Security
All about Plone's baked-in security
Security Announcements
The Plone Security Team will announce and pre-announce all hotfixes via this URL.
Hotfixes
Plone Hotfix list
Historical list of hotfixes for each Plone version
Plone Hotfix list
Report a Security Issue
If you think you found a security related problem, please report it responsibly.
Security update policy
Last major policy update: 2024-01-15.
Security Team
About the Plone Security Team
Security track record
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
Plone Hotfix Descriptions
Descriptions of the individual hotfixes and the vulnerabilities they address.
The text and illustrations in this website are licensed by the Plone Foundation under a Creative Commons Attribution-ShareAlike 4.0 International license. Plone and the Plone® logo are registered trademarks of the Plone Foundation, registered in the United States and other countries. For guidelines on the permitted uses of the Plone trademarks, see https://plone.org/foundation/logo. All other trademarks are owned by their respective owners.