From: Matthew W. <mat...@pl...> - 2013-11-12 17:33:47
|
Hello everyone, On behalf of the Plone Foundation I'd like to draw your attention to a security announcement that was published a few minutes ago. This is a pre-announcement only, it does not contain any vulnerability details. Your sites are a safe today as they were yesterday. However, we are giving you advance warning that a patch is upcoming and recommending that you plan a maintenance period for your sites to coincide with the full announcement next week. Full details are available at http://plone.org/products/plone/security/advisories/20131210-preannounce You can feel free to ask more questions on the plone-users mailing list or in the #plone IRC channel about details and how to protect yourself, but it is important to make a plan for this now. If you know you can't install the fix at the time of release next week it would be a good idea to plan the best time to have it installed with your administrators, otherwise your site is potentially at risk from opportunistic hackers. I would also like to take this opportunity to inform you of a change in our policy for issuing hotfixes. We will now issue hotfixes approximately every 4 months, with the next dates being: * 10th December 2013 * 08th April 2014 * 12th August 2014 * 09th December 2014 In addition, while we take every care in issuing hotfixes that will work with as many versions of Plone as possible, we only officially support the following versions: * 4.3.2 * 4.2.6 * 4.1.6 * 4.0.9 * 3.3.6 If you are using a version other than one listed above, you may get a smoother experience by upgrading to the latest point release in that series. For example, users of Plone 4.0.2 should find an upgrade to 4.0.9 easy. Again, for more information, please ask on plone-users or #plone. Thank you for your attention, Matthew |