Security
All about Plone's baked-in security
Security update policy
—
by Paul Roeland
—
last modified
May 15, 2016 09:22 AM
Plone's security team releases regular updates every four months. These fixes almost exclusively contain fixes and security improvements found by the security team's audits.
Available hotfixes
—
by Paul Roeland
—
last modified
May 15, 2016 09:52 AM
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.
Security track record
—
by Paul Roeland
—
last modified
May 15, 2016 09:26 AM
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.
How to report a security issue
—
by Paul Roeland
—
last modified
Nov 17, 2017 10:55 PM
If you think you found a security related problem, please report it responsibly.
Common vulnerabilities we address
—
by limi
—
last modified
May 15, 2016 06:16 PM
All about Plone's baked-in security
Descriptions
—
by Paul Roeland
—
last modified
Nov 26, 2017 11:40 PM
Descriptions of the individual hotfixes and the vulnerabilities they address.
Security Announcements
—
by Alexander Loechel
—
last modified
Nov 28, 2017 03:38 PM
The Plone Security Team will announce and pre-announce all hotfixes via this URL.
Security Team
—
by T. Kim Nguyen
—
last modified
Dec 14, 2017 07:24 PM
About the Plone Security Team