All about Plone's baked-in security

Security update policy

Plone's security team releases regular updates every four months. These fixes almost exclusively contain fixes and security improvements found by the security team's audits.

Available hotfixes

There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.

Security track record

Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.