The Plone and Zope Security teams have announced the discovery of a critical vulnerability affecting Zope and sites powered by all versions of Plone. The vulnerability allows privilege escalation, potentially allowing users to gain elevated access to resources that are normally protected from an application or user and possibly perform unauthorized actions.
Due to the severity of this issue, the Plone Security Team is providing an advance warning of an upcoming patch, which will be released at 15:00 UTC (10:00am US EDT) on Tuesday, November 6th, 2012.
Due to the nature of the vulnerability, the security team has decided to pre-announce that a fix is upcoming before disclosing the details, to ensure that concerned users can plan around the release. As the fix being published will make the details of the vulnerability public, we are recommending that all of our clients schedule time to apply the patch to their websites as soon as it becomes available.
You may also want to protect your site by putting it in maintenance mode at the time of the announcement of the vulnerability details on Tuesday and until the patch is applied to your site to prevent any possible exploit. Maintenance mode means that the site is offline and a maintenance page displays to visitors if you have one available. Please contact us ASAP if you'd like us to place your website in maintenance mode or assist you in doing so.
For more details, please visit the Plone website.
for details and/or to schedule the
work. Requests will be addressed and work scheduled based on the order
in which requests are received. Please email