All about Plone's baked-in security

About Plone Security

About Plone Security

10 reasons behind an extraordinary security track record of Plone.

Security Announcements

The Plone Security Team will announce and pre-announce all hotfixes via this URL.


Plone Hotfix list

Report a Security Issue

If you think you found a security related problem, please report it responsibly.

Security update policy

Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed as soon as possible.

Common Vulnerabilities vs. Plone

Common Vulnerabilities vs. Plone

All about Plone's baked-in security

Security Team

About the Plone Security Team

Security track record

Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.

Plone Hotfix Descriptions

Descriptions of the individual hotfixes and the vulnerabilities they address.