Planet Plone - Where Developers And Integrators Write

5.2.8 Released

Posted by PLONE.ORG on May 14, 2022 08:15 PM

Some highlights of this release

  • Zope: Enhance cookie support. For details, see issue 1010
    For more changes see Change log — Zope documentation 4.6 documentation
  • waitress is updated to version 2.1.1 to mitigate a vulnerability in that package. As waitress no longer supports Python versions less than 3.7 it is not advised to run Plone 5.2 on Python 2.7 or 3.6 any longer, even though they are still supported by Plone itself. You get an older waitress version then. If you must use an old Python version, please switch to a different WSGI server. See the recommendations in the Zope documentation.
  • WARNING: the new waitress 2.1.1 does seem to suffer from a possible race condition leading to the process quitting. If you are affected by this, you can downgrade to 2.1.0 (which has a known security vulnerability, as mentioned above) or use a different WSGI server.
  • plone.app.linkintegrity: Track link integrity of referenced PDFs and other site objects in IFRAME SRC references.
  • plone.outputfilters: Resolve UIDs in SRC attribute of of SOURCE and IFRAME elements.
  • plone.app.querystring: Add lazy attribute to vocabularies to prevent fetching any results.
  • plone.schema: Use indent in json.dumps to make JSON readable in the widget.

Download Plone 5.2.8

World Plone Day 2022 a Great Success

Posted by PLONE.ORG on April 29, 2022 10:15 PM

World Plone Day is an opportunity for members of the Plone community to celebrate and promote their favorite open source CMS. The 2022 event took place on April 27th and featured in-person events plus streaming and recorded content. There were:

  • 58 talks on a wide range of topics from beginner to advanced
  • 20 hours of video in 10 languages from 14 countries
  • 6 local events - in Italy, Brazil, India, Switzerland, and 2 in Romania

There were talks from long-time community members and from people who are relative newcomers. Here are a few highlights for a general audience:

Here are some highlights for developers:

And here are a few of the many talks in languages other than English:

You can find all the World Plone Day videos, and much more on the PloneCMS YouTube channel and the WPD 2022 playlist.

Progress on the New plone.org Built on Plone 6

Posted by PLONE.ORG on April 13, 2022 02:00 PM

The New Plone.org Will Be Plone 6

At the 2021 Plone Conference, the marketing team presented a plan was for how to improve and renew plone.org, the one and only place for Plone-related information:

The main ideas at the time were:

  • Plone.org will be migrated to Plone 6
  • Content needs refreshing, especially the frontpage and main landing pages
  • Visual theme will be out-of-the-box Plone 6 with Volto frontend, using available add-ons (many of which we expect will be added as core features)
  • Goal is to publish the new site by World Plone Day 2022 (April).

Great Progress at Sprints Plone org example

Since December 2022, we have organized 4 monthly sprints, working on:

  • Content and navigation structure
  • Other content work
  • Migration from Plone 5 to Plone 6
  • Visual design
  • Translation, default page content, add-ons
  • Plone 6 documentation
  • Volto improvements
  • Volto Blocks and installation
  • And more

We have updated the original plan to include a new visual theme and additional features that will eventually be available for others to use. A more ambitious scope has moved the release date somewhat further this year.

Special Thanks

The Plone Marketing and Communications Team is organizing the effort and working on the content overhaul, but we also want to express special thanks to:

  • Philip Bauer, from Starzel.de - Full content migration from Plone 5 to Plone 6, including the transition to Volto blocks
  • Érico Andrei, from Kitconcept - Foundation Member content type, installation, deployment, content type renewal, etc.
  • Steve Piercy and Katja Süss - Documentation effort resulting in new Plone 6 docs and organization around the work
  • Massimo Azzolini, Irene Capatti, Massimo Weigert, and Gianantonio Vecelli, from Giallocobalto - For massive content and structure redesign, visual design and layout, and UX design
  • Stefano Marchetti, Andrea Cecchi, Giulia Ghisini, and Andrea Baglioni, from Redturtle - For the new site's buildout which includes needed Volto blocks, curated add-ons, visual theme, and more: https://github.com/collective/volto-plone-org
  • Kim Nguyen, Brian Davis - For lessons learned from the previous renewal, content and structure discussion, theming mockups, etc. 
  • Victor Fernandez de Alba and Jakob Kahl - For Volto knowledge
  • And everyone else who has pitched in ideas, discussions, and questions!

This effort would not be possible without help from the awesome Plone community!

Want to Join the Effort?

The plone.org work is not done - our next sprint will be organized in May 2022. Feel free to join! There will be an event page, but meanwhile join the plone.org Discord channel for discussion. By the next sprint we hope to have a fully running site with migrated content available online for testing and content work.

If you have any questions or comments, please contact marketing@plone.org.

Stay tuned for more plone.org discussions and presentations at World Plone Day on April 27th 2022.

The Plone Newsroom Podcast Episode #07

Posted by PLONE.ORG on April 13, 2022 12:40 PM

The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!

Episode #07 on 13 April 2022 featured news about the progress towards the Plone 6 Classic release, updates about Volto 15 development, and information about events (GSoC, World Plone Day, sprints (Zope, Beethoven, Buschenschank), and add-ons (collective.easyform, collective.honeypot and captcha). Go to the Newsroom page to view other episodes.

Plone 6.0.0a4 Released

Posted by PLONE.ORG on April 09, 2022 10:00 AM

Download and installation: https://plone.org/download/releases/6.0.0a4

The fourth alpha release of Plone 6 contains various fixes and improvements. Read more about the upcoming Plone 6.

Thank you to everyone involved!

