World Plone Day is an opportunity for members of the Plone community to celebrate and promote their favorite open source CMS. The 2022 event took place on April 27th and featured in-person events plus streaming and recorded content. There were:
58 talks on a wide range of topics from beginner to advanced
20 hours of video in 10 languages from 14 countries
6 local events - in Italy, Brazil, India, Switzerland, and 2 in Romania
There were talks from long-time community members and from people who are relative newcomers. Here are a few highlights for a general audience:
At the 2021 Plone Conference, the marketing team presented a plan was for how to improve and renew plone.org, the one and only place for Plone-related information:
Content needs refreshing, especially the frontpage and main landing pages
Visual theme will be out-of-the-box Plone 6 with Volto frontend, using available add-ons (many of which we expect will be added as core features)
Goal is to publish the new site by World Plone Day 2022 (April).
Great Progress at Sprints
Since December 2022, we have organized 4 monthly sprints, working on:
Content and navigation structure
Other content work
Migration from Plone 5 to Plone 6
Visual design
Translation, default page content, add-ons
Plone 6 documentation
Volto improvements
Volto Blocks and installation
And more
We have updated the original plan to include a new visual theme and additional features that will eventually be available for others to use. A more ambitious scope has moved the release date somewhat further this year.
Special Thanks
The Plone Marketing and Communications Team is organizing the effort and working on the content overhaul, but we also want to express special thanks to:
Philip Bauer, from Starzel.de - Full content migration from Plone 5 to Plone 6, including the transition to Volto blocks
Érico Andrei, from Kitconcept - Foundation Member content type, installation, deployment, content type renewal, etc.
Steve Piercy and Katja Süss - Documentation effort resulting in new Plone 6 docs and organization around the work
Massimo Azzolini, Irene Capatti, Massimo Weigert, and Gianantonio Vecelli, from Giallocobalto - For massive content and structure redesign, visual design and layout, and UX design
Stefano Marchetti, Andrea Cecchi, Giulia Ghisini, and Andrea Baglioni, from Redturtle - For the new site's buildout which includes needed Volto blocks, curated add-ons, visual theme, and more: https://github.com/collective/volto-plone-org
Kim Nguyen, Brian Davis - For lessons learned from the previous renewal, content and structure discussion, theming mockups, etc.
Victor Fernandez de Alba and Jakob Kahl - For Volto knowledge
And everyone else who has pitched in ideas, discussions, and questions!
This effort would not be possible without help from the awesome Plone community!
Want to Join the Effort?
The plone.org work is not done - our next sprint will be organized in May 2022. Feel free to join! There will be an event page, but meanwhile join the plone.org Discord channel for discussion. By the next sprint we hope to have a fully running site with migrated content available online for testing and content work.
If you have any questions or comments, please contact [email protected].
The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!
Use zc.buildout 3.0.0rc3 and setuptools 62.0.0 by default.
Update waitress to version 2.1.1 to mitigate a vulnerability in that package.
Zope 5.5.1: Enhance cookie support.
plone.staticresources: The big one: Updated JavaScript for Plone Classic, using ES6 modules. No more through-the-web compiling of JavaScript. See PLIP 3211.
Products.CMFPlone:
Remove RequireJS.
Remove default resource jQuery. It is added to the global namespace via the bundle.
Remove support for conditional comments in script and style tags. It's not supported since IE10.
Remove dependency on mockup. Mockup is now a npm package only and as such a dependency of plone.staticresources.
New resource registry to simplify CSS/JS registration.
Only "bundles" are registered - support of "resources" and "bundle resources" is removed.
Removed TTW compilation of bundles via r.js and less.js.
Property merge_with is no longer needed in HTTP/2 times and merging here unsupported.
Unique key for delivery is based on hash of bundle file, last_compilation property is deprecated.
PLIP #3279: Implement modern images scales. Add huge (1600px), great (1200px), larger (1000px), teaser (600px). Amend preview and mini (remove height constraint).
Add TinyMCE template plugin to the plugins vocabulary.
Add TinyMCE alignment classes, to avoid style usage.
plone.volto is now a dependency of the Plone package.
PLIP 2780: Move features of collective.dexteritytextindexer to core.
plone.app.dexterity:
Remove JavaScript from this package and move it to Mockup.
Modeleditor: Use pat-code-editor from Patternslib instead ACE. Make the model editing form usable without JavaScript. Allow editing the form even with XML errors to be able to fix the problem.
plone.recipe.zope2instance: by default do not create a temporary storage.
plone.scale: Removed deprecated factory argument from scale method.
plone.app.linkintegrity: Track link integrity of referenced PDFs and other site objects in IFRAME SRC references.
plone.outputfilters: Resolve UIDs in SRC= attribute of of SOURCE and IFRAME elements.
plone.app.querystring: Add lazy attribute to vocabularies to prevent fetching any results.
plone.app.theming:
Deactivate copy button and modal in theming control panel.
Remove all thememapper functionality from theming control panel, including Inspect/Modify theme and the Preview.
plone.app.users: Show unfiltered member fields for manager in user profile page.
plone.app.widgets:
Remove implicit dependency on Mockup. Mockup is no longer a Python package, only an npm package.
Update datetime pattern options for Patternslib pat-date-picker/pat-datetime-picker.
plone.autoform:
Fixes for latest z3c.form.
Reimplementation of ObjectSubForm and ISubformFactory, backported from older z3c.form.
plone.app.z3cform:
Use better types for inputs.
Use browser native date and datetime-local input together with patternslib date-picker.
Implement TimeWidget which renders <input type="time" />.
Use pat-validation in forms.
Fixed for latest z3c.form
plone.z3cform: compatibility with latest z3c.form.
plone.namedfile: Register AnnotationStorage as IImageScaleStorage multi adapter, both from plone.scale. Use this adapter in our scaling functions when we store or get an image scale.
Products.PlonePAS: Add separate GenericSetup profile to switch the Zope root /acl_usersto use a simple cookie login form. Useful when Zope root login and logout need to synchronize authentication state between multiple plugins, which is not possible with HTTP Basic authentication.
plone.app.layout:
Restructure global sections and searchbox markup for mobile navigation as offcanvas sidebar.
LiveSearch with support for images in search results.
plonetheme.barceloneta: sticky footer.
Note that changes may be mentioned only once, even when they involve multiple packages.
Plone 6
Plone 6 editing experience combines the robust usability of Plone with a blazingly fast JavaScript frontend
The Plone community, in particular the Volto team, is happy to announce that Volto 15 is ready and shipped!
Volto is Plone's snappy, modern React front end powered by the RestAPI, and the default for Plone 6.
Volto 15.0.0
New feature highlights
Add `cookiesExpire` value to config to control the cookie expiration @giuliaghisini
DatetimeWidget 'noPastDates' option: Take widgetOptions?.pattern_options?.noPastDates of backend schema into account. @ksuess
Add a new type of filter facet for the Search block. Heavily refactor some searchblock internals. @tiberiuichim
Add date range facet to the search block @robgietema
Introduce the new `BUILD_DIR` runtime environment variable to direct the build to run in a specific location, different than `build` folder. @sneridagh
Handle redirect permanent calls from the backend in the frontend (e.g. when changing the short name) @robgietema
Added id widget to manage short name @robgietema
Refactor language synchronizer. Remove it from the React tree, integrate it into the Api Redux middleware @sneridagh
Add blocks rendering in Event and NewsItem views (rel plone.volto#32) @nzambello @ksuess
Complete Basque translation @erral
Complete Spanish translation @erral
Breaking changes
Upgrade `react-cookie` to the latest version. @sneridagh @robgietema
Language Switcher no longer takes care of the change of the language on the Redux Store. This responsibility has been unified in the Api Redux middleware @sneridagh
Markup change in `LinkView` component.
Rename `core-sandbox` to `coresandbox` for sake of consistency @sneridagh
Extend the original intent and rename `RAZZLE_TESTING_ADDONS` to `ADDONS`. @sneridagh
Lazyload draftjs library. See the upgrade guide on how that impacts you, in case you have extended the rich text editor configuration @tiberiuichim @kreafox
Deprecating `lang` cookie in favor of Plone official one `I18N_LANGUAGE` @sneridagh
Fix the `null` error in SelectAutoComplete Widget @iFlameing
Prevent the MultilingualRedirector to force 4 content load when switching the language @reebalazs
Fix the upload image in contents view @iFlameing
add "view" id to contact-form container for main content skiplink @ThomasKindermann
Fix loading indicator positioning on Login form submit @sneridagh
Fix redirect bug with URLs containing querystrings @robgietema
Fixed id widget translations @robgietema
Contents Rename Modal, use `id` Widget type @sneridagh
Fix overflow of very long file name in `FileWidget` @sneridagh
Fix overflowing issue in the toolbar @kreafox
Overwrite current block on insert new block. @robgietema
Fix hot reload on updates related to the config object because of `VersionOverview` component @sneridagh
Fix error when lock data is gone after an invariant error. @robgietema
Internal
Change prop `name` -> `componentName` in component `Component` @sneridagh
Add new RawMaterial Volto websites in production @nzambello
House cleanup, remove some unused files in the root @sneridagh
Move Webpack related files to `webpack-plugins` folder @sneridagh
Remove unused Dockerfiles @sneridagh
Update Docker compose to latest images and best practices @sneridagh
Improve flaky test in coresandbox search Cypress tests @sneridagh
Better implementation of the add-on load coming from the environment variable `ADDONS` @sneridagh
Turn `lazyLibraries` action into a thunk. Added a conditional if the library is loaded or in process to be loaded, do not try to load it again. This fixes the lag on load `draftjs` when having a lot of draftjs blocks. @sneridagh
Use `@root` alias instead of `~` in several module references. Most of the Volto project code no longer needs the root alias, so it makes sense to phase it out at some point @tiberiuichim
Alias `lodash` to `lodash-es`, as this will include only one copy of lodash in the bundle @tiberiuichim
Documentation
Upgrade Guide i18n: Make clear what's project, what add-on. @ksuess
(Experimental) Prepare documentation for MyST and importing into `plone/documentation@6-dev`. @stevepiercy
Fix broken links and redirects in documentation to be compatible with MyST. @stevepiercy
Update add-on internationalization. @ksuess
Add MyST and Sphinx basic configuration for rapid build and comparison against MkDocs builds. @stevepiercy
Where do we go from here? Plone 6! Right now, the only major feature missing is content rules and the new Slate editor. The rest of Plone’s features are covered in Volto 16.
