Security

All about Plone's baked-in security

Security update policy

by Paul Roeland — last modified Apr 20, 2019 01:55 PM
Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed immediately.

Available hotfixes

by Paul Roeland — last modified May 15, 2016 09:52 AM
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.

Security track record

by Paul Roeland — last modified May 15, 2016 09:26 AM
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.

Security Announcements

by Alexander Loechel — last modified Feb 03, 2018 04:25 PM
A list of all Plone security announcements and hotfixes, and how to subscribe. The Plone Security Team will announce and pre-announce all hotfixes via this URL.

Document Actions