Highlights

Changes since 6.0.0a3:

  • Use zc.buildout 3.0.0rc3 and setuptools 62.0.0 by default.
  • Update waitress to version 2.1.1 to mitigate a vulnerability in that package.
  • Zope 5.5.1: Enhance cookie support.
  • plone.staticresources: The big one: Updated JavaScript for Plone Classic, using ES6 modules. No more through-the-web compiling of JavaScript. See PLIP 3211.
  • Products.CMFPlone:
    • Remove RequireJS.
    • Remove default resource jQuery. It is added to the global namespace via the bundle.
    • Remove support for conditional comments in script and style tags. It's not supported since IE10.
    • Remove dependency on mockup. Mockup is now a npm package only and as such a dependency of plone.staticresources.
    • New resource registry to simplify CSS/JS registration.
    • Only "bundles" are registered - support of "resources" and "bundle resources" is removed.
    • Removed TTW compilation of bundles via r.js and less.js.
    • Property merge_with is no longer needed in HTTP/2 times and merging here unsupported.
    • Unique key for delivery is based on hash of bundle file, last_compilation property is deprecated.
    • PLIP #3279: Implement modern images scales. Add huge (1600px), great (1200px), larger (1000px), teaser (600px). Amend preview and mini (remove height constraint).
    • Add TinyMCE template plugin to the plugins vocabulary.
    • Add TinyMCE alignment classes, to avoid style usage.
  • plone.volto is now a dependency of the Plone package.
  • PLIP 2780: Move features of collective.dexteritytextindexer to core.
  • plone.app.dexterity:
    • Remove JavaScript from this package and move it to Mockup.
    • Modeleditor: Use pat-code-editor from Patternslib instead ACE. Make the model editing form usable without JavaScript. Allow editing the form even with XML errors to be able to fix the problem.
  • plone.recipe.zope2instance: by default do not create a temporary storage.
  • plone.scale: Removed deprecated factory argument from scale method.
  • plone.app.linkintegrity: Track link integrity of referenced PDFs and other site objects in IFRAME SRC references.
  • plone.outputfilters: Resolve UIDs in SRC= attribute of of SOURCE and IFRAME elements.
  • plone.app.querystring: Add lazy attribute to vocabularies to prevent fetching any results.
  • plone.app.theming:
    • Deactivate copy button and modal in theming control panel.
    • Remove all thememapper functionality from theming control panel, including Inspect/Modify theme and the Preview.
  • plone.app.users: Show unfiltered member fields for manager in user profile page.
  • plone.app.widgets:
    • Remove implicit dependency on Mockup. Mockup is no longer a Python package, only an npm package.
    • Update datetime pattern options for Patternslib pat-date-picker/pat-datetime-picker.
  • plone.autoform:
    • Fixes for latest z3c.form.
    • Reimplementation of ObjectSubForm and ISubformFactory, backported from older z3c.form.
  • plone.app.z3cform:
    • Use better types for inputs.
    • Use browser native date and datetime-local input together with patternslib date-picker.
    • Implement TimeWidget which renders <input type="time" />.
    • Use pat-validation in forms.
    • Fixed for latest z3c.form
  • plone.z3cform: compatibility with latest z3c.form.
  • plone.namedfile: Register AnnotationStorage as IImageScaleStorage multi adapter, both from plone.scale. Use this adapter in our scaling functions when we store or get an image scale.
  • Products.PlonePAS: Add separate GenericSetup profile to switch the Zope root /acl_usersto use a simple cookie login form. Useful when Zope root login and logout need to synchronize authentication state between multiple plugins, which is not possible with HTTP Basic authentication.
  • plone.app.layout:
    • Restructure global sections and searchbox markup for mobile navigation as offcanvas sidebar.
    • LiveSearch with support for images in search results.
  • plonetheme.barceloneta: sticky footer.

Note that changes may be mentioned only once, even when they involve multiple packages.

Plone 6

Plone 6 editing experience combines the robust usability of Plone with a blazingly fast JavaScript frontend

Plone 6 editor

Try Plone 6 Alpha 4

Download and installation:
https://plone.org/download/releases/6.0.0a4

Read more at the community forum:
https://community.plone.org/t/plone-6-0-0a4-released/15126

Volto 15.0.0 Released

Posted by PLONE.ORG on March 08, 2022 10:10 AM

The Plone community, in particular the Volto team, is happy to announce that Volto 15 is ready and shipped!

Volto is Plone's snappy, modern React front end powered by the RestAPI, and the default for Plone 6.

Volto 15.0.0

New feature highlights

Volto grid block

  • Add `cookiesExpire` value to config to control the cookie expiration @giuliaghisini
  • DatetimeWidget 'noPastDates' option: Take widgetOptions?.pattern_options?.noPastDates of backend schema into account. @ksuess
  • Add a new type of filter facet for the Search block. Heavily refactor some searchblock internals. @tiberiuichim
  • Add date range facet to the search block @robgietema
  • Introduce the new `BUILD_DIR` runtime environment variable to direct the build to run in a specific location, different than `build` folder. @sneridagh
  • Handle redirect permanent calls from the backend in the frontend (e.g. when changing the short name) @robgietema
  • Added id widget to manage short name @robgietema
  • Refactor language synchronizer. Remove it from the React tree, integrate it into the Api Redux middleware @sneridagh
  • Add blocks rendering in Event and NewsItem views (rel plone.volto#32) @nzambello @ksuess
  • Complete Basque translation @erral
  • Complete Spanish translation @erral

Breaking changes

  • Upgrade `react-cookie` to the latest version. @sneridagh @robgietema
  • Language Switcher no longer takes care of the change of the language on the Redux Store. This responsibility has been unified in the Api Redux middleware @sneridagh
  • Markup change in `LinkView` component.
  • Rename `core-sandbox` to `coresandbox` for sake of consistency @sneridagh
  • Extend the original intent and rename `RAZZLE_TESTING_ADDONS` to `ADDONS`. @sneridagh
  • Lazyload draftjs library. See the upgrade guide on how that impacts you, in case you have extended the rich text editor configuration @tiberiuichim @kreafox
  • Deprecating `lang` cookie in favor of Plone official one `I18N_LANGUAGE` @sneridagh
See https://6.dev-docs.plone.org/volto/upgrade-guide/index.html for more information about all the breaking changes.