So the work is not over yet. We still need helping hands and contributors to continue the effort to make Plone 6 a reality. Everybody is welcome!
Thanks!
We would like to thank all the people involved in creating Volto 15. It is amazing how much we were able to accomplish as a team, and as a community, during the last months.
Once again this year members of the Plone open source community will mentor students and other young people interested in learning how to develop their skill and to contribute to an open source project. Plone has benefited greatly from the contributions of GSOC students since it began participating in the program in 2006. Many of those GSOC students have gone on to become core contributors to Plone as well as productive members of other open source software communities.
Students whose applications are accepted will work with a senior Plone programmer on one of a list of projects with the goal of making a contribution to the Plone code base or a related project. The Plone Foundation supports successful GSOC students by providing support for attending the annual Plone conference and for meeting other members of the diverse Plone / Python / Zope community.
The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!
Episode #06 on 28 February 2022 featured news about new Foundation members and the 2022 Plone Conference dates, a discussion of the plone.org relaunch work and issues encountered, Volto, Classic and collective.exportimport development news, and a follow up to the composite page builders discussion in episode #05. Plus Philip and Fred issued a call for Volto translators and a call for World Plone Day talks. Go to the Newsroom page to view other episodes.
The Plone Foundation welcomes two new members after unanimous confirmation by the Foundation's Board of Directors on February 17, 2022.
Membership in the Foundation is conferred for significant and enduring contributions to the Plone project and community. The Plone Foundation Membership Committee overwhelmingly recommended each applicant for their ongoing contributions to Plone.
Giulia Ghisini
Giulia is a frontend developer who works on the Volto development team. She has sprinted at Sorrento once and has participated in Plone conferences since 2019.Giulia works at Red Turtle and lives in Ferrara, Italy.
Piero Nicolli
Piero also works with Red Turtle in Ferrara. He has been using Plone since 2015 and has made occasional contributions since then. Piero's focus has shifted to Volto after beginning with contributions on plonetheme.barceloneta and plone.staticresources. He is currently part of the Volto Team.
Piero attended Plone Conferences 2018, 2019 and 2021, and he helped organize the 2019 Ferrara conference. In addition to several sprints, Piero gave a talk about frontend development at PloneConf 2019 and about a use case for a repeatable Volto themes at PloneConf 2021. He is active on Discord from time to time and answer questions there when available.
Alessandro Pisa
Alessandro works remotely for Syslab from Ferrara (Italy) and has been a Plone user and developer since 2008. He has been a Framework Team member since 2017. He is a Plone core developer and contributes and maintains some packages in the Plone ecosystem.
Alessandro is a long-time contributor to the community and helps to manage the collective organization on GitHub. He has attended many sprints and makes sure to reach out to newcomers when conference time comes around.
I’ve started working on a new Leaflet-powered Volto map block and the first thing that happened while loading react-leaftlet was an error reported by the browser:
Module parse failed: Unexpected token (10:41) in @react-leaflet/core/esm/path.js ... const options = props.pathOptions ?? {}; ... The problem is that is, for some reasons, the transpiled JS bundle includes code using the nulish coalescing operator
This is already a problem reported in react-leaflet and it happens because the distributed transpiled library includes that code.
As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be Feburary 15th at 14:00 UTC (15:00 CEST). Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.
Plone is vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually, only anonymous users are affected, but this depends on your cache settings.
All Plone versions are vulnerable. It depends on your Plone version and the Image content type which package is vulnerable: Products.CMFPlone, plone.app.contenttypes or Products.ATContentTypes.
The Plone Security Team has released fixes for Plone 5.2:
Today, Plone 5.2.7 and 6.0.0a3 have been released with these updated packages. Separate announcements will follow.
If you have any questions or comments about this advisory, email us at [email protected]. This is also the correct address to use when you want to report a possible vulnerability. See our security report policy.
Got rid of the skins directory. Most items in here have been moved to browser views. Some were no longer used, or had an alternative, and were removed.
The VersionView class is deprecated because it contained just one method that is now part of the @@plone view.
plone.app.linkintegrity: Track integrity of video and audio files in HTML source tags.
plone.app.uuid: Speed up uuidToPhysicalPath and uuidToObject.
plone.namedfile:
Make DefaultImageScalingFactory more flexible, with methods you can override.
Drop support for Python 2.7. Main target is now Plone 6, but we try to keep it running on Plone 5.2 with Python 3.
diazo: Removed FormEncode test dependency.
Pillow updated to 9.0.0
plone.app.content: Deprecate the human_readable_size method of the ContentStatusHistoryView class because the one from the @@plone view should be used.
plone.app.layout: Improved the Global section viewlet:
Catalog based navigation.
Allow more customization by adding methods as hooks.
Various performance optimizations.
Deprecate now unused navtree_depth property.
plone.app.layout: Removed deprecated methods.
plone.app.layout: Add viewlet to display customizable favicon. See the Site Settings.
Various packages: No longer use deprecated property types ulines, utext, utoken, and ustring, but their non-unicode variants, without a u at the beginning. See issue 3305.
plone.restapi:
Enhance @addons endpoint to return a list of upgradeable addons.
Add support for DX Plone Site root in Plone 6. Remove blocks behavior hack for site root in Plone 6.
Products.CMFPlacefulWorkflow: Removed the CMFPlacefulWorkflow skin layer.
Plone 6 editing experience combines the robust usability of Plone with a blazingly fast JavaScript frontend
Plone 5.2.7 released
Specific release notes for Plone 5.2.7:
Some highlights of this release are:
`plone.app.contenttypes` and `Products.ATContentTypes`: Security fix: prevent cache poisoning with the Referer header. See security advisory.
`plone.app.linkintegrity`: Track integrity of video and audio files in HTML source tags.
World Plone Day is a 24-hour streaming event, with the goal was to promote and educate the public about the benefits of using Plone and of being part of the Plone community.
The Plone community is organizing this year's World Plone Day activities on April 27, beginning at 00h00 CET.
Take this opportunity to share your accomplishments with a worldwide group of Plone users. This event is organized to support presentations in your native language if that's your preference.
We are looking for presentations for the event, both pre-recorded talks or live streaming, whatever suits you:
Case studies - share your success stories
Technical talks - share your findings and challenges
Plone 6 talks - What's new with the latest and greatest of Plone releases
Plone Community - discuss the importance and friendliness of Plone community
Any discussion - grab a few friends and just chat about Plone-related stuff (no matter how remotely)
Once you've identified what you'd like to share, submit your topic using our easy proposal form to let the Plone marketing team know what you have in mind. If you have any questions, please contact [email protected].
Streaming will be done using the Streamyard platform, and all you need to do is to show up with your talk.
The Plone Foundation Board has identified five priorities for focused attention and effort during the coming year :
Communication: Addressing all Plone audiences, not only developers
Embrace hybrid model for all gatherings, meetups, sprints and the conference
Improve and enhance documentation and marketing/positioning of the Plone CMS
Nurture new participation and leadership in the community
Contributor agreement modernization via the adoption of digital signature
A consensus emerged around the importance of including user communities as much as possible. Plone meetings of every sort benefit when some or all of the participants can be together in a room. So much of this has been lost during the past two years, and we would like to find ways to meet safely using hybrid solutions.
Development of our existing documentation is actively proceeding and one of our goals for the year will be to work through any challenges and then apply the new product to marketing.
Our community is diverse in every direction, and participation from each group adds value to our ultimate product, as well as generates enthusiasm for Plone
We will also work to simplify the Contributor agreement process.
The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!
Episode #05 on 21 January 2022 featured an update on the state of Plone 6 and Plone 6 Classic development, a discussion of page composition tools (plone.app.mosaic, collective.cover, collective.contentsections, collective.modules, and older add-ons like Collage, CMFContentPanels, ContentWellPortlets), and news of the plone.org relaunch effort, Plone 6 documentation, Google Summer of Code, and collective.easyformplugin.registration. Go to the Newsroom page to view other episodes.
Next time: Plone Conference 2022 in Namur, Belgium!
With the help of our sponsors, like Six Feet Up, iMio, and many others, the 2021 conference was held 100% Online, using LoudSwarm platform by Six Feet Up.
Next year the conference will be held in Namur, Belgium!
So mark your calendars and stay tuned for Plone Conference 2022 news! Follow @ploneconf and #ploneconf2022 on Twitter and Instagram.
The Plone community, in particular the Volto team, is happy to announce that Volto 14 is ready and shipped!
It's been almost four months since the first 14.0 alpha release (2021-09-08), with more than 40 alpha releases since then, and yet the number of contributions keeps growing. This release puts Volto 14 on the same level with another memorable one, version 4. Being back on a regular release cycle is good and essential to the communication between the project and community members.
Volto 14 Highlights
Volto is Plone's snappy, modern React front end powered by the RestAPI, and the default for Plone 6.
Some of the highlights of Volto 14 include:
Production-ready seamless mode deployment
A significant performance boost to the listing block. Add as many as you want on a page!
And if you’re worried that the crawlers won’t see them, Volto now ships with server-side rendering support for the async blocks, including the listing blocks.
A new Search block was added. Build your own customized facet-powered Plone search engine directly from the browser.
Volto integration with Plone’s content locking
And many more changes to support the growing number of Volto developers and integrators:
Improved Storybook component documentation
Improvements to the forms implementation, now with support for default values
Further advancements to the Volto blocks extensibility. Now blocks can define a schema and are ready to be extended by default.
Volto’s main application scaffold generator now ships ready to display the stories included with the add-ons.
Releasing a major version of any software is hard. The nature of a major release is to accommodate and prepare the community for breaking changes, so it needs to be done with appropriate care and must be carefully crafted. It takes a lot of effort to keep every building block in the stack playing well with the other blocks, and, as you can imagine, the complexity of the Plone 6 stack is already high and is continuously on the move.
What's Next
Where do we go from here? Plone 6! Right now, the only major feature missing is content rules. The rest of Plone’s features are covered in Volto 14.
So the work is not over yet. We still need helping hands and contributors to continue the effort to make Plone 6 a reality. Everybody is welcome!
Thanks
We would like to thank all the people involved in creating Volto 14. It is amazing how much we were able to accomplish as a team, and as a community, these last four months.
