Security Announcements

The Plone Security Team will announce and pre-announce all hotfixes via this URL.

Security vulnerability pre-announcement: 20171128

Security vulnerability pre-announcement: 20171128

Hotfix to patch various vulnerabilities

Security patch released 20171128

Security patch released 20171128

Hotfix to patch various vulnerabilities

Security vulnerability pre-announcement: 20170117

Security vulnerability pre-announcement: 20170117

Hotfix to patch various vulnerabilities

Security vulnerability pre-announcement: 20161129

Security vulnerability pre-announcement: 20161129

Hotfix to patch various vulnerabilities

Security vulnerability pre-announcement: 20160830

Security vulnerability pre-announcement: 20160830

Hotfix to patch various vulnerabilities

Security vulnerability pre-announcement: 20200121

Security vulnerability pre-announcement: 20200121

Hotfix to patch various vulnerabilities

Security patch released 20200121

Security patch released 20200121

Hotfix to patch various vulnerabilities

Security vulnerability pre-announcement: 20210518

Security vulnerability pre-announcement: 20210518

Hotfix to patch various vulnerabilities. This hotfix is recommended for Plone 4.3, 5.0, 5.1 and 5.2.

Security patch released 20210518

Security patch released 20210518

Hotfix to patch various vulnerabilities. This hotfix is recommended for Plone 4.3, 5.0, 5.1 and 5.2.

Security patch released: 20170117

Security patch released: 20170117

Hotfix to patch XSS and sandbox escape vulnerability

Security patch released: 20161129

Security patch released: 20161129

Hotfix to patch various vulnerabilities

Security patch released: 20160830

Security patch released: 20160830

Hotfix to patch various vulnerabilities

Security vulnerability: 20151006 - CSRF

Patches to Zope and Plone for multiple CSRF issues.

New Waitress version, and updated 20200121 hotfix

New Waitress version, and updated 20200121 hotfix

An update to Waitress, and improved SQL escaping in the 20200121 hotfix