Plone 2.5.3, the latest maintenance release in the Plone 2.5 series, is now available for download!
"Download Plone 2.5.3":http://plone.org/download (Windows, Mac OS X, Unified Unix/Linux installers available)
**Important:** Plone 2.5.3 includes fixes for the recently discovered potential "Zope XSS vulnerabilities":http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240, and is a mandatory update for all Plone 2.5 users. Please apply this update as soon as you can. The potential security issue only affects sites that allow untrusted users to register.
The release also includes improvements to the upgrade/migration code, i18n, and a number of minor bug-fixes. If you are upgrading from an earlier release, migration will now be somewhere between 2-6 times faster, depending on which release you're upgrading from.
Plone 2.5.3 now requires Zope 2.9.7+ or Zope 2.8.9 with Five 1.2.x. Previous Plone 2.5 releases required Zope 2.9.5+. Upgrading Zope is required to fix the security issue addressed by this release — so if you are installing manually, make sure you have the correct Zope version. The installers include the correct versions, of course.
Existing installations of Plone 2.5, 2.5.1 and 2.5.2 can be directly upgraded to Plone 2.5.3. But as usual, always back up before upgrading. Upgrade instructions can be found at "http://plone.org/upgrade":http://plone.org/upgrade, as usual.
On behalf of the Plone Team,