WebFaction
Community site: login faq
0
1

I read about the recent security vulnerability in Plone and the associated hotfix - how do I install the hotfix on my Plone site here at WebFaction?

asked 08 Feb '11, 18:13

seanf
12.2k41836
accept rate: 37%

edited 08 Feb '11, 22:15


Thanks for the amazing question, Sean! ;-)

You can install the CVE-2011-0720 hotfix as follows:

For Plone < 3.2 installed via our control panel (and other old-style Zope instances)

First, SSH into your server, then run the following commands to download and install the hotfix product:

cd ~/webapps/your_zope_app/Zope/Products
wget http://dist.plone.org/packages/PloneHotfix20110720-1.1.tar.gz
tar zxf PloneHotfix20110720-1.1.tar.gz
rm PloneHotfix20110720-1.1.tar.gz

Next, stop your Zope and start it in foreground mode:

cd ~/webapps/your_zope_app/Zope
./bin/zopectl stop
./bin/zopectl fg

Watch the output - you'll know the hotfix is installed correctly when you see something like the following:

2011-02-08 17:17:36 INFO PloneHotfix20110720 Patching ZPublisher.DefaultPublishTraverse.publishTraverse
2011-02-08 17:17:36 INFO PloneHotfix20110720 Hotfix installed.
2011-02-08 17:17:40 INFO Zope Ready to handle requests

Now hit CTRL-C to terminate Zope, then restart it in daemon mode:

./bin/zopectl start

For Plone >=3.2 installed via our control panel (and other Plone buildouts)

First, SSH into your server, then run the following commands to download and install the hotfix product:

cd ~/webapps/your_zope_app/zinstance/products
wget http://dist.plone.org/packages/PloneHotfix20110720-1.1.tar.gz
tar zxf PloneHotfix20110720-1.1.tar.gz
rm PloneHotfix20110720-1.1.tar.gz

Next, stop your Zope and start it in foreground mode:

cd ~/webapps/your_zope_app/zinstance
./bin/instance stop
./bin/instance fg

Watch the output - you'll know the hotfix is installed correctly when you see something like the following:

2011-02-08 17:17:36 INFO PloneHotfix20110720 Patching ZPublisher.DefaultPublishTraverse.publishTraverse
2011-02-08 17:17:36 INFO PloneHotfix20110720 Hotfix installed.
2011-02-08 17:17:40 INFO Zope Ready to handle requests

Now hit CTRL-C to terminate Zope, then restart it in daemon mode:

./bin/instance start

That's it - you're done!

permanent link

answered 08 Feb '11, 18:14

seanf
12.2k41836
accept rate: 37%

Is there a way to see if the hotfix has been installed properly from the ZMI?

(09 Feb '11, 07:49) onmountain

It should appear as an installed product in the top-level control panel object in your ZMI, but as far as I know, the recommended way to confirm a successful patch is by checking the output when running Zope in the foreground (or possibly by checking in your event log).

(09 Feb '11, 14:33) seanf
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×69
×23
×1

question asked: 08 Feb '11, 18:13

question was seen: 2,769 times

last updated: 09 Feb '11, 14:33

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM