Security update policy

Plone's security team releases regular updates every four months. These fixes almost exclusively contain fixes and security improvements found by the security team's audits.

More serious vulnerabilities, especially those found by external researchers, have fixes released more quickly. In almost all situations, the security team pre-announces the release of a fix to ensure that site maintainers can allocate time to install a fix. Only in emergencies are updates released without advance warning.

Installing a Plone security update takes approximately 10 to 15 minutes. Applying these updates is a routine and expected part of Plone hosting and support services.


Version support

The security team supports the current and the previous major release.

Currently, that means the 5.x series and the 4.3.x series. 

Hotfixes often also work on older versions of Plone, which will be indicated on the individual hotfix page. However, testing may have been less rigorous, and appearance of new hotfixes is not guaranteed for these older versions.