Security Announcements

The Plone Security Team will announce and pre-announce all hotfixes via this URL.

Security vulnerability pre-announcement: 20171128

Hotfix to patch various vulnerabilities

Read more

Security patch released 20171128

Hotfix to patch various vulnerabilities

Read more

Security vulnerability pre-announcement: 20170117

Hotfix to patch various vulnerabilities

Read more

Security vulnerability pre-announcement: 20161129

Hotfix to patch various vulnerabilities

Read more

Security vulnerability pre-announcement: 20160830

Hotfix to patch various vulnerabilities

Read more

Security vulnerability pre-announcement: 20200121

Hotfix to patch various vulnerabilities

Read more

Security patch released 20200121

Hotfix to patch various vulnerabilities

Read more

Security vulnerability pre-announcement: 20210518

Hotfix to patch various vulnerabilities. This hotfix is recommended for Plone 4.3, 5.0, 5.1 and 5.2.

Read more

Security patch released 20210518

Hotfix to patch various vulnerabilities. This hotfix is recommended for Plone 4.3, 5.0, 5.1 and 5.2.

Read more

Security patch released: 20170117

Hotfix to patch XSS and sandbox escape vulnerability

Read more

Security patch released: 20161129

Hotfix to patch various vulnerabilities

Read more

Security patch released: 20160830

Hotfix to patch various vulnerabilities

Read more

Security vulnerability: 20151006 - CSRF

Patches to Zope and Plone for multiple CSRF issues.

Read more

New Waitress version, and updated 20200121 hotfix

An update to Waitress, and improved SQL escaping in the 20200121 hotfix

Read more