Plone Hotfix Descriptions
Descriptions of the individual hotfixes and the vulnerabilities they address.
Security fix for image_view_fullscreen: cache poisoning
Several fixes for remote code execution, writing arbitrary files, information disclosure, server side request forgery, and cross site scripting. Note: version 1.6 is available now.
Several fixes for privilege escalation, open redirect, password strength, overwriting files, SQL injection, and cross site scripting. Version 1.1 released February 11, 2020, with an update for the SQL Injection fix, which will not be needed for all.
Several XSS and redirect fixes, and a sandbox escape fix.
XSS and sandbox escape vulnerability
Fixes various XSS and open redirection vulnerabilities
Fixes various XSS and open redirection vulnerabilities