Content locking is not a breaking change, but it's worth noting that Volto 14 comes with locking support enabled by default. Latest `plone.restapi` version is required. @avoinea
Use the block's title as the source of the translation instead of using the id of the block. See upgrade guide for more information @sneridagh
New i18n infrastructure in the new `@plone/scripts` package @sneridagh
Removed `src/i18n.js` in favor of the above change @sneridagh
Adjusted main `Logo` component styling @sneridagh
Fix logout action using the backend @logout endpoint, effectively removing the `__ac` cookie. It is recommended to upgrade to the latest p.restapi version to take full advantage of this feature @sneridagh
Revisited, rethought and refactored Seamless mode @sneridagh
For more information, please read the deploying guide https://docs.voltocms.com/deploying/seamless-mode/
Improve mobile navigation menu with a nicer interaction and a fixed overlay with a drawer (customizable via CSSTransitionGroup) animation @sneridagh
Use title instead of id as a source of translation in "Variation" field in block enhancers @sneridagh
Listing block no longer use `fullobjects` to retrieve backend data. It uses the catalog data instead. @plone/volto-team
Removed pagination in vocabularies widgets (SelectWidget, ArrayWidget, TokenWidget) and introduced subrequest to vocabulary action. @giuliaghisini
Move `theme.js` import to top of the client code, so it take precedence over any other inline imported CSS. This is not an strict breaking change, but it's worth to mention it as might be important and kept in mind. @sneridagh
Content locking support for Plone (`plone.locking`) @avoinea
Add the new search block @tiberiuichim @kreafox @sneridagh
Add `volto-guillotina` addon to core @sneridagh
Make `VocabularyTermsWidget` orderable @ksuess
Get widget by tagged values utility function in the `Field` decider @ksuess
In the search block, allow editors to specify the sort on criteria. @tiberiuichim
Enable to be able to use the internal proxy in production as well @sneridagh
`FormFieldWrapper` accepts now strings and elements for description @nzambello
Image block:
When uploading an image or selecting that from the object browser, Image block will set an empty string as alternative text @nzambello
Adds a description to the alt-tag with w3c explaination @nzambello
Provide Server-Side Rendering capabilities for blocks with async-based content (such as the listing block). A block needs to provide its own `getAsyncData` implementation, which is similar to an `asyncConnect` wrapper promise. @tiberiuichim @sneridagh
Defaults are observed in block data if `InlineForm` or `BlockDataForm` are used. @sneridagh @tiberiuichim
Support TypeScript usage in Volto projects @pnicolli
Added `LinkMore` component and link more in `HeroImageLeft` block. @giuliaghisini
Apply form defaults from RenderBlocks and block Edit using a new helper, `applyBlockDefaults` @tiberiuichim
Now each block config object can declare a schema factory (a function that can produce a schema) and this will be used to derive the default data for the block @tiberiuichim
Added `.storybook` setup in the Volto `app` generator. Volto projects generated from this scafolding are now ready to run Storybook for the project and develop addons (in `src/addons` folder).
Add new listing block option "fullobjects" per variation @ksuess
Style checkboxes @nileshgulia1
Add runtime configuration for `@babel/plugin-transform-react-jsx` set to `automatic`. This enables the new JSX runtime: https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html So no longer `import React from 'react'` is needed anymore. @sneridagh
Allow loading .less files also from a Volto project's `src` folder. @tiberiuichim
Add `autocomplete` Widget component - It holds off the vocabulary endpoint pull until you search (more than 2 chars). Useful when dealing with huge vocabularies @sneridagh @reebalazs
Add catalan translation @bloodbare @sneridagh
Updated Volto production sites list @giuliaghisini
Japanese translation updated @terapyon
German translations updated @tisto
Updated italian translation @pnicolli
Updated Brazilian Portuguese translations @ericof
Bugfixes
Fix `SelectWidget` vocabulary load on second component mount @avoinea #2655
Fix `/edit` and `/add` `nonContentRoutes` to fix `isCmsUi` fn @giuliaghisini
Register the dev api proxy after the express middleware @tiberiuichim
Fix on form errors in block editor, not changing to metadata tab @sneridagh
Fix SSR on `/edit` with dev proxy @tiberiuichim
Fix logout action, removing the `__ac` cookie as well, if present. @sneridagh
Do not show lead image block when the content type does not have the behavior enabled @sneridagh
Missing default messages from JSON EN language file @sneridagh
Show correct fieldname and not internal field id in Toast error messages on Add/Edit forms @jackahl
Get `blocks` and `blocks_layout` defaults from existing behavior when enabling TTW editable DX Layout @avoinea
Yet another attempt at fixing devproxy. Split the devproxy into a separate devproxy verbose @tiberiuichim
Add spinner on sharing View Button @iRohitSingh
Fixed `SelectWidget`: when there was a selected value, the selection was lost when the tab was changed. @giuliaghisini
Bugfixes to search block. By default search block, when empty, makes a simple query to the nav root, to list all content. Fix reading search text from URL. Implement a simple compression of URL. Don't count searched text as filter. Fix an edge case with showSearchInput in schema. Rename title to Section Title in facet column settings. Avoid double calls to querystring endpoint. @tiberiuichim
Use correct shade of black in Plone logo @sneridagh
Fix loading of cookie on SSR for certain requests, revert slight change in how they are loaded introduced in alpha 16 @sneridagh
Fix storybook errors in the connected components, api is undefined. Using now a mock of the store instead of the whole thing @sneridagh
CSS fix on `QueryWidget` to prevent line jumping for clear button when the multi selection widget has multiple items @kreafox
Fix disable mode of `QuerystringWidget` when all criteria are deleted @kreafox
Fix reset pagination in searchblock when changing facet filters @tiberiuichim
Fix the selection of Maps Block @iRohitSingh
`UniversalLink`: handle direct download for content-type File if user is not logged. @giuliaghisini
Fixed `ObjectBrowserWidget` when is multiple or `maximumSelectionSize` is not set @giuliaghisini
Fix full-width image overlaps the drag handle @iRohitSingh
Fix move item to top of the folder when clicking on move to top action button @iRohitSingh
Fix `downloadableObjects` default value @giuliaghisini
Folder contents table header and breadcrumbs dropdown now appear only from the bottom, fixing an issue where the breadcrumb dropdown content was clipped by the header area @ichim-david
Folder contents sort dropdown is now also simple as the other dropdowns ensuring we have the same behavior between adjecent dropdown @ichim-david
Fix documention on block extensions, replace `render` with `template` to match Listing block @tiberiuichim
Fix `isInternalURL` when `settings.internalApiPath` is empty @tiberiuichim
Fix external link not supported by Navigation component #2853. @ericof
Get Add/Edit schema contextually #2852 @ericof
Fix regression in actions vocabularies calls because the change to use contextual schemas @sneridagh
Include block schema enhancers (main block schema enhancer + variation schema enhancer) when calculating block default data @tiberiuichim
Use subrequest in hero block to not lost locking token. @cekk
Always add lang attr in html @nzambello
Fix time widget position on 24h format @nzambello
QuerystringWidget more resilient on old schemas @nzambello
In search block, read SearchableText search param, to use it as search text input @tiberiuichim
Fix missing translation in link content type @iRohitSingh
Fixed drag-and-drop list placeholder issues @reebalazs
Update demo address @ksuess
Update list of trainings documentation @ksuess
Scroll to window top only when the location pathname changes, no longer take the window location search parameters into account. The search page and the listing block already use custom logic for their "scroll into view" behaviors. @tiberiuichim
Add missing layout view for `document_view` @MarcoCouto
Add missing `App.jsx` full paths @jimbiscuit
Internal Changes
Upgrade to react 17.0.2 @nzambello
Update to latest `plone.restapi` (8.16.2) @sneridagh
Upgrade to `@plone/scripts` 1.0.3 @sneridagh
Remove built workingcopy fixture environment based on local, back to docker based one @sneridagh
Add `omelette` to the local Plone backend build @sneridagh
Optimize npm package by adding `docs/` `cypress/` and `tests/` to .npmignore @avoinea
Use released `@plone/scripts`, since the builds are broken if it's a local package @sneridagh
Use `plone.volto` instead of `kitconcept.volto` @tisto
Silence customization errors, they are now behind a `debug` library namespace @sneridagh
Add development dependency on `use-trace-update`, useful for performance debugging @tiberiuichim
Improved developer documentation. Proof read several chapters, most importantly the upgrade guide @ichim-david
Use Plone logo (Closes #2632) @ericof
Footer: Point to `plone.org` instead of `plone.com` @ericof
Fix `make start-frontend` @tisto
Update all the tests infrastructure for the new `volto-guillotina` addon @sneridagh
Add locales to existing block variations @sneridagh
Add RawMaterial website in Volto production sites @nzambello
Removing the hardcoded default block type from text block @iRohitSingh
Updated Volto sites list @giuliaghisini
Cleanup dangling virtualenv files that should not be committed @pnicolli
Remove bundlesize @tisto
Upgrade stylelint to v14 (vscode-stylelint requires it now) @sneridagh
Add several more stories for Storybook @tiberiuichim
Add 2 new Volto websites by Eau de web for EEA @tiberiuichim
Fix references to old configuration style in apiExpanders documentation @tiberiuichim
Add `applySchemaDefaults`, in addition to `applyBlockDefaults`, to allow reuse in object widgets and other advanced scenarios @tiberiuichim
Fix select family widgets stories in storybook @sneridagh
Remove getNavigation from `Login.jsx` @iRohitSingh
Allow listing block to be used in non-content pages (when used in a slot it shouldn't crash on add/edit pages) @tiberiuichim
Fix typo "toolbalWidth" @iRohitSingh
Update all requirements and the reasoning behind them in builds @sneridagh
Update Plone version in api backend to 5.2.6. Update README and cleanup @fredvd
Document CI changelog verifier failure details that mislead contributors @rpatterson
Volto continues to innovate at a fast pace towards Plone 6. Today we released another major milestone on our road to Plone 6: Volto 14.
Volto 14 was in the making since September 2021 and it is in active use in various projects at Eau de Web, Red Turtle, Rohberg, kitconcept, and others.
Volto 14 comes with a set of new exiting features: a new search block that supports faceted search, locking support, a new seamless mode that makes deploying Volto easier, a new mobile navigation and support for Node 16.
Faceted Search Block
The new search block allows editor to create sophisticated faceted searches through the web without writing a single line of code.
Editors can define criteria for the content that is listed, like in the existing listing block in Volto.
Then editors can then choose arbitrary facets that are displayed to the users to choose from to narrow down the search.
Locking
Locking in a Content Management System is a mechanism to prevent users from accidentially overriding each others changes.
