Monday, February 27, 2017
Security notification: XSS and sandbox escape vulnerability in Plone
You can find more info about these issues on the Plone Security Announcements page.
All supported Plone versions (4.3.11 and any earlier 4.x version, 5.0.6 and any earlier 5.x version) are affected. Previous versions could be affected but have not been fully tested. We highly recommend patching your existing Plone sites by following the steps below:
1. Create a backup of your current installation of the application
2. Download the available patch at the security page
3. Unpack the zip file at /opt/bitnami/apps/plone/zeocluster/products
4. Modify the permissions of the files
sudo chown -R plone:plone /opt/bitnami/apps/plone/zeocluster/products
5. Restart the Plone service
sudo /opt/bitnami/ctlscript.sh restart plone
6. Check that the application has been restarted properly. You should see these lines in the /opt/bitnami/apps/plone/zeoclustervar/client1/event.log file
2017-02-27T11:04:58 INFO Products.PloneHotfix20170117 Applied zmi patch
2017-02-27T11:04:58 INFO Products.PloneHotfix20170117 Applied strformat patch
2017-02-27T11:04:58 INFO Products.PloneHotfix20170117 Hotfix installed
Do you have additional questions about Bitnami Plone or the security vulnerability? Please post to our community forum and we will be happy to help you.