Bugfix

  • Fix the `null` error in SelectAutoComplete Widget @iFlameing
  • Prevent the MultilingualRedirector to force 4 content load when switching the language @reebalazs
  • Fix the upload image in contents view @iFlameing
  • add "view" id to contact-form container for main content skiplink @ThomasKindermann
  • Fix loading indicator positioning on Login form submit @sneridagh
  • Fix redirect bug with URLs containing querystrings @robgietema
  • Fixed id widget translations @robgietema
  • Contents Rename Modal, use `id` Widget type @sneridagh
  • Fix overflow of very long file name in `FileWidget` @sneridagh
  • Fix overflowing issue in the toolbar @kreafox
  • Overwrite current block on insert new block. @robgietema
  • Fix hot reload on updates related to the config object because of `VersionOverview` component @sneridagh
  • Fix error when lock data is gone after an invariant error. @robgietema


Internal

  • Change prop `name` -> `componentName` in component `Component` @sneridagh
  • Add new RawMaterial Volto websites in production @nzambello
  • House cleanup, remove some unused files in the root @sneridagh
  • Move Webpack related files to `webpack-plugins` folder @sneridagh
  • Remove unused Dockerfiles @sneridagh
  • Update Docker compose to latest images and best practices @sneridagh
  • Improve flaky test in coresandbox search Cypress tests @sneridagh
  • Better implementation of the add-on load coming from the environment variable `ADDONS` @sneridagh
  • Turn `lazyLibraries` action into a thunk. Added a conditional if the library is loaded or in process to be loaded, do not try to load it again. This fixes the lag on load `draftjs` when having a lot of draftjs blocks. @sneridagh
  • Use `@root` alias instead of `~` in several module references. Most of the Volto project code no longer needs the root alias, so it makes sense to phase it out at some point @tiberiuichim
  • Alias `lodash` to `lodash-es`, as this will include only one copy of lodash in the bundle @tiberiuichim

Documentation

  • Upgrade Guide i18n: Make clear what's project, what add-on. @ksuess
  • (Experimental) Prepare documentation for MyST and importing into `plone/documentation@6-dev`. @stevepiercy
  • Fix broken links and redirects in documentation to be compatible with MyST. @stevepiercy
  • Update add-on internationalization. @ksuess
  • Add MyST and Sphinx basic configuration for rapid build and comparison against MkDocs builds. @stevepiercy
  • Fix many MyST and Sphinx warnings. @stevepiercy
  • Remove MkDocs configuration. See https://github.com/plone/volto/issues/3042 @stevepiercy
  • Add Plone docs to Intersphinx and fix broken link. @stevepiercy
  • Get version from `package.json` @sneridagh
  • Remove legacy folder in docs @sneridagh
  • Backport docs of RAZZLE_TESTING_ADDONS environment variables. See https://github.com/plone/volto/pull/3067/files#diff-00609ed769cd40cf3bc3d6fcc4431b714cb37c73cedaaea18fe9fc4c1c589597 @stevepiercy
  • Add missing developer-guidelines/typescript to toctree @stevepiercy
  • Add Netlify for a preview of Sphinx builds for pull requests against `master` and `plone6-docs`. @stevepiercy
  • Clean up toctree errors by removing obsolete files, adding `:orphan:` field list, and reorganizing some files. @sneridagh and @stevepiercy
  • Switch to using netlify.toml to configure Netlify Python environment. @stevepiercy
  • Convert admonition syntax from Markdown to MyST. @sneridagh
  • Make links build both in Volto and Plone documentation. See https://github.com/plone/volto/pull/3094 @stevepiercy
  • Fix StoryBook build @sneridagh

What's Next

Where do we go from here? Plone 6! Right now, the only major feature missing is content rules and the new Slate editor. The rest of Plone’s features are covered in Volto 16.

So the work is not over yet. We still need helping hands and contributors to continue the effort to make Plone 6 a reality. Everybody is welcome!

Thanks!

We would like to thank all the people involved in creating Volto 15. It is amazing how much we were able to accomplish as a team, and as a community, during the last months.

See https://6.dev-docs.plone.org/volto/upgrade-guide/index.html for more information about all the breaking changes.

Try Plone 6 today

Feel free to try out Plone 6 with Volto 15:

Plone selected for 2022 Google Summer of Code

Posted by PLONE.ORG on March 07, 2022 08:41 PM

Once again this year members of the Plone open source community will mentor students and other young people interested in learning how to develop their skill and to contribute to an open source project. Plone has benefited greatly from the contributions of GSOC students since it began participating in the program in 2006. Many of those GSOC students have gone on to become core contributors to Plone as well as productive members of other open source software communities.

Students whose applications are accepted will work with a senior Plone programmer on one of a list of projects with the goal of making a contribution to the Plone code base or a related project. The Plone Foundation supports successful GSOC students by providing support for attending the annual Plone conference and for meeting other members of the diverse Plone / Python / Zope community.

Visit the GSOC home page and learn how to apply for the program

Check out our list of potential student projects for Plone in 2022

Student applications will open on April 4, 2022.

Join us !

Programmers report out at sprint in Sorrento, Italy

The Plone Newsroom Podcast Episode #06

Posted by PLONE.ORG on February 28, 2022 12:40 PM

The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!

Episode #06 on 28 February 2022 featured news about new Foundation members and the 2022 Plone Conference dates, a discussion of the plone.org relaunch work and issues encountered, Volto, Classic and collective.exportimport development news, and a follow up to the composite page builders discussion in episode #05. Plus Philip and Fred issued a call for Volto translators and a call for World Plone Day talks. Go to the Newsroom page to view other episodes.

Welcome to Three New Members of the Plone Foundation

Posted by PLONE.ORG on February 23, 2022 10:25 PM

The Plone Foundation welcomes two new members after unanimous confirmation by the Foundation's Board of Directors on February 17, 2022.

Membership in the Foundation is conferred for significant and enduring contributions to the Plone project and community. The Plone Foundation Membership Committee overwhelmingly recommended each applicant for their ongoing contributions to Plone.

Giulia Ghisini turning world upside down

Giulia Ghisini

Giulia is a frontend developer who works on the Volto development team. She has sprinted at Sorrento once and has participated in Plone conferences since 2019.Giulia works at Red Turtle and lives in Ferrara, Italy.

Piero NicolliPiero Nicolli

Piero also works with Red Turtle in Ferrara. He has been using Plone since 2015 and has made occasional contributions since then. Piero's focus has shifted to Volto after beginning with contributions on plonetheme.barceloneta and plone.staticresources. He is currently part of the Volto Team.

Piero attended Plone Conferences 2018, 2019 and 2021, and he helped organize the 2019 Ferrara conference. In addition to several sprints, Piero gave a talk about frontend development at PloneConf 2019 and about a use case for a repeatable Volto themes at PloneConf 2021. He is active on Discord from time to time and answer questions there when available.

Alessandro Pisa at SorrentoAlessandro Pisa

Alessandro works remotely for Syslab from Ferrara (Italy) and has been
a Plone user and developer since 2008. He has been a Framework Team member since 2017. He is a Plone core developer and contributes and maintains some packages in the Plone ecosystem.

Alessandro is a long-time contributor to the community and helps to manage the collective organization on GitHub. He has attended many sprints and makes sure to reach out to newcomers when conference time comes around.


