Skip to content

Security: zopefoundation/Zope

Security

SECURITY.md

Security Policy

The Zope developer community uses the same security policy as the Plone developer community. The most up to date information about Plone security is on https://plone.org/security

Supported Versions

For supported versions, see the Zope development roadmap.

Reporting a Vulnerability

Please do NOT create a public bug report if you think this may be a security issue. Instead, please contact the Plone and Zope Security Team via email: security@plone.org. See also https://plone.org/security/report

Only bug reports submitted directly to the security team email will be treated as responsible disclosure. Any offered for sale to third parties or submitted to public bug bounty programmes will be treated as irresponsible public disclosure. We will not confirm any submissions on third party platforms such as "huntr" or "hackerone" and do not give permission for those systems to accept reports on our behalf or to represent themselves as a conduit for vulnerability reports.

Learn more about advisories related to zopefoundation/Zope in the GitHub Advisory Database