A bit belatedly we discovered that our two running Plone services were potentially vulnerable to an escalation of privileges exploit. Looking through the logs with the checker they provided, and the fact that we use Cosign authentication for most of our sites, seems to say that our sites have not been compromised in this way. Though the security advisory link below still suggests it may be worth looking through the membership for your Plone sites to make sure there’s no one unexpected on it.
We have now applied their recommended fix and both the wcms.inf and www.inf plone instances were restarted around 17:45 yesterday. This would have caused the Plone content to be inaccessible for 30s or so. Looking at the logs, neither sites were being actively accessed by humans at the time.
I have now renewed my membership of the Plone announcements list via http://plone.org/follow . Details of the security advisory at http://plone.org/products/plone/security/advisories/cve-2011-0720