The Plone Foundation encourages applications from long time contributors to the Plone project and community. Learn more about the Foundation membership and the application process.

Custom Volto configuration to fix Babel problems with react-leaflet

Posted by PloneExpanse on February 06, 2022 04:05 PM
I’ve started working on a new Leaflet-powered Volto map block and the first thing that happened while loading react-leaftlet was an error reported by the browser: Module parse failed: Unexpected token (10:41) in @react-leaflet/core/esm/path.js ... const options = props.pathOptions ?? {}; ... The problem is that is, for some reasons, the transpiled JS bundle includes code using the nulish coalescing operator This is already a problem reported in react-leaflet and it happens because the distributed transpiled library includes that code.

Questions for the Feburary Steering Circle?

Posted by PLONE.ORG on February 02, 2022 06:05 PM

As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be Feburary 15th at 14:00 UTC (15:00 CEST). Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.

The Steering Circle meetings will include a discussion of questions from community members. Please use this form to submit any questions you have and we will put them on the agenda.

Thank you for being an awesome community and for helping to move Plone forward into its third decade!

Plone 6.0.0a3 and Plone 5.2.7 Released

Posted by PLONE.ORG on January 31, 2022 07:50 PM

Important security fix applied

See forum post for more details and easy workaround:
https://community.plone.org/t/security-fix-for-image-view-fullscreen-cache-poisoning/14757

See also CMFPlone security advisory on GitHub.

Plone is vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning.
Any later visitor can get redirected when clicking on a link on this page. Usually, only anonymous users are affected, but this depends on your cache settings.

All Plone versions are vulnerable. It depends on your Plone version and the Image content type which package is vulnerable: Products.CMFPlone, plone.app.contenttypes or Products.ATContentTypes.

The Plone Security Team has released fixes for Plone 5.2:

  • plone.app.contenttypes 2.2.3 (see advisory)
  • Products.ATContentTypes 3.0.6 (see advisory. If you are on Python 3 you will not be using this package.

and for Plone 6:

  • plone.app.contenttypes 3.0.0a9 (see advisory)

Today, Plone 5.2.7 and 6.0.0a3 have been released with these updated packages. Separate announcements will follow.

If you have any questions or comments about this advisory, email us at security@plone.org. This is also the correct address to use when you want to report a possible vulnerability. See our security report policy.

Highlights of the Plone 6 Alpha 3 Release

https://plone.org/download/releases/6.0.0a3

Changes since 6.0.0a2:

  • plone.app.contenttypes: Security fix: prevent cache poisoning with the Referer header.
    See security advisory.
  • Updated the versions of the build requirements: setuptools to 59.6.0, zc.buildout to 3.0.0rc1, pip to 21.3.1.
  • Zope 5.4:
    • Add support for Python 3.10 (Plone does not have this yet).
    • WebDAV fixes.
    • https://zope.dev is now the canonical Zope developer community site.
  • plone.volto: Removed collective.folderishtypes dependency.
  • Products.CMFEditions:
    • Got rid of the skins directory. Most items in here have been moved to browser views. Some were no longer used, or had an alternative, and were removed.
    • The VersionView class is deprecated because it contained just one method that is now part of the @@plone view.
  • plone.app.linkintegrity: Track integrity of video and audio files in HTML source tags.
  • plone.app.uuid: Speed up uuidToPhysicalPath and uuidToObject.
  • plone.namedfile:
    • Make DefaultImageScalingFactory more flexible, with methods you can override.
    • Drop support for Python 2.7. Main target is now Plone 6, but we try to keep it running on Plone 5.2 with Python 3.
  • diazo: Removed FormEncode test dependency.
  • Pillow updated to 9.0.0
  • plone.app.content: Deprecate the human_readable_size method of the ContentStatusHistoryView class because the one from the @@plone view should be used.
  • plone.app.layout: Improved the Global section viewlet:
    • Catalog based navigation.
    • Allow more customization by adding methods as hooks.
    • Various performance optimizations.
    • Deprecate now unused navtree_depth property.
  • plone.app.layout: Removed deprecated methods.
  • plone.app.layout: Add viewlet to display customizable favicon. See the Site Settings.
  • Various packages: No longer use deprecated property types ulines, utext, utoken, and ustring, but their non-unicode variants, without a u at the beginning. See issue 3305.
  • plone.restapi:
    • Enhance @addons endpoint to return a list of upgradeable addons.
    • Add support for DX Plone Site root in Plone 6. Remove blocks behavior hack for site root in Plone 6.
  • Products.CMFPlacefulWorkflow: Removed the CMFPlacefulWorkflow skin layer.

Plone 6 editing experience combines the robust usability of Plone with a blazingly fast JavaScript frontend

Plone 6 editor

Plone 5.2.7 released

Specific release notes for Plone 5.2.7:

Some highlights of this release are:

  • `plone.app.contenttypes` and `Products.ATContentTypes`: Security fix: prevent cache poisoning with the Referer header. See security advisory.
  • `plone.app.linkintegrity`: Track integrity of video and audio files in HTML source tags.
  • `plone.app.z3cform` and `plone.app.textfield`: Enable multiple wysiwyg editors (use default editor registry setting).
  • `plone.namedfile`: Make `DefaultImageScalingFactory` more flexible, with methods you can override.
  • `plone.app.layout`: Improved the Global section viewlet:
    • Catalog based navigation.
    • Allow more customization by adding methods as hooks.
    • Various performance optimizations.
    • Deprecate now unused navtree_depth property.
  • `diazo`: Removed `FormEncode` test dependency.
  • `plone.restapi`: Be permissive when testing the schema of the querystring endpoint.

https://plone.org/download/releases/5.2.7

World Plone Day 2022 Is Coming - Submit Talks

Posted by PLONE.ORG on January 30, 2022 03:55 PM

World Plone Day is a 24-hour streaming event, with the goal was to promote and educate the public about the benefits of using Plone and of being part of the Plone community.

The Plone community is organizing this year's World Plone Day activities on April 27, beginning at 00h00 CET.

Take this opportunity to share your accomplishments with a worldwide group of Plone users. This event is organized to support presentations in your native language if that's your preference.