When a user edits a content object in Plone, the object is locked until the user hits the save or cancel button. If a second user tries to edit the object at the same time, she will see a message that this object is locked.
Content object in Volto 14 that is locked by another user
Locking requires at least plone.restapi 8.9.0 or plone.restapi 7.4.0 to be installed.
Seamless Mode
The new “seamless mode” allows zero configuration deployment by avoiding hardcoded environment variables in builds involved, and establishing good sensible defaults when setting up deployments (and also in development). So the developer/devOps doesn’t have to overthink their setups.
These are its main features:
Runtime environment variables
Unified traversal ++api++
Use Host header to auto-configure the API_PATH
and these immediate benefits:
Avoid having to expose and publish the classic UI if you don’t really need it
If possible, avoid having to rewrite all API responses, since it returns paths that do not correspond to the original object handled and “seen” from Volto, so you have to adjust them (via a code helper) in a lot of call responses.
Simplify Docker builds, making all the configuration via the runtime environment variables
Seamless Mode requires at least plone.rest 2.0.0a1 to be installed.
New Mobile Navigation
We polished the mobile navigation for Volto 14 to improve the user experience on mobile.
Volto 14 is an important step towards Plone 6. Volto 15 will switch the default editor from DraftJS to Slate editor and it is planned to be ready in Q1/Q2 2022. This is the last big step for Volto before Plone 6 can be released.
The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!
Episode #04 on 10 December 2021 featured a discussion of the plone.org relaunch effort including content migration using collective.exportimport, a demo of Plone 6 alpha including how to install Volto add-ons, news about the Plone Foundation and the Plone Shop (offering vintage conference tee shirts), some notable add-ons (collective.taxonomy, collective.revisionmanager, collective.impersonate, plone.pdfexport), and a remembrance of Max Jakob, a dear friend of the Plone community. Go to the Newsroom page to view other episodes.
As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be December 14th at 13:00 UTC (15:00 CEST). Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.
This year's conference was a 9-day event for the Plone, Zope, Volto, Guillotina & Pyramid communities and consisted of training, talks, and sprints. The conference provided insight into the long history (20 years!) of Plone CMS as well as the latest, future-proof features and visions.
Plone - The original, open-source, enterprise-grade, all-in-one content management system written in Python.
Zope - The original Python web application server - the foundation for Plone and inspiration for Guillotina.
Volto - Plone 6's snappy, modern React front end powered by the RestAPI.
Guillotina - A re-imagined asynchronous back end compatible with Plone's RestAPI.
Pyramid - A small, fast, down-to-earth Python web framework.
With 295 attendees from 30+ countries from over the world, from Jamaica to Japan, USA to the UK, Germany to Finland, to Austria, Brasil and Australia, the conference attracted many newcomers to the community, in addition to long-time contributors since the early days of Plone.
With the help of our sponsors, like Six Feet Up, iMio, and many others, the conference was held 100% Online, using LoudSwarm platform by Six Feet Up. LoudSwarm nicely combined video streaming, recordings, schedules, and chat discussion.
Every training, talk, and presentation was recorded and will be available online on Plone YouTube channel later.
Group Photo of Plone Conference 2021 Online.
Training
As in previous years, the conference included over 30 hours of free training, with topics including Mastering Plone, Volto Addons, Pyramid, and Guillotina.
The training videos are already publicly available on YouTube.
Talks and Open Spaces
The 4 days of talks included almost 60 professional presentations, ranging from addressing specialized use cases to building and managing projects and into very technical talks about some aspect of a certain technology. Many of the talks focused on Volto, Plone 6's new React-based frontend, and there was also a lot of discussion about the future of Plone 6.
With Open Spaces and 5 min lightning talks, it was possible to bring into focus many other aspects and topics.
Every Plone Conference includes at least two days of sprinting, so after the conference talks, people continued to meet, working to improve and develop the Plone ecosystem.
Sprint topics included e.g.
Plone 6 roadmap
Volto
Documentation
Image handling
Docker support for installers
Plone.org renewal
Community
The Plone community aims to be the most welcoming and friendly community towards new users and veterans alike. We are happy to report that this conference brought many new faces and we sincerely hope that everyone felt the love.
The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!
Episode #03 on 11 November 2021 featured a recap of the Plone Conference and the Conference Fanzone in Sorrento, Italy, plus information about Plone 6 development status, volto-eea-kitkat, and the add-on collective.taxonomy. Go to the Newsroom page to view other episodes.
Distilled from the latest work done in Volto, we're showcasing some patterns, features, or enhancements that have landed in Volto from the last year to the present. We will also have a glimpse of what is ahead in the future of Volto with the new features roadmap.
In the past year we had four major releases, 40 minor releases, 36 alpha releases, 25 patch releases, for a total of 105 releases. Plus some new tooling and tool releases, like plone i18n and plone generator.
New Volto config, dubbed as Volto's Configuration Registry, introduced to fix circular import dependency problems. Hot Module Reloader was fixed. Read the upgrade guide.
New i18n (internationalisation) infrastructure. This is now a separate package. Same is used for generation of i18n in add-ons.Read the upgrade guide.
Forms as schema. Forms should be constructed from schemas instead of by hand. InlineForm allows us to create forms for blocks from a schema. Blocks can have variations, or we can extend it. Read the edit component documentation.
New widgets:
Object List Widget. Similar to the original DataGridField. Used in core by the Search Block facets.
Object Browser Widget is now a separate widget, instead of part of a block, and now allows the addition of external content.
Querystring Widget. Behaves like its counterpart from plone.app.querystring. Allows to create search criteria, used by the search block.
URL Widget. Used on text inputs, it knows to validate their value as a url, both internal and external.
Vocabulary Terms Widget for a JSONField, acts as a source for a SimpleVocabulary or Choice field. Play with it in the storybook.
Storybook provides a sandbox to build and test visual components in isolation. Currently it is only setup to be used by Volto core. We need help with work to have storybook setup with adding. See the Storybook talk held by Victor, and see the storybook itself.
Critical CSS: inline the critical CSS for improved performance. Run critical-cli to output critical.css. This is then inlined in the headers, while regular CSS is moved to the bottom of the body. See the deployment documentation.
Lazy Loading utilities. Introduced injectLazyLibs HOC wrapper to inject lazy-loaded libraries as properties to your components. These components are only loaded once all your main libs are loaded.
Express.js middleware. Volto uses this for SSR and static resources serving. You can now write custom middleware and add it to settings.expressMiddleware.
API expanders allow the expansion of different API endpoints from Volto with calls from your custom endpoints. Avoid adding too many expanders if they are not critical to the initial page.
External routes: useful when another application is published under the same top domain as Volto. If Volto would fetch the content for that path, it will break. You can disable this path in config.settings.externalRoutes. You can also use regular expressions.
Seamless mode, introduced in Volto 13, enhanced in Volto 14, which has already seen a lot of alpha releases. Originally, we tried to unify both frontend and backend servers under the same path, but this was tricky, causing various problems. We settled on a new ++api++ traversal for getting information from the backend. Also, to come closer to zero config, you can now pass environment variables at runtime instead of build time. This means you can generate one build, and use this in all environments (testing, production). Read the deployment documentation.
Context navigation component. This is a navigation portlet component, similar to Classic Plone. The view is there, but you need to enable it. See the development recipe.
There is some work in progress:
Slots are Volto's answer to portlets, see the Volto Slots talk by Tiberiu Ichim for more details.
Image proxy: image scale generation done by a middleware instead of plone.scale.
Authentication from backend.
Replace Draft.js editor with Volto Slate. What is missing is a migration tool from one to the other. But work has started on a block conversion tool.
Async blocks that work with SSR.
Defaults in blocks form.
Future work:
Defaults in all widgets
Enable blocks enhancers in all blocks
Storybook in add-ons
Use newest react-intl package
Refactor the folder contents component
Form editing text enhancements, making it easier to modify text inputs.
A "group block" included with Volto
Quanta toolbar
I did nothing, I just brag about what others have done. So thank you Volto early adopter community!
This presentation is an introduction to the new Volto developer-targeted feature, the Pluggables framework. It is more an argument for extensibility in CMS UI and in Volto.
Basically, with Pluggable a central component provides a pluggable slot that other components can fill, like this:
But the EEA sites are less brochure, the CMS side is really strong.
We build powerful UIs for power users.
The EEA already has 91 Volto repositories on GitHub. How can we scale that? Can we write an add-on to make it easier to write an add-on?
In React, data flow is top to bottom. A parent component passes properties to children and children communicate with the parent by emitting events. This makes sense and works well. For "out of tree" data you need Redux. There is no protocol for add-hoc communication between components.
UI state is fluid. Extensibility means reusability and scalability. This is hard. You need to design upfront. Plone backend uses the Zope Component Architecture, which means pluggability is baked in, it is very natural. You can view Pluggables as viewlets-on-demand, but they are really not. But yes, you can think about a Pluggable as a viewletmanager and a Plug as a viewlet.
You can overwrite a Plug with a Plug, by registering it with the same id. So if the original Plug gives you color blue, you can overwrite it with color red. You can do custom rendering of Plugs within your Pluggable, by iterating over all Plugs and for example wrapping each in a div with a class name.
I am one of the Plone Release Managers, and have been working on Plone 6, which is now in alpha stage. But my personal website was still using the ancient Plone 2.5:
Screenshot of my website end of October 2021: still Plone 2.5
Often I have made plans to update my site to:
Plone 3
Grok
Plone 4
Plone 5
Plone 5.2
finally Plone 6
Long ago it was clear to me that an inline migration would not be practical. It would take too many steps: update the code to Plone 3.3, migrate the data, to Plone 4.3, migrate data, to Plone 5.2 Python 2.7, migrate data, Plone 5.2 Python 3, migrate data, Plone 6, migrate data.
Additionally, the question was how to handle the weblog, which is the main content. This was using Products.Quills, a Plone add-on for blogs. Updating to Plone 3 could have worked at the time, but this was made harder by some some custom code I added. This enabled me to use it as a podcast. I used this to enrich some of my summaries of sermons from my church with the actual audio of the sermon. I doubted whether to even include this content in Plone 6, as the last sermon was from 2008. I hate breaking links, so I kept it, although a bit hidden.
Another point that needed some extra attention, was that most, if not all, blog entries were not written in html, but in ReStructuredText. I make a lot of summaries of talks when there is a Plone Conference. The html editor on Plone 2.5 did not work anymore, or I disabled it to a simple textarea. I always open up the same text editor that I use for programming (previously Emacs, currently VSCode), and type the summary there. I much prefer writing ReStructuredText there, especially when I simply need text without any markup. I then paste it in Plone, without fear of losing all my work when my internet connection dies.
