Personal tools

Contact Us 24/7 > 1 866.SIX FEET
Sections

Skip to content. | Skip to navigation

Home > About > News & Events > News > Zope/Plone Security Fix Issues January 13, 2010
12/07/16

EVERYONE.NET SCHEDULED MAINTENANCE 

Everyone.net will be performing maintenance on their databases Friday, December 9th, 2016 between 9:00PM PT to 3:00AM PT / 12:00AM ET to 06:00AM ET. During this time, all services including web mail, POP, IMAP, and SMTP relay may experience degraded performance and inbound mail delivery delays. We apologize for any inconvenience.

Zope/Plone Security Fix Issues January 13, 2010

January 13, 2010

The Zope Community (http://zope.org) issued a security fix on January 13, 2010 that affects all sites using Zope 2.8 and newer. Since all Plone sites use Zope, it is strongly recommended that this latest release be applied to your Plone site. This release of Zope addresses a potential cross-site scripting vulnerability, which, if exploited, could allow attackers to access secure data in the website. Please see http://en.wikipedia.org/wiki/Cross-site_scripting for more details.

The specific Zope update needed depends on which version of Plone you are running. See the chart below for the correct update:

----------
Plone <2.5
----------
If your Plone site is less than Plone 2.5, you are using Zope 2.7 and do not have a patch to apply.

---------
Plone 2.5
---------
Zope 2.8: http://www.zope.org/Products/Zope/2.8.12
or
Zope 2.9: http://www.zope.org/Products/Zope/2.9.12

-------
Plone 3
-------
Zope 2.10 = http://www.zope.org/Products/Zope/2.10.11


====

Before you start the upgrade to the latest Zope version, make sure you have a backup of your data.fs and/or buildout.

If you have a buildout based install[1] then you can most likely change the  download URL to point to the latest Zope version, and re-run buildout.

If you have a non-buildout based install then you need to download the latest Zope version, compile[2] and make sure that your start up scripts and Zope configuration files are pointing to the latest Zope version.

Make sure to restart your site once the latest change is in Affect so that the new Zope is applied.

[1] - http://plone.org/documentation/manual/developer-manual/managing-projects-with-buildout/understanding-buildout.cfg
[2] - http://plone.org/documentation/kb/setup-from-source/

====


If you would like to have Six Feet Up perform the upgrade for your site, please email support@sixfeetup.com with the subject line of "Zope Security Fix". We will then set up a Time and Materials contract with your organization for the work to be done.

Next Steps


Select a type of support:

Contact our sales team

First name:
Last name:
Email:
Phone Number:
Message:
Fight spam:
What is + ?
 
Call Us 1 866.SIX FEET
Sections