We are looking for presentations for the event, both pre-recorded talks or live streaming, whatever suits you: 

  • Case studies - share your success stories
  • Technical talks - share your findings and challenges
  • Plone 6 talks - What's new with the latest and greatest of Plone releases
  • Plone Community - discuss the importance and friendliness of Plone community
  • Any discussion - grab a few friends and just chat about Plone-related stuff (no matter how remotely)

Once you've identified what you'd like to share, submit your topic using our easy proposal form to let the Plone marketing team know what you have in mind. If you have any questions, please contact marketing@plone.org.

Streaming will be done using the Streamyard platform, and all you need to do is to show up with your talk.

World Plone Day 2021 Was a Great Success

Last year we managed to gather:

  • 56 videos
  • 50 speakers
  • 16 countries
  • 11 languages

Let's make this year even bigger!

All content is available on the Plone YouTube channel. Play the videos on the World Plone Day 2021 playlist to relive the entire event.

Remember to subscribe while you are there!

Follow Plone and Join the Community!

Stay up to date with Plone and join us:

Plone Foundation Priorities for 2022

Posted by PLONE.ORG on January 26, 2022 10:44 PM

The Plone Foundation Board has identified five priorities for focused attention and effort during the coming year :

  • Communication: Addressing all Plone audiences, not only developers
  • Embrace hybrid model for all gatherings, meetups, sprints and the conference
  • Improve and enhance documentation and marketing/positioning of the Plone CMS
  • Nurture new participation and leadership in the community
  • Contributor agreement modernization via the adoption of digital signature

A consensus emerged around the importance of including user communities as much as possible. Plone meetings of every sort benefit when some or all of the participants can be together in a room. So much of this has been lost during the past two years, and we would like to find ways to meet safely using hybrid solutions.

Development of our existing documentation is actively proceeding and one of our goals for the year will be to work through any challenges and then apply the new product to marketing.

Our community is diverse in every direction, and participation from each group adds value to our ultimate product, as well as generates enthusiasm for Plone

We will also work to simplify the Contributor agreement process.

The Plone Newsroom Podcast Episode #05

Posted by PLONE.ORG on January 21, 2022 12:40 PM

The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!

Episode #05 on 21 January 2022 featured an update on the state of Plone 6 and Plone 6 Classic development, a discussion of page composition tools (plone.app.mosaic, collective.cover, collective.contentsections, collective.modules, and older add-ons like Collage, CMFContentPanels, ContentWellPortlets), and news of the plone.org relaunch effort, Plone 6 documentation, Google Summer of Code, and collective.easyformplugin.registration. Go to the Newsroom page to view other episodes.

Plone Conference 2021 Videos Available

Posted by PLONE.ORG on January 08, 2022 06:30 PM

Plone Conference 2021 Online

The conference provided insight into the long history (20 years!) of Plone CMS as well as the latest, future-proof features and visions.

  • Plone - The original, open-source, enterprise-grade, all-in-one content management system written in Python.
  • Zope - The original Python web application server - the foundation for Plone and inspiration for Guillotina.
  • Volto - Plone 6's snappy, modern React front end powered by the RestAPI.
  • Guillotina - A re-imagined asynchronous back end compatible with Plone's RestAPI.
  • Pyramid - A small, fast, down-to-earth Python web framework.

https://2021.ploneconf.org/

All videos available

Every training, talk, keynote and lightning talk presentation was recorded and is now available online on

Next time: Plone Conference 2022 in Namur, Belgium!

With the help of our sponsors, like Six Feet Up, iMio, and many others, the 2021 conference was held 100% Online, using LoudSwarm platform by Six Feet Up.

Next year the conference will be held in Namur, Belgium!

So mark your calendars and stay tuned for Plone Conference 2022 news! Follow @ploneconf and #ploneconf2022 on Twitter and Instagram.

Volto 14.0.0 released!

Posted by PLONE.ORG on December 23, 2021 12:43 PM

The Plone community, in particular the Volto team, is happy to announce that Volto 14 is ready and shipped!

It's been almost four months since the first 14.0 alpha release (2021-09-08), with more than 40 alpha releases since then, and yet the number of contributions keeps growing. This release puts Volto 14 on the same level with another memorable one, version 4. Being back on a regular release cycle is good and essential to the communication between the project and community members.

Volto 14 Highlights

Volto is Plone's snappy, modern React front end powered by the RestAPI, and the default for Plone 6.

Volto 14 grid block

Some of the highlights of Volto 14 include:

  • Production-ready seamless mode deployment
  • A significant performance boost to the listing block. Add as many as you want on a page!
  • And if you’re worried that the crawlers won’t see them, Volto now ships with server-side rendering support for the async blocks, including the listing blocks.
  • A new Search block was added. Build your own customized facet-powered Plone search engine directly from the browser.
  • Volto integration with Plone’s content locking

And many more changes to support the growing number of Volto developers and integrators:

  • Improved Storybook component documentation
  • Improvements to the forms implementation, now with support for default values
  • Further advancements to the Volto blocks extensibility. Now blocks can define a schema and are ready to be extended by default.
  • Volto’s main application scaffold generator now ships ready to display the stories included with the add-ons.

Releasing a major version of any software is hard. The nature of a major release is to accommodate and prepare the community for breaking changes, so it needs to be done with appropriate care and must be carefully crafted. It takes a lot of effort to keep every building block in the stack playing well with the other blocks, and, as you can imagine, the complexity of the Plone 6 stack is already high and is continuously on the move.

What's Next

Where do we go from here? Plone 6! Right now, the only major feature missing is content rules. The rest of Plone’s features are covered in Volto 14.

So the work is not over yet. We still need helping hands and contributors to continue the effort to make Plone 6 a reality. Everybody is welcome!

Thanks

We would like to thank all the people involved in creating Volto 14. It is amazing how much we were able to accomplish as a team, and as a community, these last four months.

