[Plone-Users] Preannouncement of security update 2013-12-10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello everyone,

On behalf of the Plone Foundation I'd like to draw your attention to a 
security announcement that was published a few minutes ago.

This is a pre-announcement only, it does not contain any vulnerability 
details. Your sites are a safe today as they were yesterday.  However, 
we are giving you advance warning that a patch is upcoming and 
recommending that you plan a maintenance period for your sites to 
coincide with the full announcement next week.

Full details are available at
http://plone.org/products/plone/security/advisories/20131210-preannounce

You can feel free to ask more questions on the plone-users mailing list 
or in the #plone IRC channel about details and how to protect yourself, 
but it is important to make a plan for this now.  If you know you can't 
install the fix at the time of release next week it would be a good idea 
to plan the best time to have it installed with your administrators, 
otherwise your site is potentially at risk from opportunistic hackers.

I would also like to take this opportunity to inform you of a change in 
our policy for issuing hotfixes. We will now issue hotfixes 
approximately every 4 months, with the next dates being:

* 10th December 2013
* 08th April 2014
* 12th August 2014
* 09th December 2014

In addition, while we take every care in issuing hotfixes that will work 
with as many versions of Plone as possible, we only officially support 
the following versions:

* 4.3.2
* 4.2.6
* 4.1.6
* 4.0.9
* 3.3.6

If you are using a version other than one listed above, you may get a 
smoother experience by upgrading to the latest point release in that 
series. For example, users of Plone 4.0.2 should find an upgrade to 
4.0.9 easy. Again, for more information, please ask on plone-users or 
#plone.

Thank you for your attention,

Matthew