The Plone security team is sorry to announce that a flaw in
PloneHotfix20121106, released on the 6th November 2012, has been found.
In some deployment configurations the allow_module patch is not
correctly applied, potentially compromising the security of
further information. In addition, earlier versions of the hotfix
introduced too stringent a test on FTP access, causing it to become
unavailable to all users.