Releases
Existing and upcoming releases for this project.
Experimental Releases
Stable Releases
- Plone Hotfix 20110928 (Oct 04, 2011)
-
Apply to Plone 4.0.x series <= 4.0.9, 4.1(.0), 4.2 <= 4.2a2. Fixes highly serious vulnerabilities in Zope and Plone that allow execution of arbitrary code by anonymous users.
Read more…
- Plone Hotfix 20110622 (Jun 28, 2011)
-
Apply to Plone 4.0.x series <= 4.0.7, 4.1 <= RC1, 3.x series <= 3.3.5. Fixes a highly serious vulnerability in Zope that allows unauthorized access.
Read more…
- Plone Hotfix 20110531 (Jun 01, 2011)
-
Apply to Plone series 4.x <= 4.0.5, 3.x <= 3.3.5, 2.5.x. Fixes multiple vulnerabilities.
Read more…
- Plone Hotfix CVE-2011-0720 (Feb 08, 2011)
-
Apply to Plone 4.x series <= 4.0.3, 3.x series <= 3.3.5, 2.5.x series, 2.1, 2.0. Blocks an escalation of privileges attack.
Read more…
- Plone Hotfix 20100612 (Jun 19, 2010)
-
Apply to Plone 3.x series <= 3.3.5, 2.5.x, 2.1. Fixes a flaw in the safe_html transform that allows arbitrary HTML to be injected into pages without being filtered.
Read more…
- Plone Hotfix CVE-2008-0164 (May 13, 2008)
-
This update protects security sensitive forms in Plone from cross site request forgery (CSRF) attacks. The hotfix only applies to Plone 3.0.x — Plone 3.1.x or later have this built-in, and do not need this hotfix installed. If you have older releases that you can't upgrade, please read about available workarounds.
Read more…
- Plone Hotfix 20071106-2 (Nov 18, 2007)
-
This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.
Version 2 of the hotfix corrects several bugs found in the original release.
Read more…
- Plone Hotfix 20071106 (Nov 17, 2007)
-
This hotfix corrects a vulnerability in the statusmessages and linkintegrity
modules, where unsafe network data was interpreted as python pickles. This
allows an attacker to run arbitrary python code within the Zope/Plone
process.
Read more…
- Plone Hotfix 20061031 (Nov 02, 2006)
-
PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) has a potential vulnerability that allows a user to masquerade as a group. Please update your sites.
Read more…
- Plone Hotfix CVE-2006-3458 (Aug 23, 2006)
-
Bundled installers for the Zope ReStructured Text security problem. Only required if you downloaded your Plone 2.5 release before July 11th 2006, all later releases have this included. This issue only affects installations that let untrusted users add content. On August 22 2006, a new version of the Windows installer was added, if you downloaded a prior version of the Windows Hotfix, you will need to download this new version.
Read more…
- Plone Hotfix 20060518 (May 18, 2006)
-
This Hotfix applies to all versions of Plone 2. At the time of this writing
these are Plone 2.0.5, 2.1.2, 2.1.3-rc1, and 2.5-beta2.
Read more…
- Plone Hotfix 2006-04-10 (Apr 10, 2006)
-
This Hotfix applies to all versions of Plone 2. At the time of this writing
these are Plone 2.0.5, 2.1.2, and 2.5-beta1.
Read more…
