No credible report of a serious vulnerability in Plone being exploited in the wild.
Plone is an extraordinarily secure content management system, having stood the test of time for 15 years and counting.
Plone’s outstanding security track record is a result of many things:
- good coding practices
- processes, including continuous integration and testing
- a proactive security team that performs security reviews, investigates claims and reports of vulnerabilities, and responds appropriately and immediately as necessary
Plone has never received a report of a serious vulnerability in Plone being exploited in the wild.
Security fix announcements are normally issued with two weeks‘ notice. If the Plone security team were to receive reports of a zero day exploit or vulnerability in the wild, it would release a security fix immediately.
The Plone security team has been aware of a recent claim, has examined it, and has determined that it is a hoax. There is no reason to believe a ‚zero-day‘ flaw exists in Plone nor in Plone-based distributions.
Information about Plone’s security track record and features: https://plone.org/security/track-record
An overview of Plone and its features: https://plone.com
Source of this information: