Security update policy

Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed immediately.

Plone's security team releases periodic updates containing fixes and security improvements typically found through code audits. Serious vulnerabilities, especially those reported by external researchers, are fixed immediately.

In almost all situations, the security team pre-announces the release of a fix to ensure that site maintainers can allocate time to install a fix. Only in emergencies are updates released without advance warning.

Installing a Plone security update takes approximately 10 to 15 minutes. Applying these updates is a routine and expected part of Plone hosting and support services.

Version support

The security team supports the current and the previous major release.

Currently, that means the 5.x series and the 4.3.x series. 

Hotfixes often also work on older versions of Plone, which will be indicated on the individual hotfix page. However, testing may have been less rigorous, and appearance of new hotfixes is not guaranteed for these older versions.