Nidelven IT - All about Python, Zope & Plone - and Open Source!

Here you'll find issues related to our services. Mostly about Python, Zope and Plone, as well as hosting-related issues.

"Keeping IT real"






Older entries



Atom - Subscribe - Categories
Previous | Next

Plone hotfix 2008-0164

Is it possible to perform CSRF attacks on Plone sites with version less than 3.1. We recommend installing the Hotfix if you have a Plone 3.0 site. Plone 3.1 sites and newer are not affected by this exploit.

Sites older than Plone 3 (2.5, 2.0, 1.0 and so on) won't be able to make use of the hotfix; for those we recommend following the temporary workarounds listed on the Hotfix announcement:

http://plone.org/products/plone-hotfix/releases/CVE-2008-016...

We'll be installing the Hotfix for paid support customers where applicable (Plone 3.0 sites).

We are working on a solution for older Plone sites as well, which should give fairly good protection against these kinds of attacks.

Paid support customers with old Plone sites will get this fix we develop installed for free, and other customers will be able to get the fix installed for their site for 1 consulting hour.

[Permalink] [By morphex] [Zope instance management (Atom feed)] [2008 15 May 20:55 GMT+2]

Add comment (text format)

Passphrase

A passphrase is required to comment on this weblog. It is required to make sure that bots aren't doing automatic spamming. It is: nit is the best!.

Title

Name

Email

Comment