Search results

34 results

Plone 5.2.2 released

A bugfix release with many fixes and package version upgrades

Plone 5.2.3, Plone 5.1.7 and Plone 4.3.20 released!

Final releases to 4.3 and 5.1 series, along with the latest 5.2.3.

Plone 5.2.4 Released!

Check out the latest release to Plone 5.2 series, which includes new features to plone.restapi along with security fixes and other improvements.

Plone 5.2.5 Released!

Check out the latest release to Plone 5.2 series, which includes security fixes, Zope updates and other improvements

Release Schedule and Release Policy

Timeline of maintenance and support for Plone releases. Last major policy update: 2024-01-15.

Hotfixes

Plone Hotfix list

Reflected XSS and Open Redirect in image_view_fullscreen

Remote Code Execution via traversal in expressions with aliases

Remote Code Execution via traversal in expressions part 2

Writing arbitrary files via docutils and Python Script

Historical list of hotfixes for each Plone version

Plone Hotfix list

Information disclosures: mostly installation logs

Stored XSS from file upload (svg, html)

Reflected XSS in various spots

XSS vulnerability in CMFDiffTool

Stored XSS from user fullname

Blind SSRF via feedparser accessing an internal URL

Server Side Request Forgery via event ical URL

Server Side Request Forgery via lxml parser

Stored XSS in folder contents

Remote Code Execution via Python Scripts

Privilege escalation when plone.restapi is installed

SQL injection in DTML or in connection objects

XSS in the title field on plone 5.0 and higher.

Privilege escalation for overwriting content