@avoinea
@bloodbare
@cekk
@ericof
@erral
@fredvd
@giuliaghisini
@ichim-david
@iRohitSingh
@jackahl
@jimbiscuit
@kreafox
@ksuess
@MarcoCouto
@nileshgulia1
@nzambello
@pnicolli
@reebalazs
@rpatterson
@terapyon
@tiberiuichim
@timo
@thet
@sneridagh

Breaking Changes

  • Remove compatibility for old configuration (based on imports) system. Migrate your configuration to the new configuration system for your project before upgrading to Volto 14. See https://docs.voltocms.com/upgrade-guide/#volto-configuration-registry @sneridagh
  • Content locking is not a breaking change, but it's worth noting that Volto 14 comes with locking support enabled by default. Latest `plone.restapi` version is required. @avoinea
  • Use the block's title as the source of the translation instead of using the id of the block. See upgrade guide for more information @sneridagh
  • New i18n infrastructure in the new `@plone/scripts` package @sneridagh
  • Removed `src/i18n.js` in favor of the above change @sneridagh
  • Adjusted main `Logo` component styling @sneridagh
  • Fix logout action using the backend @logout endpoint, effectively removing the `__ac` cookie. It is recommended to upgrade to the latest p.restapi version to take full advantage of this feature @sneridagh
  • Revisited, rethought and refactored Seamless mode @sneridagh
    • For more information, please read the deploying guide https://docs.voltocms.com/deploying/seamless-mode/
  • Improve mobile navigation menu with a nicer interaction and a fixed overlay with a drawer (customizable via CSSTransitionGroup) animation @sneridagh
  • Use title instead of id as a source of translation in "Variation" field in block enhancers @sneridagh
  • Listing block no longer use `fullobjects` to retrieve backend data. It uses the catalog data instead. @plone/volto-team
  • Removed pagination in vocabularies widgets (SelectWidget, ArrayWidget, TokenWidget) and introduced subrequest to vocabulary action. @giuliaghisini
  • Move `theme.js` import to top of the client code, so it take precedence over any other inline imported CSS. This is not an strict breaking change, but it's worth to mention it as might be important and kept in mind. @sneridagh

See https://docs.voltocms.com/upgrade-guide/ for more information about all the breaking changes.

Volto 14 Features

  • Support Node 16 @timo
  • Content locking support for Plone (`plone.locking`) @avoinea
  • Add the new search block @tiberiuichim @kreafox @sneridagh
  • Add `volto-guillotina` addon to core @sneridagh
  • Make `VocabularyTermsWidget` orderable @ksuess
  • Get widget by tagged values utility function in the `Field` decider @ksuess
  • In the search block, allow editors to specify the sort on criteria. @tiberiuichim
  • Enable to be able to use the internal proxy in production as well @sneridagh
  • `FormFieldWrapper` accepts now strings and elements for description @nzambello
  • Image block:
    • When uploading an image or selecting that from the object browser, Image block will set an empty string as alternative text @nzambello
    • Adds a description to the alt-tag with w3c explaination @nzambello
  • Provide Server-Side Rendering capabilities for blocks with async-based content (such as the listing block). A block needs to provide its own `getAsyncData` implementation, which is similar to an `asyncConnect` wrapper promise. @tiberiuichim @sneridagh
  • Defaults are observed in block data if `InlineForm` or `BlockDataForm` are used. @sneridagh @tiberiuichim
  • Support TypeScript usage in Volto projects @pnicolli
  • Added `LinkMore` component and link more in `HeroImageLeft` block. @giuliaghisini
  • Apply form defaults from RenderBlocks and block Edit using a new helper, `applyBlockDefaults` @tiberiuichim
  • Now each block config object can declare a schema factory (a function that can produce a schema) and this will be used to derive the default data for the block @tiberiuichim
  • Added `.storybook` setup in the Volto `app` generator. Volto projects generated from this scafolding are now ready to run Storybook for the project and develop addons (in `src/addons` folder).
  • Add new listing block option "fullobjects" per variation @ksuess
  • Style checkboxes @nileshgulia1
  • Add runtime configuration for `@babel/plugin-transform-react-jsx` set to `automatic`. This enables the new JSX runtime: https://reactjs.org/blog/2020/09/22/introducing-the-new-jsx-transform.html So no longer `import React from 'react'` is needed anymore. @sneridagh
  • Allow loading .less files also from a Volto project's `src` folder. @tiberiuichim
  • Add `autocomplete` Widget component - It holds off the vocabulary endpoint pull until you search (more than 2 chars). Useful when dealing with huge vocabularies @sneridagh @reebalazs
  • Add catalan translation @bloodbare @sneridagh
  • Updated Volto production sites list @giuliaghisini
  • Japanese translation updated @terapyon
  • German translations updated @tisto
  • Updated italian translation @pnicolli
  • Updated Brazilian Portuguese translations @ericof

Bugfixes

  • Fix `SelectWidget` vocabulary load on second component mount @avoinea #2655
  • Fix `/edit` and `/add` `nonContentRoutes` to fix `isCmsUi` fn @giuliaghisini
  • Register the dev api proxy after the express middleware @tiberiuichim
  • Fix on form errors in block editor, not changing to metadata tab @sneridagh
  • Fix SSR on `/edit` with dev proxy @tiberiuichim
  • Fix logout action, removing the `__ac` cookie as well, if present. @sneridagh
  • Do not show lead image block when the content type does not have the behavior enabled @sneridagh
  • Missing default messages from JSON EN language file @sneridagh
  • Show correct fieldname and not internal field id in Toast error messages on Add/Edit forms @jackahl
  • `sitemap.xml.gz` obeys Plone Search settings @erral
  • Get `blocks` and `blocks_layout` defaults from existing behavior when enabling TTW editable DX Layout @avoinea
  • Yet another attempt at fixing devproxy. Split the devproxy into a separate devproxy verbose @tiberiuichim
  • Add spinner on sharing View Button @iRohitSingh
  • Fixed `SelectWidget`: when there was a selected value, the selection was lost when the tab was changed. @giuliaghisini
  • Bugfixes to search block. By default search block, when empty, makes a simple query to the nav root, to list all content. Fix reading search text from URL. Implement a simple compression of URL. Don't count searched text as filter. Fix an edge case with showSearchInput in schema. Rename title to Section Title in facet column settings. Avoid double calls to querystring endpoint. @tiberiuichim
  • Use correct shade of black in Plone logo @sneridagh
  • Fix loading of cookie on SSR for certain requests, revert slight change in how they are loaded introduced in alpha 16 @sneridagh
  • Prevent `ua-parser-js` security breach. See: https://github.com/advisories/GHSA-pjwm-rvh2-c87w @thet
  • Fix storybook errors in the connected components, api is undefined. Using now a mock of the store instead of the whole thing @sneridagh
  • CSS fix on `QueryWidget` to prevent line jumping for clear button when the multi selection widget has multiple items @kreafox
  • Fix disable mode of `QuerystringWidget` when all criteria are deleted @kreafox
  • Fix reset pagination in searchblock when changing facet filters @tiberiuichim
  • Fix the selection of Maps Block @iRohitSingh
  • `UniversalLink`: handle direct download for content-type File if user is not logged. @giuliaghisini
  • Fixed `ObjectBrowserWidget` when is multiple or `maximumSelectionSize` is not set @giuliaghisini
  • Fix full-width image overlaps the drag handle @iRohitSingh
  • Fix move item to top of the folder when clicking on move to top action button @iRohitSingh
  • Fix `downloadableObjects` default value @giuliaghisini
  • Folder contents table header and breadcrumbs dropdown now appear only from the bottom, fixing an issue where the breadcrumb dropdown content was clipped by the header area @ichim-david
  • Folder contents sort dropdown is now also simple as the other dropdowns ensuring we have the same behavior between adjecent dropdown @ichim-david
  • Fix documention on block extensions, replace `render` with `template` to match Listing block @tiberiuichim
  • Fix `isInternalURL` when `settings.internalApiPath` is empty @tiberiuichim
  • Fix external link not supported by Navigation component #2853. @ericof
  • Get Add/Edit schema contextually #2852 @ericof
  • Fix regression in actions vocabularies calls because the change to use contextual schemas @sneridagh
  • Include block schema enhancers (main block schema enhancer + variation schema enhancer) when calculating block default data @tiberiuichim
  • Fixed object browser selected items number. @giuliaghisini
  • Fix action vocabularies call avoiding regex look behind @nzambello
  • Use subrequest in hero block to not lost locking token. @cekk
  • Always add lang attr in html @nzambello
  • Fix time widget position on 24h format @nzambello
  • QuerystringWidget more resilient on old schemas @nzambello
  • In search block, read SearchableText search param, to use it as search text input @tiberiuichim
  • Fix missing translation in link content type @iRohitSingh
  • Fixed drag-and-drop list placeholder issues @reebalazs
  • Update demo address @ksuess
  • Update list of trainings documentation @ksuess
  • Scroll to window top only when the location pathname changes, no longer take the window location search parameters into account. The search page and the listing block already use custom logic for their "scroll into view" behaviors. @tiberiuichim
  • Add missing layout view for `document_view` @MarcoCouto
  • Add missing `App.jsx` full paths @jimbiscuit