Lastly, I have an RSS/atom feed which is used by planet.plone.org and maybe others to stay updated when I add a new blog entry. I did not want this url to change.
Anyway, about six years ago I decided that I would use collective.jsonify to export my site, and then import it using transmogrifier. But time passed without any progress. This year, collective.exportimport was shaping up to be the preferred way to import the data. For export you can use it in Plone 4.3 as well, but definitely not in Plone 2.5.
At the beginning of this week I looked at jsonify. Didn't I have a local copy of my website on my laptop, with collective.jsonify installed? No! And it was not installed on the live site either. And installation would be hard, because the site uses Python 2.4, and currently you cannot even reach PyPI with older versions of Python 2.7.
Mildly panicked, I started on a custom script to export the content, still as json. Some details aside, this actually was not so hard. I looked at what collective.exportimport expected, and created the Python list of dictionaries accordingly. Then do a simple json.dumps() call and you are done. Except that this gave an ImportError: the json module is not available in Python 2.4. Okay, install simplejson package. But you need PyPI access for that, which does not work. Workaround:
Manually download an egg of Python 2.4-compatible simplejson 1.7 and save it in the buildout directory.
cp bin/instance bin/instance-json
Edit the new script and add the simplejson egg to the system path.
bin/instance-json run export_mvrsite25.py
After that, it was not too hard anymore. I used plonecli to create a new add-on with Plone 6.0.0a1. I actually do not yet use the add-on code, except for loading a minor patch that I added, but this gave a reasonable, modern Plone 6 buildout. Create a Classic Plone site, tweak a few settings (let Folder use folder_workflow, allow English and Dutch, navigation depth 1, enable syndication, configure caching and mail), import the content with collective.exportimport, edit a bit, and done.
The weblog now consists of standard Folders and Pages. To improve the view, I added a Collection, showing the latest pages first, and showing all content of the last seven blogs. I enabled syndication here, so it has an RSS/atom feed.
The weblog has always advertised two atom feeds:
One for all weblog entries, at https://maurits.vanrees.org/weblog/atom.xml
One for weblog entries with keyword 'plone' at https://maurits.vanrees.org/weblog/topics/plone/@@atom.xml
In the new site, the first one kind-of worked out of the box, but it only showed the items that were directly in the weblog folder, and this is not where my weblog entries are. I solved this with a patch to Products.CMFPlone.browser.syndication.views.FeedView: when atom.xml is viewed on a folder, check if it has a default page, and show the atom.xml of this default page instead. In this case, the default page is a Collection with the correct settings. So the general feed will keep working.
For the second one, my first idea was to create a folder 'topics' and within it a Collection with id 'plone'. Problem: 'plone' is a reserved word and cannot be used as id of a content item, so the id became 'plone-1'. Solution here: create the 'plone-1' collection directly in the weblog folder, and do a redirect in the frontend server (nginx):
And that's it! My website is now on Plone 6.0.0a1:
Screenshot of Site overview in new site.
There are some more details that I could go into, like splitting up the buildout into multiple parts, with tox as main way to build everything, in preparation for moving more and more parts to pip-only. But that will have to be for another time.
Meanwhile: have a look around, and enjoy the fresh look!
Volto 14 alpha 23 is out. So still in alpha, but companies are using it in production.
Should be final soon. Some plans for Volto 15.
Created plone.volto integration package, where we try to give an easy transition from earlier company-specific versions.
plone.restapi as always is pretty boring, stable.
Erico worked on Docker integration.
Plone 6 alpha 1 is out.
Eric sent an email for some coordination, like docs, training, accessibility, installers.
If you want to be involved, let me know.
Franco has stepped out of the Framework Team, thank you for all your work.
There is discussion about the role of the Framework Team.
Plan is to keep it running, some more people have been asked.
Membership team: we have some people in sight as new members.
Erico is stepping down as team lead, Victor is stepping up.
Security: Plone 6 will have 5 years security support.
Synchronizing with Zope team.
Some new members may be coming.
Marketing: busy with conference, also after the conference.
Busy with plone.org renewal.
Installers: see the talk by Jens Klein earlier.
Plone 6: no more installer, but we do have tooling.
There are Docker images.
We may want to reduce the role of buildout, and focus more on pip.
Plone Conference: you are looking at it.
Some tasks to do afterwards.
If anyone is interested in getting a certificate for following a training, ask us, and we can send it.
Internationalization: new branches for Plone 6, so Plone 5 uses different branch.
New releases for 5 and 6.
Updating po files, looking at i18n in Mockup.
Admin/Intrastructure: servers are still running.
Cat herding sysadmins for doing stuff, keeping things up to date.
Trainings: relaunch is complete.
We have three new trainings: Theming Plone Classic, Deploying Plone 6, Getting Started with Plone 6 (that one only in video).
Various have seen major updates.
Need to work on landing pages (we have two), remove the number 5 from the url, update some more trainings.
Maybe Mastering Plone Classic training, but hard with navigation due to duplicate section targets when copying.
Migration training would be good.
We need to prune and tag some.
Plone Classic: We did polishing on Barcelonate, it is pretty ready.
Focussing on bobtemplates before the trainings, making theming easier.
JavaScript/ES6 is the remaining big issue.
Plan is to finish it this year, we are quite far.
We need other people helping us out.
Documentation: will be releasing a new Plone 5 branch today.
For the new stuff, the tech stack is ready.
New version of automated screen shot is about ready.
We don't want a duplicate of the training, but we can automatically include code of it, so there is only one source of truth.
The style guide is not always followed, seeing what we can do about that.
Biggest point is missing documentation.
There are now branches where the various teams can add and edit their content.
We may change things, but we take this as input for the final structure.
This is a basic rundown and summary of our beloved subjects like ZODB persistence.
Traversal.
The view/viewlet/portlet trinity.
How is a call handled in Plone.
The differences between zcml and generic setup.
Utilities and the ZCA.
restrictedTraverse.
The Plone catalog.
These are surprises that I have encountered myself, or that I have seen on faces of people I have trained or worked with during the years.
Everything can or could be done through the web (TTW).
Zope vision from the nineties.
Why don't we use this dynamic language called Python so we can change things TTW?
It's so easy.
The learning curve.
It starts easy, but then you hit what we call a Z-shaped learning curve.
Dynamic Python makes things easy, and then it makes things hard, at least when you put Zope on it, then CMF, then Plone.
Plone the product on top of a CMS on top of a framework on top of a language.
We have a product, a framework, a stack, so it is hard.
Five levels of conceptual complexity.
It helps to teach all the levels.
Give new users a drawer for each level, so they have a box that they can put some info in.
XML is used for the ZCA, GS, zope.schema, Diazo rules
package manager: buildout, pip, setuptools, GS
But: there is no magic.
It is just advanced technology.
Startup:
Python uses sys.path modules to start bin/instance
ZCA loads site.zcml, package includes, other zcml to change configuration.
Then we have a runtime environment with objects and classes, the ZODB.
GenericSetup is then some XML that you can use to change the ZODB.
So the ZCA overrides components in runtime.
The alternative is to edit core files, maybe compile them, and restart. Much less nice and not sustainable.
So now we have a Plone process running.
Zope is not that complicated.
Over HTTP Zope gets a request, does traversal, finds an object in the ZODB, loads it in memory.
Then on top of this object we show a browser view / template.
The template hooks into a main template, maybe does some sub requests, some Diazo, and we end up with some html and we are done.
This is all still 'lies to children'.
It is simplified until we are able to understand more.
With increment exposure to these concepts, it will stick more.
It is complicated, but there is no magic.
Acquisition.
It is traversal in the wrong direction.
When you try to explain things, you improve your own understanding.
There is so much Plone content online: training, docs, youtube, github, discourse.
We all learn in different ways, with own preferences, reading, viewing.
There are so many repositories on github that you can explore for new ideas.
Just yesterday Philip did a talk about exportimport and afterwards I did it, but from a different angle. It helps.
Migrating a site is always a challenging task, but when you have dozens of subsites with specific brand standards and custom user functionality, the challenge becomes mammoth.
Six Feet Up worked hand-in-hand with Purdue's College of Engineering to migrate their existing Zope site and its subsites into a new Plone instance running on Plone 5.2 / Python 3.
Throughout the migration process, we considered the project scale, timelines, and limiting the impact on end users, all while managing the balance between user needs and best practices.
During this presentation, you will learn:
why it matters to think user-first during migration,
about creative solutions for translating content and functionality into Plone, and
how to successfully migrate subsites.
An overview of the project:
HigherEducation always seems to go a bit slower, certainly with migrations.
Our previous CMS was built in Zope and was getting extremely old.
We have been using Python since 2001.
There were security concerns and modernization issues.
The impact:
Only 15+ content editors.
40+ public facing subsites
30,000 total pages.
20+ departments and units
Why did we select Plone as the next CMS?
It is a modern CMS solution
Python-based, so that fit what we currently have.
It is built on top of the Zope web framework that we were already using.
We looked at Drupal, Wordpress, and more, but that would have been a too big undertaking.
This was in 2018.
Laying out the solution.
From requirements to action.
Who are our users and what do they want?
Not just our direct client (Will and his team) but their clients/users.
Challenges during development:
Purdue University changed its brand look.
We had to seamlessly blend subsites into the existing parent site.
Convert all content types and templates from Zope to Plone.
Keep sight of the user experience in both environments.
Could they use the new environment without too much training, or needing to have too much tech knowledge?
Determine the project essence.
Distill the requirements down into broad categories:
accessibility, usability, flexibility, security.
What is the path to successful collaboration?
The absolute best might not be the right answer.
It's okay to say no to an idea, but you dhouls have an alternative ready.
Aim for the best, avoid the dangerous, end up somewhere in the middle sometimes.
On to our development goals:
Do things in a Plone way.
Plone uses Zope, but Zope may do some things in a different way than is the best way in Plone.
So observe best practices.
Make it intuitive and keep it familiar for the editors.
Solutions at a glance
Migrating site content:
We wanted to move subsites one by one, as needed.
Translate existin content to Plone content types
We could re-import content over existing content non-destructively.
Theming: retrofitting Plone into an existing theme.
That is what Diazo was made for, bridging the gap between Plone and the theme,
especially since the theme is 'living', with subtle changes coming in often.
Each subsite had a browser view named local.css to change some things.
