Security
All about Plone's baked-in security
Security update policy
Plone's security team releases regular updates every four months. These fixes almost exclusively contain fixes and security improvements found by the security team's audits.
Available hotfixes
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.
Security track record
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
How to report a security issue
If you think you found a security related problem, please report it responsibly.
Common vulnerabilities we address
All about Plone's baked-in security
Descriptions
Descriptions of the individual hotfixes and the vulnerabilities they address.
Security Announcements
The Plone Security Team will announce and pre-announce all hotfixes via this URL.