Hotfix for Zope Security Issue Affecting Versions of Plone 4 Has Been Released

A code fix for a vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of arbitrary code by anonymous users affecting versions of Plone 4 is now available.

Last week, the Zope and Plone security teams announced the discovery of a serious security issue affecting all recent versions of Zope and Plone, as well as the planned release of a Hotfix to address this issue to be made today, Tuesday 4th October at 1500 UTC.

The Plone and Zope security teams are announcing that this security hotfix is now available for download. For full instructions on how to get and install the Hotfix, go here:

To find out more about the details of the issue, answers to common questions and which versions of Zope and Plone are affected, please see:

Assistance in installing this hotfix is available free of charge via IRC in #plone. If you don't have in-house server administrators or a service agreement supporting your website, you can find consultancy companies under the providers section of -