Falha no PloneHotfix20121106
Charles HenriqueNov. 7, 2012, 5:57 p.m.The Plone security team is sorry to announce that a flaw in
PloneHotfix20121106, released on the 6th November 2012, has been found.
In some deployment configurations the allow_module patch is not
correctly applied, potentially compromising the security of
further information. In addition, earlier versions of the hotfix
introduced too stringent a test on FTP access, causing it to become
unavailable to all users.
As such, we have released version 1.2 of this fix which contains an
updated patch for these issues. It is available on the hotfix release
All users with either the 1.0 or 1.1 version of the hotfix installed
should upgrade as soon as possible.
We apologise for the inconvenience this has caused; we will be doing a
postmortem on this fix to further improve our security patch release
procedures in the coming weeks.
on behalf of the Plone security team
Rede mailing list