DO NOT POST SECURITY-RELATED BUGS IN PUBLIC MAILING LISTS OR DISCUSSION FORUMS.
Security-related bugs should be reported only via email to email@example.com. Security issues in Plone or its add-ons can be reported this way, and the Security Team will contact the relevant maintainer if necessary.
Bugs That Are Not Security-Related
All other Plone bugs should be reported via a ticket (issue) in an appropriate on-line tracker. For best results, you will need to do some research to figure out which such tracker is most appropriate for your situation. This is because development of core Plone components, third-party products (add-ons / plugins), other third-party packages, and Plone documentation are all handled by different teams around the world, each with their own work schedules and development infrastructure. You should anticipate needing to remain engaged with the issue after reporting -- to include working on the problem yourself and offering a patch if possible -- in order to improve the likelihood of a prompt resolution.
Bugs in Plone Core
If you think your bug involves a core component of Plone, check to see if that component has its own repository at https://github.com/plone. If it does, use the component's issue tracker to submit your bug report. If the component does not have its own repository there, submit your bug report in the catch-all CMFPlone tracker on GitHub.
Note: after figuring out where to post your report, but before doing so, please search the issue tracker to ensure this issue hasn't already been reported and that it hasn't already been fixed in a later version of the component.
Bugs in Plone Add-ons
Bugs in Plone Documentation
Bugs in this Website (plone.org)
If the issue is related to plone.org (this website), please file it in the plone.org issue tracker.