Internal Changes

  • Upgrade to react 17.0.2 @nzambello
  • Update to latest `plone.restapi` (8.16.2) @sneridagh
  • Upgrade to `@plone/scripts` 1.0.3 @sneridagh
  • Remove built workingcopy fixture environment based on local, back to docker based one @sneridagh
  • Add `omelette` to the local Plone backend build @sneridagh
  • Optimize npm package by adding `docs/` `cypress/` and `tests/` to .npmignore @avoinea
  • Use released `@plone/scripts`, since the builds are broken if it's a local package @sneridagh
  • Use `plone.volto` instead of `kitconcept.volto` @tisto
  • Silence customization errors, they are now behind a `debug` library namespace @sneridagh
  • Add development dependency on `use-trace-update`, useful for performance debugging @tiberiuichim
  • Improved developer documentation. Proof read several chapters, most importantly the upgrade guide @ichim-david
  • Use Plone logo (Closes #2632) @ericof
  • Footer: Point to `plone.org` instead of `plone.com` @ericof
  • Fix `make start-frontend` @tisto
  • Update all the tests infrastructure for the new `volto-guillotina` addon @sneridagh
  • Add locales to existing block variations @sneridagh
  • Add RawMaterial website in Volto production sites @nzambello
  • Removing the hardcoded default block type from text block @iRohitSingh
  • Updated Volto sites list @giuliaghisini
  • Cleanup dangling virtualenv files that should not be committed @pnicolli
  • Remove bundlesize @tisto
  • Upgrade stylelint to v14 (vscode-stylelint requires it now) @sneridagh
  • Add several more stories for Storybook @tiberiuichim
  • Add 2 new Volto websites by Eau de web for EEA @tiberiuichim
  • Fix references to old configuration style in apiExpanders documentation @tiberiuichim
  • Add `applySchemaDefaults`, in addition to `applyBlockDefaults`, to allow reuse in object widgets and other advanced scenarios @tiberiuichim
  • Fix select family widgets stories in storybook @sneridagh
  • Remove getNavigation from `Login.jsx` @iRohitSingh
  • Allow listing block to be used in non-content pages (when used in a slot it shouldn't crash on add/edit pages) @tiberiuichim
  • Fix typo "toolbalWidth" @iRohitSingh
  • Update all requirements and the reasoning behind them in builds @sneridagh
  • Update Plone version in api backend to 5.2.6. Update README and cleanup @fredvd
  • Document CI changelog verifier failure details that mislead contributors @rpatterson

Try Plone 6 with Volto today

Feel free to try out Plone 6 with Volto 14:

On The Road to Plone 6 - Volto 14 Released

Posted by kitconcept GmbH on December 22, 2021 09:24 PM

Volto continues to innovate at a fast pace towards Plone 6. Today we released another major milestone on our road to Plone 6: Volto 14.

Volto 14 was in the making since September 2021 and it is in active use in various projects at Eau de Web, Red Turtle, Rohberg, kitconcept, and others.

Volto 14 comes with a set of new exiting features: a new search block that supports faceted search, locking support, a new seamless mode that makes deploying Volto easier, a new mobile navigation and support for Node 16.

Faceted Search Block

The new search block allows editor to create sophisticated faceted searches through the web without writing a single line of code.

Editors can define criteria for the content that is listed, like in the existing listing block in Volto.

Then editors can then choose arbitrary facets that are displayed to the users to choose from to narrow down the search.

Locking

Locking in a Content Management System is a mechanism to prevent users from accidentially overriding each others changes.

When a user edits a content object in Plone, the object is locked until the user hits the save or cancel button. If a second user tries to edit the object at the same time, she will see a message that this object is locked.

volto14 locking Content object in Volto 14 that is locked by another user

Locking requires at least plone.restapi 8.9.0 or plone.restapi 7.4.0 to be installed.

Seamless Mode

The new “seamless mode” allows zero configuration deployment by avoiding hardcoded environment variables in builds involved, and establishing good sensible defaults when setting up deployments (and also in development). So the developer/devOps doesn’t have to overthink their setups.

