Plone 2.5.1 and 2.1.4 released
We have prepared two new releases of the 2.5.x and 2.1.x series with default policy improvements to counter the spam attacks that some Plone sites have been a victim of lately. This is a required upgrade for all Plone sites, please be a responsible administrator and update your sites as soon as possible.
Not all sites are affected (the attacks have mostly been against a few high-profile Plone sites like plone.org itself), but you should make sure you are protected against potential spammers in the future. Note that this is only an issue if you allow people to register themselves as users in your site, so most companies/organizations will not be affected by this — but we still recommend upgrading your Plone install, since we have done a general security audit as part of the release, and fixed a few theoretically unsafe default policies. Community-focused sites should definitely upgrade as soon as possible. The full explanation of how this may affect your site, and how to fix it (as well as cleaning the site if you have been affected) is available in the document "How to clean up link spam on your site":/documentation/how-to/clean-up-link-spam-on-your-site The available releases: - "Download Plone 2.1.4":/products/plone/releases/2.1.4 - "Download Plone 2.5.1":/products/plone/releases/2.5.1