Update on mitigation procedureIt has been decided that we will disable logins for all our customers, including Zope-only customers.
We're doing this because it is the best way we can handle the problem, and it is a quick fix to switch the sites back to handling logins again.
But we strongly recommend you take the appropriate measures such as installing a hotfix for Plone before enabling logins again.
[Permalink] [By morphex] [Plone vulnerability (privilege escalation) (Atom feed)] [02 Feb 15:42 GMT+2]
Plone vulnerability (privilege escalation)We have become aware of a problem related to Plone and its security system, which is posted here:
We are considering options and working towards a safe solutions for all our customers, primarily those who have paid support or other security update agreements, and then those who do not.
We think disabling logins is the right way to go about it, but we will discuss this internally, make some decisions and then see what we will do about the problem.
[Permalink] [By morphex] [Zope instance management (Atom feed)] [02 Feb 06:44 GMT+2]