Security Matters Alexander Loechel on plone.app.vulneritilities

plone.vulnerabilitychecks.* plone.hud

PLONE CONFERENCE BRISTOL 2014

Studies on Security• Security Study on Content

Management Systems published by the German Federal Office for Information Security May 2013

• Take at least 15 min / day / system - Look for updates - Apply Patches

Drupal Security Team

„You should proceed under the assumption that every Drupal 7 website was compromised unless

updated or patched before …after the announcement.“

plone.app.vulnerbilitieshttp://plone.org/hotfixes

plone.hud / plone.app.hud

JSON from plone.org and pypi.python.org

Supply Information• Check for vulnerabilities on Plone installs:

• plone.vulnerabilitychecks.instance_startup —> disable or warn on startup

• plone.vulnerabilitychecks.buildout —> warn or stop buildout

• plone.vulnerabilitychecks.tests —> For CI Tests

• plone.vulnerabilitycheckes.controlpanel —> Version Information View

• buildout.autoapplyplonehotfixes

• —> github.com/loechel/

• dependencies:

• plone.vulnerabilitychecks.core —> JSON <— plone.app.vulnerabilities

Future Work• Sprinting on that

• Include up-to-date lone.app.vulnerabilities in plone.org and keep Information up-to-date

• May a PLIP to include those Packages in the Installers as a out-commented option with documentation

• Make people more aware of Plone Security