Not really what you want in Plone, but they really needed it, as a way to make subsites or sections look different.
So we added an action to edit the local css, inheriting from parent folders.
We created a subsite settings control panel.
We used lineage.registry for this.
All kinds of customizations can be done based on that, for example add extra text and links in the navigation menu.
They used to be able to do this in Zope as well, but that was with various properties, and much more code oriented.
We use Mosaic for flexibility of layout.
In Zope we had blocks for layout.
Mosaic took this a step further into a nice UI with drag and drop.
It gives faster site prototyping and development.
The sandbox: we wanted to have safe spaces for content experimentation.
Completely separate from production environment.
It is used for new user training and testing.
It is quick and easy to reset.
This migration project has been a constant collaboration between the Purdue communications office, Engineering Computer Network, and Plone company Six Feet Up.
The content editors feel empowered to make complex changes, without constant oversight from my team.
Enfold has been working on a secure cross platform mobile application the past eight months.
Walk through of the Requirements, Security, Flutter framework, Backend configuration of Plone, Authentication and Lessons Learned.
Our goal is to have a free public release of a limited version of the application Q4 2021.
It was an adventure for us.
The core team never built a large mobile application.
We did not know what we did not know.
The big picture:
A mix of devices (Android, iOS) needs to synchronize files to and from Plone.
All services are self-hosted in GovCloud. So we have no central database or server that we control.
If this becomes a success, then future phases may require a lot of certification of the codebase, code reviews.
Initially we worked with 15k devices, supporting 40k would be a success, the ceiling that we might support is 300k.
Users are completely offline for longer times.
We used Flutter to create a React native app, see https://flutter.dev
It is a UI toolkit.
Why did we use Flutter?
It is cross platform mobile.
It uses Dart, which is statically typed, making code analysus much easier.
Google seems to be prioritizing developer user experience, it really shows of quite a bit.
Dart has asynchronous code as a first class citizen.
Quite different from Python. Runtime reflection (pdb) is unavailable.
It has good ergonomics, with generics and closures.
It is a driving force behind the Flutter toolkit.
Thoughts on mobile development:
It is a lot to take in.
You need to understand lots of languages, for us: kotlin/java, swift/obj-c, and Dart.
No idea how to test platform integration.
Native libraries are managed using Cocoapods/Gradle. Flutter drives those. Setting it up is yet another new thing to learn.
There are lots of inconveniences, like how do you read sqlite off a device, because that is how we store some of the info?
Also inconsistencies: if the app works on an emulator, that does not mean it works on a device.
On the server side:
Plone operating as a Webdav server
We need to support OIDC (mod_openids/oauth2)
Not many writes, maybe 100-1000 per day, but lots of reads.
20k+ devices daily
Alternatives to the server/protocol could be nice:
Honestly, are there any standards other than WebDav?
An S3 api would be reasonable.
So ideas are welcome, let me know.
We have been working on prototypes with guillotina_webdav + openidc.
The good parts of Flutter:
UI/UX development is very fast, with lots of widgets.
We had two developers who were used to Angular, and they took it up quite fast.
The bridge to native code (Pigeon) is straight forward.
Drift is an amazing sqlite library.
Riverpod for state management
Dependency management is good (flutter pub). You can tell that they learned a ton from others, like pip.
Except that very occasionally the package cache is broken so you need to clean it.
They have a good community, with add-ons.
The not so good parts of Flutter:
Inconsistent platform features, like WorkManager (Android) versus NSUrlSession (iOS)
Dependency churn: often new versions come in, which you then need to check.
The mobile app:
We are still wrapping up the remote file operations.
After we deploy into production, we will improve the UI.
Yes, we hope to open source the synchronization framework, and maybe the foreground/background transferring subsystem.
Yes, we have built a Flutter web-app of this, but it looks just like the mobile app currently. Needs a separate layout really.
No, we have not done a Desktop app.
We are looking for financial sponsorship on a regular basis.
Open source is a labor of love, but we also need money.
The Plone Foundation supports the community financially for sprints, conferences, releases.
We have administrative costs, like for trademarks, lawyers, hosting.
So you support independent media producers via Patreon, Substack, Medium, Youtube?
How much? If not, maybe your boss does?
Have you watched listened to the Plone podcasts?
Sponsors can be providers, customers, universities, companies that somehow use Plone.
We couldn't do it without you.
Two stories of government websites, in this case UK and Australia, where other CMSes won the day.
Maybe with Plone 6 we can gain some ground back.
PreviousNext is a Drupal shop in Australia.
In 2012 aGov launched, a distribution of Drupal specifically for Australian Government websites.
That was cleverly done.
They organized a Drupal conf in Canberra, the capitol.
Most of the stuff could not have been done without support by Acquia, the behemoth company behind Drupal.
It helps to be able to say that they have got you backed.
Then the UK.
In 2012 Gov.uk launched.
2013 Service manual published.
Ideas for Plone:
Open CMS for a specific government.
Acquia equivalent
How to sell o governments that have been burnt by Plone?
Target internal React developers.
Use a better term than 'enterprise'. Governance CMS for React Developers?
We are moving Mockup and Patternslib to ES6.
We replaced some Mockup patterns with patterns from Patternslib.
Most mockup patterns are finished, just a few left that need a bit of work.
Plone Classic UI frontend works basically, some issues left in control panels mostly.
Things will get easier.
No more RequireJS yelling at you.
Add-ons can provide, require and ship any javascript module.
Plone will only load everything once, thanks to Webpack module federation.
Timeline: ES6 branch will be merged in the coming months.
Give it a try using the buildout.coredev repository and:
Snowfakery is a tool for generating fake data that has relations between tables. Every row is faked data, but also unique and random, like a snowflake.
To tell Snowfakery what data you want to generate, you need to write a Recipe file in YAML.
You may want realistic data in tests, but not production data.
I write a yaml file and tell it how many folders and documents to create.
I let snowfakery export this to json.
Actually, I have defined a slightly different format for Plone.
This outputs a json file that can be used by collective.exportimport.
For the training this year for the first time I used one editor for both Volto and Classic.
This is because of one VS Code trick.
I use the Pylance language server for VS Code, which is fine, but it cannot initially find the Plone code.
Simple fix for that: I have a script zopepy in my bin folder.
Find it, copy the path, in VS code configuration go to 'Python: Select interpreter', and paste the path.
After a few seconds, or maybe reloading an open file, it works, and VS Code finds all packages and modules.
Plone loves containers.
Some have had a love/hate relationship with Docker, but we are over it.
Maybe Docker is over it too.
We have a new generation of Plone Docker images:
- ``plone/plone-backend`` 5.2.6 and 6.0.0a1
- ``plone/plone-frontend`` Volto 14.0.0-alpha
- ``plone/plone-zeo`` is still available (5.2)
- ``plone/plone-haproxy``
Use your own Plone image, with an example extra add-on:
FROM plone/plone-backend:6.0.0a1
RUN ./bin/pip install "pas.plugins.authomatic --use-deprecated legacy-resolver"
The use-deprecated option should hopefully not be needed in the near future.
Maurits has opened a [PR in pip](https://github.com/pypa/pip/pull/10574) for that.
All these images are based on pip.
One point: do not use autoIncludeDependencies in your zcml, as this does not work with pip.
At last year's Plone conference, I presented Pyruvate, a WSGI server implemented in Rust (and Python).
Since then, Pyruvate has served as the production WSGI server in a couple of projects.
In this talk I will give a project status update and show how to use Pyruvate with Zope/Plone and other Python web applications and frameworks.
I will also present some use cases along with benchmark results and performance comparisons.
WSGI is the Python webserver gateway interface.
It is the default way for Python apps to talk with a webserver.
During the Python 3 migration of Zope and Plone, WSGI replaced ZServer as the default, since Plone 4.
The ZODB is not thread-safe.
This means there is a limited choice of WSGI servers.
The Zope docs recommend only two: waitress and Bjoern.
Other popular servers showed poor performance for Zope.
Rust is a new, popular programming language.
It can also be used to extend Python packages.
The cryptography package does this, and we all use this package.
Using pyruvate with Zope/Plone.
In buildout you add pyruvate to the eggs of your instance, and use a different wsgi-ini-template.
Pyruvate supports active Python versions, currently 3.6-3.10.
Using Mio to implement I/O event loop.
Worker pool based on threadpool, 1:1 threading.
A PasteDeploy entry point.
It is stable since 1.1.0.
Supports Linux and MacOS
Hosted on Gitlab
There are binary packages for Linux, so there you don't need a Rust compiler to install it.
Let's see about performance.
As starting point: Performance analysis of WSGI servers by Omed Habib,
see Appdynamics blog.
This is a performance comparison of 6 WSGI servers, published in 2016.
Tested were: Bjoern, CherryPy, Gunicorn, Meinheld, mod_wsgi and uWSGI.
Benchmarking tool was wrk.
The test WSGI application simply returns some headers, and the text "OK".
I changed the original setup.
Swapped Meinheld and mod_wsgi for Pyruvate and Waitress, swapped CherryPy for Cheroot.
Use Python 3 only.
Now we look at the metrics.
Number of requests served:
Bjoern is by far the best.
Pyruvate does not do so well with lower number of simultaneous connections,
but with higher numbers, it jumps to second place after Bjoern.
CPU usage:
Bjoern is single threaded, so is 100 percent, the others can do more.
Gunicorn starts the best, but drops in performance with more simultaneous connections.
Pyruvate starts slightly below it, but sustains it better.
Memory usage:
More or less okay for all.
Except uWSGI, where memory usage steadily goes up.
Errors:
With increasing load, all servers show errors on higher load.
Except waitress and Pyruvate.
uWGI always shows errors for every single request, so something is wrong.
But it still serves the request. So maybe an issue of the benchmarking tool.
Why is Bjoern so much faster?
Good implementation, many optimizations.
It is single threaded. Switching from single to multi-threaded comes with benefits and costs.
Shared access to resources adds to complexity.
Offloading requests to worker threads only makes sense when there is something to work on,
which is not the case in this benchmark.
Python's GIL generally makes multithreading less effective.
Let's look at benchmarking Plone 5.2.5.
Testing with Bjoern, Pyruvate and Waitress.
All three serve the Zope root about 600 requests per second, and this stays the same when simultaneous connections increase.
Serving the Plone root: all three about 27 requests per second.
Number of errors, mostly socket errors:
Bjoern starts giving errors a bit earlier, starting from ten simultaneous connections, but it holds up well.
