Plone Security Advisory Update

On 4th February the Plone Organisation announced that it had found a serious loophole in the security of certain versions of Plone, which we announced as a Security Advisory.  In essence it was discovered that a skilled Plone developer could exploit a weakness to gain full admin access to any Plone site.  This wouldn't be an easy hack for the average programmer, but it nevertheless represented a threat and the Plone organisation acted quickly to minimise and close off the loophole.

Openia's support team immediately got to work to devise and a test a process for safely installing the necessary patch with minimal disruption to the twenty or so Openia Plone sites that were affected.  One the plan was in place, our clients were notified, and at about 3.30pm on 8th February, logins were disabled.  An hour later, the patch was released, installed and tested, and the Openia team began to open access to our client's websites. 

During the whole process, Openia used its new Updates service to keep all our customers completely up to date with progress.

Further information on the security issue and the patch to close it can be found on the plone site here:

http://plone.org/products/plone/security/advisories/cve-2011-0720

If you have a Plone site, and would like some assistance with installing this patch, please contact Openia Support.