Last week, the Zope and Plone security teams announced a software vulnerability in Zope 2.12.x and Zope 2.13.x which affects versions of Plone 4, as well as the plan to release of a software fix to address this issue, Tuesday 4th October at 1500 UTC.
Six Feet Up covered the details of the issue in a news item released last week: http://www.sixfeetup.com/news/news/vulnerability-announced-in-zope-which-affects-plone-4.x
The hotfix is now available for download. For full instructions on how to get and install the hotfix, go here: http://plone.org/products/plone-hotfix/releases/20110928
Your Plone development team can perform the installation of this patch following the instructions given on the hotfix page if you are running a version of Plone or Zope which is affected. In addition, Six Feet Up is available to install and test the patch on your staging and production instances. Please email support@sixfeetup.com for details. Requests will be addressed and work scheduled in the order that they are received.