Pyruvate and waitress start giving errors at 50 simultaneous connections.
With 100, Pyruvate does a lot worse than Bjoern, and waitress even more than that.
So you really can't have that many simultaneous requests to Plone.
CPU usage is the same, all 100 percent.
In this setup I have used one worker for each server.
Serving /Plone as json: Bjoern is slightly better than Pyruvate, which is slightly better than waitress,
but all are around 500 requests per second, quite close to each other.
The most interesting is number of requests served when getting a 5.2 MB blob from blobstorage.
Bjoern is around 200, Pyruvate 180, so close, and waitress a lot worse, dropping from about 80 to 40.
Next setup: 2 threads for Pyruvate and waitress.
Pyruvate is then better than Bjoern.
Waitress starts better, but cannot keep up.
Using 2 threads but 4 CPU, Both Pyruvate and waitress are a bit better than Bjoern, and keep it up.
Conclusions from benchmarking:
Bjoern is the winner when using a single worker for all URLs except /Plone.
When serving a more complex page such as /Plone, there is no real difference in the number of requests served,
but Bjoern is showing errors a bit earlier.
Adding one thread plus sufficient resources lets both Pyruvate and waitress perform better than Bjoern.
All configurations failed to sustain higher loads, more than 50 connections.
Bjoern and Pyruvate are serving blobs a lot faster than waitress.
Pyruvate can challende waitress in all scenarios.
When adding worker threads, Pyruvate seems to make better use of resources than waitress.
As test I setup Apache for fair balancing between two ZEO clients on Plone 5.2,
one served by Pyruvate, one by waitress.
Consistently more requests are sent to Pyruvate (53 percent).
Problem: Volto has no equivalent of a viewlet.
Solution: slots.
They can be management slots, presentation slots, below-footer slots.
One reason: we try not to customize the main template.
Volto also does not have portlets.
Well, if you really want them badly enough, you can have them.
There is a PR in plone.restapi to export portlets, so you could render them in Volto.
Idea: reuse Volto blocks for layout.
Plone has had portlets for a long time, and it is very useful, especially for smaller sites.
You should not have to be a web developer to change the website layout.
Portlets give site administrators some power to influence the look of their own site.
We should keep that possibility.
Volto's slot proposition:
Simplify configuration. Portlets in Classic need too many files.
Volto blocks are very expressive.
Require Modify Portal Content permission for slots.
UI Power: give more capabilities:
- atomic blocking of parent blocks
- override parent blocks
How can we use them?
Sidebars: listings, info boxes, navigation
section headers, content
Current status: big PRs on plone.restapi and Volto.
Overall the basic functionality is 60-70 percent ready.
I will do a live demo.
As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be October 29th at 13:00 UTC (15:00 CEST). Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.
The big one: Volto as new front-end, using React, built with modern JavaScript tools.
The backend is now called Plone Classic. It generally works the same as Plone 5.2, so if you are not ready for Volto yet, you can just use this.
Support only for Python 3.7, 3.8 and 3.9.
Zope 5.3
Extensive overhaul of Plone UI elements based on Bootstrap 5 components.
Barceloneta LTS theme
Add control panel for relations
Add plone.api.relation module to ease using relations.
Use Dexterity for the Plone Site root object.
Plone 6 editing experience combines the robust usability of Plone with a blazingly fast JavaScript frontend
Plone 6 Uses the Latest Web Technologies
The Plone 6 user experience has been redesigned from scratch to be awesome for power users and occasional users alike. It's easy to create adaptive layouts using a flexible and powerful blocks system built from the latest web technologies. There's no need for in-depth knowledge of how the web works or how the page will look on thousands of different devices - editors can split individual blocks into multi-column content that will automatically adapt to any device. Building complex, responsive pages with Plone 6 is effortless.
The blocks system is not limited to rich text. It will come with a faceted search block that allows editors to easily create sophisticated searches that make use of content metadata. Other blocks can present collections of content dynamically generated from a search. Plone has always included search, now the blocks system allows the search to be harnessed in new ways.
Form Builder, No-Code Content Types, Rich Ecosystem
Plone 6 also includes:
A powerful form builder. Editors can create forms via drag and drop and define actions such as sending form data via email or storing it in CSV format for later use;
No-code custom content types that can be created through the web, including metadata fields, behaviors and view templates;
A rich ecosystem with more than 100 add-ons, even before it has been launched; an active and enthusiastic community of developers and companies is creating new add-ons every day.
The quick growth of the Plone 6 community is the result of developer-friendly technology choices. It is built with the two most popular programming languages (Python and JavaScript) and an open-source software stack that powers some of the largest websites in the world.
Taking place over 9 days, from 25th to 31st October 2021, the Plone Conference 2021 Online will feature training, keynotes, talks, open spaces, sprints, and social activities.
Schedule
Important dates:
Training will happen over the weekend - October 23 & 24
4 days of keynotes and talks + 1 day of open spaces - October 25 - 29
There will be over 40 professional talks by speakers from all over the world. Topics will range from Plone 6 and Volto to theming, migrations, case studies, documentation, and much more. Talks about Guillotina, React, Python, Accessibility, Open Source, Community, UX, Frontend and Backend development are scheduled.
Talk audience level is clearly described, so there will be something for everyone through 3 tracks. All talks will be streamed live and will be available as recordings immediately after. Participants will be able to discuss with the speakers after every presentation.
This year’s conference will be entirely online, through the LoudSwarm virtual platform, the same as with the 2020 conference.
Each registered person will get an email about how to access the system. Rest assured it will be very easy, and the level of interaction will be high! This is a community event, with lots of discussion and friendly emojis :)
Join the Slack spaces
The Plone Conference Slack Workspace is where all information about the event will be shared. This is also where you will be able to chat with speakers, attendees, and organizers. If you haven't already, join the Plone Slack now and navigate to channel #conf2021_hallway.
If you have a question during the event, please visit the #conf2021_help_desk channel and our team will be available to assist.
Code of conduct
The Plone Foundation is dedicated to providing a respectful, harassment-free community for everyone.
The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. Technical and non-technical topics will be covered, including Plone, the Plone community, and whatever else they come up with to keep us informed!
Suggest a topic to include in the next episode by sending an email to Philip or Fred (first name 'at' plone dot org).
The premier episode featured a discussion of Plone Open Garden and a roundup of conference and release news, plus information about collective explicit acquisition and the Volto Search Block. Go to the Newsroom page to view other episodes.
The shop is built on the TeeMill platform by the Plone Marketing Team, and we will be adding more Plone-themed gear over the coming weeks and months.
We made an extra effort to bring the site online before the Plone Conference 2021 online, so if you order your conference T-shirt now you might get it just in time before the conference opens 23rd October!
The Plone Foundation provides all items in the store without any markup, so the prices should be relatively low (Shipped from UK, so take note of customs and shipping fees).
All clothing items are high-quality certified organic products, made from post-consumer remanufactured organic cotton in a renewable energy-powered factory, audited for a wide range of social and sustainability criteria. Read more at https://plone.teemill.com/the-journey.
The Plone Foundation welcomes two new members after unanimous confirmation by the Foundation's Board of Directors on September 30, 2021.
Membership in the Foundation is conferred for significant and enduring contributions to the Plone project and community. The Plone Foundation Membership Committee overwhelmingly recommended each applicant for their ongoing contributions to Plone.
Nicola Zambello
Nicola has been developing with Plone since 2016 and has become an important contributor to the Volto project. He started RawMaterial, a Plone-based company, last year and will present his vision for a practical Green Web strategy at this year's conference. "I love Plone," he writes. "I feel at home with the community and I strongly want to support and invest in Plone, taking it to new horizons while maintaining what makes it so good."
Nicola will present one of the trainings at this year's conference; he lives in Ferrara, Italy.
Tiberiu Ichim
Tiberiu works with EauDeWeb and has been a member of the Plone community since 2004. Since 2019 he has been focused on Volto, and is a member of the Volto Core Developers team. He is the initial author or major contributor for several Volto add-ons, including volto-slate (alternative rich text editor) and volto-block-style (generic styling for Volto blocks).
If you have an interest in helping the governance of Plone, and particularly the energy and time to pitch in, please consider nominating yourself to serve on the Plone Foundation board of directors for 2021-2022.
What you think you can add to the Plone Foundation
Most importantly, the name(s) of one or more Plone Foundation members who "second" your nomination
Once ready, click "submit" in the workflow drop-down menu to get a reviewer to look at your nomination.
Nominations will be accepted until October 22 2021, 23.59, UTC. The election will be conducted in conjunction with the annual meeting, which will take place during the Plone Conference 2021. All active members of the Plone Foundation will be eligible to vote.
About Board Membership
The Plone Foundation is a not-for-profit, public-benefit corporation with the mission to "promote and protect Plone". That has meant that the board is involved in:
protecting the trademark, copyrights and other intellectual property, including considering licensing and usage issues;
hiring the release manager;
working with sub-communities like Zope, Guillotina, and Volto
working with various committees, including marketing and membership;
handling "other stuff in the community" as needed
but not: directing Plone development. The board facilitates, but does not direct, the development of Plone itself.
While there's lots of work that happens online, much of the critical business of the board is conducted during video meetings every two weeks — typically, board meetings last about an hour to 90 minutes though occasionally they can run over to handle time-critical issues. Please consider whether this fits your schedule, since missing more than an occasional meeting severely limits the ability of the board to reach quorum and conduct business.
Historically, board meetings have been organized to occur during daytime hours in America and evening hours in Europe, currently at Thursday nights, 19.00 UTC in northern hemisphere summer and 20.00 UTC in northern hemisphere winter. That can always change with new board members.
In addition, there is a board mailing list (private), where we discuss things in addition to the meetings.
This is a working board. Be ready to regularly take on and complete responsibilities for board business.
The board writes no code and makes no development decisions. It is much more concerned with marketing, budgets, fundraising, community process and intellectual property considerations.
You do not need to be a Foundation member to serve on the board (in fact, board leadership is an excellent way to become a Foundation member). All you need is to get an active Foundation member to second your nomination.
The Plone Foundation is interested in broadening the diversity of our leadership, with regards to gender, ethnicity, and geography.
If you have questions about the nomination process, contact the board: [email protected]
Years have passed since the 2016 sprint at Penn State where a team of community members worked on a new theme and madly reorganized content on the Plone 5 version of plone.org. The site dates back to 2002 and the Plone 1 days, and the software and content had been upgraded in place over the years with only minor theme changes - to Plone 2 and 2.5, then Plone 3, then Plone 4, and finally Plone 4.3. It served us well, but because Plone 5 brought many changes, including a new out-of-the-box theme (Barceloneta), we mounted a major effort to refresh the design as well as upgrade the content and software.
