Skip to main content

Plone critical security hotfix addressing vulnerabilities in Zope and CMFEditions

Project description

This hotfix fixes the following vulnerabilities:

  • A vulnerability in CMFEditions where KwAsAttributes classes were publishable, exposing sub-objects to anonymous access. This vulnerability is found in CMFEditions 2.0a1 and up. CMFEditions 1.x and before are not vulnerable.

  • Zope vulnerability CVE 2011-3587. This vulnerability is found in Zope 2.12.x and 2.13.x. Zope 2.11 and before are not vulnerable.

    This Plone Hotfix applies the same fix as Products.Zope_Hotfix_CVE_2011_3587 and can co-exist with that patch.

This hotfix is supported on Plone 4.0 - 4.0.9, 4.1 and 4.2. Older versions of Plone (3.3.x and below) are not affected by the vulnerabilities and are not supported by this patch.

The fixes included here will be incorporated into subsequent releases of Plone, so Plone 4.0.10, 4.1.1, 4.2a3 and greater should not require this hotfix.

Installation

Installation instructions can be found at http://plone.org/products/plone-hotfix/releases/20111004

Changelog

1.0 (2011-10-04)

  • Initial release [Plone security team]

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Products.PloneHotfix20110928-1.0.zip (6.8 kB view details)

Uploaded Source

File details

Details for the file Products.PloneHotfix20110928-1.0.zip.

File metadata

File hashes

Hashes for Products.PloneHotfix20110928-1.0.zip
Algorithm Hash digest
SHA256 0ff27dc4d4befd31c2891f852bdd5b747d1b2197e25a753212b5e0e0776262eb
MD5 c794acedfc973018310f6ac111d7d8e4
BLAKE2b-256 373feb0058f29ab4d135b0bd5e66dbe09e1ba27eac306b5a8d9859f7db6cd8a9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page