[plonegov-br] Falha no PloneHotfix20121106

Charles Henrique charleshenrique em pgr.mpf.gov.br
Quarta Novembro 7 15:58:14 BRST 2012


The Plone security team is sorry to announce that a flaw in
PloneHotfix20121106, released on the 6th November 2012, has been found.

In some deployment configurations the allow_module patch is not
correctly applied, potentially compromising the security of
RestrictedPython.  See
http://plone.org/products/plone/security/advisories/20121106/03  for
further information.  In addition, earlier versions of the hotfix
introduced too stringent a test on FTP access, causing it to become
unavailable to all users.

As such, we have released version 1.2 of this fix which contains an
updated patch for these issues.  It is available on the hotfix release
page here:https://plone.org/products/plone-hotfix/releases/20121106

All users with either the 1.0 or 1.1 version of the hotfix installed
should upgrade as soon as possible.

We apologise for the inconvenience this has caused; we will be doing a
postmortem on this fix to further improve our security patch release
procedures in the coming weeks.

Alan Hoey
on behalf of the Plone security team


Charles Henrique
PGR/CST/DIREDE/SESO
61 3105-6795

-------------- Próxima Parte ----------
_______________________________________________
Rede mailing list
Rede em listas.mpf.gov.br
http://listas.mpf.gov.br/mailman/listinfo/rede



Mais detalhes sobre a lista de discussão PloneGov-BR