Security

All about Plone's baked-in security

About Plone Security

by Rikupekka Oksanen — last modified Dec 12, 2020 03:57 PM
Plone is Python's enterprise-grade content management system (CMS). With no ZERO DAY(*) ever, it has the best security track record of any major CMS.

Available Hotfixes

by Paul Roeland — last modified Jan 17, 2021 02:42 PM
There may be hotfixes applicable to your version of Plone. Always check the Plone Hotfix Page before production deployment.

Security Announcements

by Alexander Loechel — last modified Feb 11, 2020 11:10 PM
A list of all Plone security announcements and hotfixes, and how to subscribe. The Plone Security Team will announce and pre-announce all hotfixes via this URL.

Security track record

by Paul Roeland — last modified May 15, 2016 09:26 AM
Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. Yet we have never received a report of a serious vulnerability in Plone being exploited in the wild.

Security update policy

by Paul Roeland — last modified Apr 20, 2019 01:55 PM
Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed immediately.

Document Actions