On behalf of the Plone and Zope Security Teams I'd like to draw your
attention to a security announcement that has just been published.
This is a pre-announcement only, it does not contain any vulnerability
details. Your sites are a safe today as they were yesterday. However,
as the problem that has been found is so serious we are giving you
advance warning that a patch is upcoming and recommending that you
plan a maintenance period for your sites to coincide with the full
announcement on Tuesday next week.
Full details are available at
You can feel free to ask more questions on the plone-users mailing
list or in the #plone IRC channel about details and how to protect
yourself, but it is important to make a plan for this now. It is
important to plan down-time at the time specified in that announcement
or your site will potentially be at risk - following the release of a
hotfix for the previous serious security vulnerability we received
reports of automated attacks on unpatched sites.
Zope-Announce maillist - Zope-Announce@zope.org
Zope-Announce for Announcements only - no discussions
(Related lists -
Developers: https://mail.zope.org/mailman/listinfo/zope-dev )