Security
by matthewwilkes
—
published
2013/08/13 11:35:00 GMT+0,
last modified
2020-01-09T19:44:44+00:00
All about Plone's baked-in security
Security update policy
—
by Paul Roeland
—
last modified
Apr 20, 2019 01:55 PM
Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed immediately.
Available hotfixes
—
by Paul Roeland
—
last modified
May 15, 2016 09:52 AM
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.
Security track record
—
by Paul Roeland
—
last modified
May 15, 2016 09:26 AM
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
How to report a security issue
—
by Paul Roeland
—
last modified
Nov 17, 2017 10:55 PM
If you think you found a security related problem, please report it responsibly.
Common vulnerabilities we address
—
by Alex Limi
—
last modified
May 15, 2016 06:16 PM
All about Plone's baked-in security
Descriptions
—
by Paul Roeland
—
last modified
Jan 09, 2020 09:13 PM
Descriptions of the individual hotfixes and the vulnerabilities they address.
Security Announcements
—
by Alexander Loechel
—
last modified
Feb 11, 2020 11:10 PM
A list of all Plone security announcements and hotfixes, and how to subscribe. The Plone Security Team will announce and pre-announce all hotfixes via this URL.
Security Team
—
by T. Kim Nguyen
—
last modified
Dec 14, 2017 07:24 PM
About the Plone Security Team
Document Actions