Plone Cross-Site Request Forgery

Sidnei — Wed, 19 Mar 2008 02:52:13 +0000

If you have been paying attention to Plone checkins, you might have noticed some checkins mentioning CSRF (Cross-Site Request Forgery) flying by. Today Secunia released an advisory about the issue.

As can be seen from the referenced paper, web technologies make some things just way too simple to hack around.

On a unrelated note, call me luddite, but I really think moving our life to the cloud presents way more unforeseen threats than our little brains can imagine.

Zope XSS Issue, Enfold Server Update

Sidnei — Thu, 22 Mar 2007 04:03:56 +0000

We have created an update installer to fix a security issue affecting
all released versions of Enfold Server. The issue is in the Zope
application server, one of the key components underlying Enfold Server.

We recommend you download this update and run it on your server as
soon as possible.

The update adds a product named “Hotfix_20070320″ to the Enfold Server
“Products” directory. After running the installer, you must restart Enfold
Server for the patch to take effect.

This security vulnerability involves the Zope application server, one of
the key components underlying Enfold Server. More details are on the
Zope community Web site.

blog.sidneidasilva.com » security

Plone Cross-Site Request Forgery

Zope XSS Issue, Enfold Server Update