Personal tools

Contact Us 24/7 > 1 866.SIX FEET

Skip to content. | Skip to navigation

Home > About > News & Events > News > Zope/Plone Security Fix Issues January 13, 2010

Zope/Plone Security Fix Issues January 13, 2010

January 13, 2010

The Zope Community ( issued a security fix on January 13, 2010 that affects all sites using Zope 2.8 and newer. Since all Plone sites use Zope, it is strongly recommended that this latest release be applied to your Plone site. This release of Zope addresses a potential cross-site scripting vulnerability, which, if exploited, could allow attackers to access secure data in the website. Please see for more details.

The specific Zope update needed depends on which version of Plone you are running. See the chart below for the correct update:

Plone <2.5
If your Plone site is less than Plone 2.5, you are using Zope 2.7 and do not have a patch to apply.

Plone 2.5
Zope 2.8:
Zope 2.9:

Plone 3
Zope 2.10 =


Before you start the upgrade to the latest Zope version, make sure you have a backup of your data.fs and/or buildout.

If you have a buildout based install[1] then you can most likely change the  download URL to point to the latest Zope version, and re-run buildout.

If you have a non-buildout based install then you need to download the latest Zope version, compile[2] and make sure that your start up scripts and Zope configuration files are pointing to the latest Zope version.

Make sure to restart your site once the latest change is in Affect so that the new Zope is applied.

[1] -
[2] -


If you would like to have Six Feet Up perform the upgrade for your site, please email with the subject line of "Zope Security Fix". We will then set up a Time and Materials contract with your organization for the work to be done.

Next Steps

Select a type of support:

Contact our sales team

First name:
Last name:
Phone Number:
Fight spam:
What is + ?
Call Us 1 866.SIX FEET