Releases

Plone Hotfix CVE-2008-0164: This update protects security sensitive forms in Plone from cross site request forgery (CSRF) attacks. The hotfix only applies to Plone 3.0.x — Plone 3.1.x or later have this built-in, and do not need this hotfix installed. If you have older releases that you can't upgrade, please read about available workarounds.
Read more…

Plone Hotfix 20071106-2: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process. Version 2 of the hotfix corrects several bugs found in the original release.
Read more…

Plone Hotfix 20071106: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.
Read more…

Plone Hotfix 20061031: PlonePAS-using Plone releases (Plone 2.5 and Plone 2.5.1) has a potential vulnerability that allows a user to masquerade as a group. Please update your sites.
Read more…

Plone Hotfix CVE-2006-3458: Bundled installers for the Zope ReStructured Text security problem. Only required if you downloaded your Plone 2.5 release before July 11th 2006, all later releases have this included. This issue only affects installations that let untrusted users add content. On August 22 2006, a new version of the Windows installer was added, if you downloaded a prior version of the Windows Hotfix, you will need to download this new version.
Read more…

Plone Hotfix 20060518: This Hotfix applies to all versions of Plone 2. At the time of this writing these are Plone 2.0.5, 2.1.2, 2.1.3-rc1, and 2.5-beta2.
Read more…

Plone Hotfix 2006-04-10: This Hotfix applies to all versions of Plone 2. At the time of this writing these are Plone 2.0.5, 2.1.2, and 2.5-beta1.
Read more…

Plone CMS: Open Source Content Management