Plone 3.3.4 released

Plone 3.3 has a new maintenance release available, and you should upgrade to fix a potential security issue with Zope, and to make your site load faster.

Plone 3.3.4 is now available, and includes Zope 2.10.11, which fixes a potential XSS issue in the default error page in Zope. Although this is hard to exploit, since you have to manage to bypass the standard Plone error page — which does not have this issue — we strongly recommend that you upgrade your servers that are running any Zope version to their fixed releases available from This applies no matter what version of Zope you are running.

Another important issue that has been fixed in this release of Plone was located in the base2 JavaScript library. It would cause the Java plugin(!) to be invoked if you have Java on your computer and are using Firefox 3.5, since there is a "magic" variable that starts the Java VM when accessed. More details here, if you are interested in the full explanation.

This issue is fixed in the latest release of KSS, and should make Plone faster for your logged-in users that are using Firefox 3.5. Though the issue has also been fixed in Firefox 3.6, which ships tomorrow, we still recommend that you upgrade.

Download Plone 3.3.4