4.3 < beta 1. Fixes various vulnerabilities in Zope and Plone including arbitrary code execution and privilege escalation.
More about this release…
All Hotfixes
| Hotfix | Released | Description | Compatibility |
|---|---|---|---|
| 20121106 | Nov 06, 2012 |
A hotfix for all versions of Plone <= 4.2.2 and Plone 4.3 < beta 1. Fixes various vulnerabilities in Zope and Plone including arbitrary code execution and privilege escalation.
More about this release…
|
Plone 4.2
Plone 4.1
Plone 4
Plone 3
Plone 2.5
Plone 2.1
|
| 20110928 | Oct 04, 2011 |
Apply to Plone 4.0.x series <= 4.0.9, 4.1(.0), 4.2 <= 4.2a2. Fixes highly serious vulnerabilities in Zope and Plone that allow execution of arbitrary code by anonymous users.
More about this release…
|
Plone 4.1
Plone 4
|
| 20110622 | Jun 28, 2011 |
Apply to Plone 4.0.x series <= 4.0.7, 4.1 <= RC1, 3.x series <= 3.3.5. Fixes a highly serious vulnerability in Zope that allows unauthorized access.
More about this release…
|
Plone 4
Plone 3
|
| 20110531 | Jun 01, 2011 |
Apply to Plone series 4.x <= 4.0.5, 3.x <= 3.3.5, 2.5.x. Fixes multiple vulnerabilities.
More about this release…
|
Plone 4
Plone 3
Plone 2.5
|
| CVE-2011-0720 | Feb 08, 2011 |
Apply to Plone 4.x series <= 4.0.3, 3.x series <= 3.3.5, 2.5.x series, 2.1, 2.0. Blocks an escalation of privileges attack.
More about this release…
|
Plone 4
Plone 3
Plone 2.5
Plone 2.1
Plone 2.0
|
| 20100612 | Jun 19, 2010 |
Apply to Plone 3.x series <= 3.3.5, 2.5.x, 2.1. Fixes a flaw in the safe_html transform that allows arbitrary HTML to be injected into pages without being filtered.
More about this release…
|
Plone 3
Plone 2.5
Plone 2.1
|
| CVE-2008-0164 | May 13, 2008 |
This update protects security sensitive forms in Plone from cross site request forgery (CSRF) attacks. The hotfix only applies to Plone 3.0.x — Plone 3.1.x or later have this built-in, and do not need this hotfix installed. If you have older releases that you can't upgrade, please read about available workarounds.
More about this release…
|
Plone 3
|
| 20071106-2 | Nov 18, 2007 |
This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.
Version 2 of the hotfix corrects several bugs found in the original release.
More about this release…
|
Plone 2.5
Plone 3
|
| 20071106 | Nov 17, 2007 |
This hotfix corrects a vulnerability in the statusmessages and linkintegrity
modules, where unsafe network data was interpreted as python pickles. This
allows an attacker to run arbitrary python code within the Zope/Plone
process.
More about this release…
|
Plone 2.5
Plone 3
|
| 20061031 | Nov 02, 2006 |
PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) has a potential vulnerability that allows a user to masquerade as a group. Please update your sites.
More about this release…
|
Plone 2.5.1
Plone 2.5
|
| CVE-2006-3458 | Aug 23, 2006 |
Bundled installers for the Zope ReStructured Text security problem. Only required if you downloaded your Plone 2.5 release before July 11th 2006, all later releases have this included. This issue only affects installations that let untrusted users add content. On August 22 2006, a new version of the Windows installer was added, if you downloaded a prior version of the Windows Hotfix, you will need to download this new version.
More about this release…
|
Plone 2.5
Plone 2.1
|
| 20060518 | May 18, 2006 |
This Hotfix applies to all versions of Plone 2. At the time of this writing
these are Plone 2.0.5, 2.1.2, 2.1.3-rc1, and 2.5-beta2.
More about this release…
|
Plone 2.5
|
| 2006-04-10 | Apr 10, 2006 |
This Hotfix applies to all versions of Plone 2. At the time of this writing
these are Plone 2.0.5, 2.1.2, and 2.5-beta1.
More about this release…
|
Plone 2.5
|
