Hola. Quería contarles que el miércoles fui víctima de esta vulnerabilidad en varios de mis sitios plone, que lamentablemente no estaban parchados con este hotfix de febrero.
Al parecer es un ataque automático. No vi este aviso en la lista, así que no me pareció mal advertirlo, para que revisen! Saludos, Hugo -------- Original Message -------- Subject: [Plone-Announce] Security announcement Date: Wed, 2 Feb 2011 12:19:31 +0100 From: Announcement of Plone releases and security-related notifications. Recommended subscription for all Plone developers and site admins. <[email protected]> Reply-To: [email protected] To: [email protected] Hello everyone, On behalf of the Plone Foundation I'd like to draw your attention to a security announcement that was published about 12 hours ago. This is a pre-announcement only, it does not contain any vulnerability details. Your sites are a safe today as they were yesterday. However, as the problem that has been found is so serious we are giving you advance warning that a patch is upcoming and recommending that you plan a maintenance period for your sites to coincide with the full announcement next week. Full details are available athttp://plone.org/products/plone/security/advisories/cve-2011-0720 You can feel free to ask more questions on the plone-users mailing list or in the #plone IRC channel about details and how to protect yourself, but it is important to make a plan for this now. If you know you can't have a planned down-time at the time specified in that announcement you should plan to implement one of the workarounds before next tuesday, otherwise your site is potentially at risk. I'd like to thank everyone that's been involved in finding, isolating and fixing this problem, especially Alan Hoey of Team Rubber for his responsible disclosure of the bug to the security team. Matthew ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Plone-Announce mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/plone-announce _______________________________________________ Plone-ConoSur mailing list [email protected] https://lists.plone.org/mailman/listinfo/plone-conosur
