Security
All about Plone's baked-in security
About Plone Security
—
by Rikupekka Oksanen
—
last modified
Dec 12, 2020 03:57 PM
Plone is Python's enterprise-grade content management system (CMS). With no ZERO DAY(*) ever, it has the best security track record of any major CMS.
Available Hotfixes
—
by Paul Roeland
—
last modified
Jan 17, 2021 02:42 PM
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.
Common Vulnerabilities
—
by Alex Limi
—
last modified
Jan 17, 2021 02:42 PM
All about Plone's baked-in security
Report a Security Issue
—
by Paul Roeland
—
last modified
Sep 16, 2021 11:20 AM
If you think you found a security related problem, please report it responsibly.
Plone Hotfix Descriptions
—
by Paul Roeland
—
last modified
May 09, 2021 01:58 PM
Descriptions of the individual hotfixes and the vulnerabilities they address.
Security Announcements
—
by Alexander Loechel
—
last modified
May 18, 2021 03:06 PM
A list of all Plone security announcements and hotfixes, and how to subscribe. The Plone Security Team will announce and pre-announce all hotfixes via this URL.
Security Team
—
by T. Kim Nguyen
—
last modified
Dec 14, 2017 07:24 PM
About the Plone Security Team
Security track record
—
by Paul Roeland
—
last modified
May 15, 2016 09:26 AM
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
Security update policy
—
by Paul Roeland
—
last modified
Apr 20, 2019 01:55 PM
Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed immediately.