How do I install the CVE-2011-0720 hotfix for Plone?

Thanks for the amazing question, Sean! ;-)

You can install the CVE-2011-0720 hotfix as follows:

For Plone < 3.2 installed via our control panel (and other old-style Zope instances)

First, SSH into your server, then run the following commands to download and install the hotfix product:

cd ~/webapps/your_zope_app/Zope/Products
wget http://dist.plone.org/packages/PloneHotfix20110720-1.1.tar.gz
tar zxf PloneHotfix20110720-1.1.tar.gz
rm PloneHotfix20110720-1.1.tar.gz

Next, stop your Zope and start it in foreground mode:

cd ~/webapps/your_zope_app/Zope
./bin/zopectl stop
./bin/zopectl fg

Watch the output - you'll know the hotfix is installed correctly when you see something like the following:

2011-02-08 17:17:36 INFO PloneHotfix20110720 Patching ZPublisher.DefaultPublishTraverse.publishTraverse
2011-02-08 17:17:36 INFO PloneHotfix20110720 Hotfix installed.
2011-02-08 17:17:40 INFO Zope Ready to handle requests

Now hit CTRL-C to terminate Zope, then restart it in daemon mode:

./bin/zopectl start

For Plone >=3.2 installed via our control panel (and other Plone buildouts)

First, SSH into your server, then run the following commands to download and install the hotfix product:

cd ~/webapps/your_zope_app/zinstance/products
wget http://dist.plone.org/packages/PloneHotfix20110720-1.1.tar.gz
tar zxf PloneHotfix20110720-1.1.tar.gz
rm PloneHotfix20110720-1.1.tar.gz

Next, stop your Zope and start it in foreground mode:

cd ~/webapps/your_zope_app/zinstance
./bin/instance stop
./bin/instance fg

Watch the output - you'll know the hotfix is installed correctly when you see something like the following:

2011-02-08 17:17:36 INFO PloneHotfix20110720 Patching ZPublisher.DefaultPublishTraverse.publishTraverse
2011-02-08 17:17:36 INFO PloneHotfix20110720 Hotfix installed.
2011-02-08 17:17:40 INFO Zope Ready to handle requests

Now hit CTRL-C to terminate Zope, then restart it in daemon mode:

./bin/instance start

That's it - you're done!