What was new then is now looking old, and the marketing team has embarked on a modernization effort. The ultimate goal is to upgrade to Plone 6 and create a React-based theme using the new front end. But meanwhile we've been having a series of mini-sprints to improve what we have now.
A not very attractive display of news items and listings was another issue. So we sketched out a cleaner look, with a standardized lead image aspect ratio and a more useful byline. Then the more technically adventurous members of the marketing team (Norbert, Fulvio, Érico) strapped on helmets and figured out how to make changes to the site's theme. You are looking at our initial improvements, and there's more to come.
Our other major initiative is to move the contents of the plone.com site over to plone.org. Over the years plone.com became very difficult to maintain, so we have discontinued it. (Contact the marketing team if you need to retrieve any plone.com content.) With that in mind, we created a What is Plone? section on plone.org which is oriented towards the plone.com audience. It is also a place for us to describe all the pieces of the Plone ecosystem and how they fit together.
In addition to these bigger jobs we've been making lots of little improvements during our mini-sprints, including fixing bugs old and new as recorded on the plone.org issue tracker.
Would you like to help with this effort?
We'd love to have you!
Join our effort to promote Plone by publishing regular plone.org news items - successes, new developments, controversies, generally telling a broad audience what's happening in the Plone world
Do you have design skills? We don't and we need help with design improvements and eventually a new theme for Plone 6
If you are a theming wizard please help us modernize the site styles - more 2021 and less 2016
Show off Plone's built in search by creating a beautiful search results listing
Help us with our ongoing efforts to fix bugs and curate content
Help us migrate plone.org to Plone 6
Please contact the marketing team to get involved. Anyone with technical, design or content editor skills is welcome.
The Plone Foundation welcomes two new members after unanimous confirmation by the Foundation's Board of Directors on September 2nd, 2021.
Membership in the Foundation is conferred for significant and enduring contributions to the Plone project and community. The Plone Foundation Membership Committee overwhelmingly recommended each applicant for their ongoing contributions to Plone.
Cléber J. Santos
With over 15 years of Plone experience, Cléber is an important member of the Brazilian Plone community. He was part of the team that helped organize three editions of the Plone Symposium South America and the Plone Conference in Brasilia.
Cléber lives in São Paulo, Brazil.
Steve Piercy
Contributor of many projects under the Pylons Project, including Pyramid, WebOb, Waitress, Colander, Peppercorn, and WebTest, Steve is also a constant presence in Plone community chats and forums. In recent years, he has collaborated with the Plone Documentation and Training materials teams and attended Plone Conferences as a speaker and a trainer.
In his spare time, Steve volunteers technical support for bicycling and environmental activist organizations. He lives in Eugene, Oregon, USA.
The annual conference is a chance for the Plone community to come together to share new developments, success stories, and the future of the community. Taking place over 8 days, the conference will feature training, keynotes, talks, open spaces, sprints, and social activities.
This year’s conference will be entirely online, through the LoudSwarm virtual platform. No matter where you are, you can participate!
As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be August 17th at 2:00 PM UTC. Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.
There are many ways to reach out to other Plone developers and users. The two most important platforms are the Community forum at https://community.plone.org/ and our chat platform, which has been moved from Gitter to Discord.
Online Chat at Discord
Discord is now the best way to chat with members of the friendly Plone community. There are various channels to choose from.
Guillotina is a modern, asynchronous back end designed for building high-performance, horizontally scaling JavaScript applications.
Who are the Guillotina contributors?
First, let’s introduce our new contributors: Roger Boixader and Joan Antoni. They both work at Iskra which is a well-known company in the Plone community as they have been actively using and supporting Plone for years (for decades actually!).
Roger was kind enough to answer few questions about his involvement in Guillotina:
Q: As a developer, where are you coming from and what do you do? How much Python has been in your career until now?
Roger: My name is Roger Boixader Güell, I come from Berga, Barcelona, Catalunya and I am 28 years old. I studied computer engineering in Girona, Catalunya. I had never used Python before entering Iskra and for the first year I have mainly used JavaScript. My first steps with Python were with Django and then with Guillotina.
Q: Why is using Guillotina relevant in your technical context?
Roger: Because it is the main framework that we use in Iskra on the backend side.
Q: What is the thing you like the most in Guillotina?
Roger: The simplicity to create an application, with a few lines of code of Python or with a YAML file you can start a project easily .
Q: What do you think should be improved in Guillotina?
Roger: Documentation and transactions.
Q: Have you been involved in an open source community before?
Roger: No, it's my first time.
Q: What would you expect from the Plone Community?
Roger: I think the Plone Community can help recruiting more Guillotina contributors, and the more contributors we have, the better Guillotina will get!
As we could expect, Guillotina attracts people who are not necessarily connected to the CMS world, but it is quite interesting to see Guillotina is considered as a valuable alternative to Django by young Python developers.
How is the core project managed?
The Guillotina project belongs to the Plone Foundation, just like the Plone project does, but it is obviously much younger and does not have (yet) all the Plone development and decision-making workflows.
So far, there is a periodic meeting every three weeks which allows us to discuss evolutions, important pull requests, and new use cases. Currently there are six participants in this meeting.
When they join, Guillotina contributors do sign the Plone Contributor Agreement (as does any contributor to any Plone Foundation project), but they are not core contributors immediately (unlike Plone contributors). At the moment, there are three core contributors: Ramon Navarro Bosch, Nathan Van Gheem, and Jordi Massip. Their review and approval is needed to merge any pull request.
Apart from the core repository, Guillotina has a full ecosystem, managed in the Guillotinaweb GitHub organization; the most important elements are:
guillotina_elasticsearch
guillotina_gcloudstorage
guillotina_ldap
guillotina_react
guillotina_s3storage
guillotina_stripe
guillotina_volto
Each of these projects has an official manager (not necessarily a Guillotina core contributor).
Sprints
We organize a sprint in southern Europe every year when there is no global pandemic! We are also often involved in Volto sprints (and these happen usually in northern Europe, but also when there is no global pandemic).
This is a routine patch. There is no evidence that the issues fixed here are being used against any sites.
Version 1.5 of the hotfix is available from:
https://plone.org/security/hotfix/20210518 – if you grab the zip from here, please check that the version.txt contains 1.5 and/or that the md5/sha sum matches. You may get an older version from the cache. Try adding ?x=1 to the URL if this happens.
Fixed new XSS vulnerability in folder contents on Plone 5.0 and higher.
Added support for environment variable STRICT_TRAVERSE_CHECK.
Default value is 0, which means as strict as the code from version 1.4.
Value 1 is very strict, the same as the stricter code introduced in Zope 5.2.1 and now taken over in Zope 4.6.2. There are known issues in Plone with this, for example in the versions history view.
Value 2 means: try to be strict, but if this fails we show a warning and return the found object anyway. The idea would be to use this in development or production for a while, to see which code needs a fix.
Fix Remote Code Execution via traversal in expressions via string formatter. This is a variant of two earlier vulnerabilities in this hotfix. This was fixed in Zope 4.6.2, which takes over the already stricter code from Zope 5.2.1.
Note: we don't usually release another version almost six weeks after the original one, and three weeks after the previous version, and including a fix for a vulnerability which was only reported last week. However, this contains a fix for a close variant of one of the original vulnerabilities and needs a fix in the same code, so it seemed easiest for the security team and for Plone users who patch their sites to release a newer version.
This is a routine patch. There is no evidence that the issues fixed here are being used against any sites.
Version 1.4 of the hotfix is available from:
https://plone.org/security/hotfix/20210518 – if you grab the zip from here, please check that the version.txt contains 1.4 and/or that the md5/sha sum matches. You may get an older version from the cache. Try adding ?x=1 to the URL if this happens.
This version is a recommended upgrade for all users. Zope users are advised to upgrade to Zope 4.6.1 or 5.2.1. If this is not possible, you can try this new version of the hotfix.
Use safe html transform instead of escape for richtext diff. Otherwise the inline diff is not inline anymore. (Note: I forgot to add this to the changelog on PyPI/plone.org).
With PLONEHOTFIX20210518_NAMEDFILE_USE_DENYLIST=1 in the OS environment, use a denylist for determining which mimetypes can be displayed inline. By default we use an allowlist with the most used image types, plain text, and PDF. The denylist contains svg, javascript, and html, which have known cross site scripting possibilities.
By popular request, allow showing PDF files inline. Note: browser preference plays a part in what actually happens.
In untrusted path expressions with modules, check that each module is allowed. In the first version of the hotfix we disallowed modules that were available as a 'private' alias, for example random._itertools. But if random.itertools without underscore would have been available, it was still allowed, even though itertools has not been explicitly allowed. (itertools might be fine to allow, it is just an example.)
This is a routine patch. There is no evidence that the issues fixed here are being used against any sites.
Version 1.4 of the hotfix is available from:
https://plone.org/security/hotfix/20210518 – if you grab the zip from here, please check that the version.txt contains 1.4 and/or that the md5/sha sum matches. You may get an older version from the cache. Try adding ?x=1 to the URL if this happens.
This version is a recommended upgrade for all users. Zope users are advised to upgrade to Zope 4.6.1 or 5.2.1. If this is not possible, you can try this new version of the hotfix.
Use safe html transform instead of escape for richtext diff. Otherwise the inline diff is not inline anymore. (Note: I forgot to add this to the changelog on PyPI/plone.org).
With PLONEHOTFIX20210518_NAMEDFILE_USE_DENYLIST=1 in the OS environment, use a denylist for determining which mimetypes can be displayed inline. By default we use an allowlist with the most used image types, plain text, and PDF. The denylist contains svg, javascript, and html, which have known cross site scripting possibilities.
By popular request, allow showing PDF files inline. Note: browser preference plays a part in what actually happens.
In untrusted path expressions with modules, check that each module is allowed. In the first version of the hotfix we disallowed modules that were available as a 'private' alias, for example random._itertools. But if random.itertools without underscore would have been available, it was still allowed, even though itertools has not been explicitly allowed. (itertools might be fine to allow, it is just an example.)
Piero Nicolli
Alessandro Pisa
Screenshot of my website end of October 2021: still Plone 2.5
Screenshot of Site overview in new site.
Tiberiu Ichim
Steve Piercy