Security
All about Plone's baked-in security
Security Announcements
The Plone Security Team will announce and pre-announce all hotfixes via this URL.
Report a Security Issue
If you think you found a security related problem, please report it responsibly.
Security update policy
Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed as soon as possible.
Security track record
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
Plone Hotfix Descriptions
Descriptions of the individual hotfixes and the vulnerabilities they address.