eea.facetednavigation vulnerability requires immediate upgrade
Installations of Plone that do not include the eea.facetednavigation add-on are not affected by this vulnerability.
The vulnerability is present in all versions of eea.facetednavigation. Users should immediately upgrade to eea.facetednavigation version 6.7 that has been released today to the Plone and Python package repositories.
- Include this JS file within
Help for installing the upgrade is available on the #plone IRC channel and forums.
Upgrading an already installed package requires you to specify the new version number in your buildout configuration file and run buildout to update your configuration.
For security researchers
No CVE has been assigned to this vulnerability as yet.
Credit for discovery and patching goes to Eau de Web s.r.l.