oh, no, ancora! :-D
-------- Messaggio originale --------
Oggetto: [Plone-Users] Security Announcement: Severe Vulnerability -
Patch Pre-Announcement
Data: Wed, 28 Sep 2011 13:54:49 -0700
Mittente: Steve McMahon <[email protected]>
A: plone_users <[email protected]>, Plone Developers
<[email protected]>
During a security audit conducted by a member of the Plone Security
Team, a severe vulnerability was discovered in Zope 2.12.x and Zope
2.13.x that allows execution of arbitrary code by anonymous users.
*
*The vulnerability affects Plone 4.0 (through 4.0.9); Plone 4.1; Plone
4.2 (a1 and a2); Zope 2.12.x and Zope 2.13.x. It allows an
unauthenticated attacker to employ a carefully crafted web request to
execute arbitrary commands with the privileges of the Zope/Plone service.
*A patch will be available 2011-10-04, at 15:00 UTC.*
Please carefully read h
<goog_188554871>ttp://plone.org/products/plone/security/advisories/20110928
for more details.
*General questions**about this announcement*, Plone patching procedures,
and availability of support may be addressed to thePlone support forums
<http://plone.org/support>. If you have*specific questions*about this
vulnerability or its handling, contact thePlone Security Team
<mailto:[email protected]>.
*To report potentially security-related issues**,*please send a mail to
the Plone Security Team [email protected]
<mailto:[email protected]>. The security team is always happy to credit
individuals and companies who make responsible disclosures.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Plone-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/plone-users
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
