Plone Hotfix Descriptions

Descriptions of the individual hotfixes and the vulnerabilities they address.

20220128

Security fix for image_view_fullscreen: cache poisoning

20210518

Several fixes for remote code execution, writing arbitrary files, information disclosure, server side request forgery, and cross site scripting. Note: version 1.6 is available now.

20200121

Several fixes for privilege escalation, open redirect, password strength, overwriting files, SQL injection, and cross site scripting. Version 1.1 released February 11, 2020, with an update for the SQL Injection fix, which will not be needed for all.

20171128

Several XSS and redirect fixes, and a sandbox escape fix.

20170117

XSS and sandbox escape vulnerability

20161129

Fixes various XSS and open redirection vulnerabilities

20160830

Fixes various XSS and open redirection vulnerabilities

20130618

Plone Hotfix 20130618

20121106

AKA 20121106

20111004

AKA 20113587 or 20110928

20110208

AKK 20110720

20110628

AKA 20112528 or 20110622

20110601

AKA 20110531