These are its main features:

  • Runtime environment variables
  • Unified traversal ++api++
  • Use Host header to auto-configure the API_PATH

and these immediate benefits:

  • Avoid having to expose and publish the classic UI if you don’t really need it
  • If possible, avoid having to rewrite all API responses, since it returns paths that do not correspond to the original object handled and “seen” from Volto, so you have to adjust them (via a code helper) in a lot of call responses.
  • Simplify Docker builds, making all the configuration via the runtime environment variables

Seamless Mode requires at least plone.rest 2.0.0a1 to be installed.

New Mobile Navigation

We polished the mobile navigation for Volto 14 to improve the user experience on mobile.

New mobile navigation in action on the Plone Conference 2021 website

Node 16

Volto 16 will support Node 16 in addition to Node 14 and Node 12. Node 16 will receive security updates until April 2024.

node 16 Node 16 release schedule from nodejs.org

Plone 6

Volto 14 is an important step towards Plone 6. Volto 15 will switch the default editor from DraftJS to Slate editor and it is planned to be ready in Q1/Q2 2022. This is the last big step for Volto before Plone 6 can be released.

The Plone Newsroom Podcast Episode #04

Posted by PLONE.ORG on December 10, 2021 12:40 PM

The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!

Episode #04 on 10 December 2021 featured a discussion of the plone.org relaunch effort including content migration using collective.exportimport, a demo of Plone 6 alpha including how to install Volto add-ons, news about the Plone Foundation and the Plone Shop (offering vintage conference tee shirts), some notable add-ons (collective.taxonomy, collective.revisionmanager, collective.impersonate, plone.pdfexport), and a remembrance of Max Jakob, a dear friend of the Plone community. Go to the Newsroom page to view other episodes.

Questions for the December Steering Circle?

Posted by PLONE.ORG on December 06, 2021 12:05 PM

As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be December 14th at 13:00 UTC (15:00 CEST). Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.

The Steering Circle meetings will include a discussion of questions from community members. Please use this form to submit any questions you have and we will put them on the agenda.

Thank you for being an awesome community and for helping to move Plone forward into its third decade!

Plone Conference 2021 Recap

Posted by PLONE.ORG on November 27, 2021 08:15 PM

Plone Conference 2021 Online

This year's conference was a 9-day event for the Plone, Zope, Volto, Guillotina & Pyramid communities and consisted of training, talks, and sprints. The conference provided insight into the long history (20 years!) of Plone CMS as well as the latest, future-proof features and visions.

  • Plone - The original, open-source, enterprise-grade, all-in-one content management system written in Python.
  • Zope - The original Python web application server - the foundation for Plone and inspiration for Guillotina.
  • Volto - Plone 6's snappy, modern React front end powered by the RestAPI.
  • Guillotina - A re-imagined asynchronous back end compatible with Plone's RestAPI.
  • Pyramid - A small, fast, down-to-earth Python web framework.

https://2021.ploneconf.org/

With 295 attendees from 30+ countries from over the world, from Jamaica to Japan, USA to the UK, Germany to Finland, to Austria, Brasil and Australia, the conference attracted many newcomers to the community, in addition to long-time contributors since the early days of Plone. 

With the help of our sponsors, like Six Feet Up, iMio, and many others, the conference was held 100% Online, using LoudSwarm platform by Six Feet Up. LoudSwarm nicely combined video streaming, recordings, schedules, and chat discussion.

Every training, talk, and presentation was recorded and will be available online on Plone YouTube channel later.

Participants

Group Photo of Plone Conference 2021 Online.

Training

As in previous years, the conference included over 30 hours of free training, with topics including Mastering Plone, Volto Addons, Pyramid, and Guillotina.

https://2021.ploneconf.org/schedule/training

The training videos are already publicly available on YouTube.

Talks and Open Spaces

The 4 days of talks included almost 60 professional presentations, ranging from addressing specialized use cases to building and managing projects and into very technical talks about some aspect of a certain technology. Many of the talks focused on Volto, Plone 6's new React-based frontend, and there was also a lot of discussion about the future of Plone 6.

With Open Spaces and 5 min lightning talks, it was possible to bring into focus many other aspects and topics.

Some highlights of talks: 

  • Plone community
  • Plone 6, Volto
  • Plone 6 Classic
  • Plone.org renewal
  • Volto Add ons
  • Plone Migrations
  • Abfab, Frontend development
  • Quanta - new style for Plone
  • Plone in Brazil
  • 7 things to surprise you with Plone development
  • Guillotina
  • Accessibility

And many more! https://2021.ploneconf.org/schedule/talks

Keynote speakers

Keynote speakers

Sprints

Every Plone Conference includes at least two days of sprinting, so after the conference talks, people continued to meet, working to improve and develop the Plone ecosystem.

Sprint topics included e.g.

  • Plone 6 roadmap
  • Volto
  • Documentation
  • Image handling
  • Docker support for installers
  • Plone.org renewal

Community

The Plone community aims to be the most welcoming and friendly community towards new users and veterans alike. We are happy to report that this conference brought many new faces and we sincerely hope that everyone felt the love.

Chrissy Wainwright addressed some of these communal aspects in her first keynote: https://2021.ploneconf.org/schedule/state-of-the-plone-community 

Every conference has a party, and this was no different, except for the fact that everyone was online this time.

Thank you, everyone, sponsors, organizers, trainers, presenters, and especially participants for making this year's conference one to remember!

Next year: Plone Conference 2022 in Namur, Belgium!

Next year the conference will be held in Namur, Belgium!

So mark your calendars and stay tuned for Plone Conference 2022 news! Follow @ploneconf and #ploneconf2022 on Twitter and Instagram.

Plone Foundation Board for 2021-2022

Posted by PLONE.ORG on November 24, 2021 04:42 AM

The Plone Foundation exists to further the development, marketing, and legal affairs of Plone and the Plone community.

Among many tasks, the Plone Foundation board:

  • supports development of the Plone ecosystem by coordinating team efforts and identifying vital sprint targets;
  • protects the integrity of the Plone ecosystem by monitoring rights and assuring the continued value of the ecosystem intellectual property;
  • coordinates marketing of the Plone ecosystem and provides funding for representation at conferences and related events;
  • coordinates World Plone Day and an Annual Conference to encourage community connections and the enjoyment of the world's best CMS.

Read more about the governance process at https://plone.org/foundation/governance-process

Board members for the next year are:

  • Érico Andrei (President)
  • Jens Klein (Vice President)
  • Andy Leeb (Secretary)
  • Paul Roeland
  • Víctor Fernández de Alba
  • William Fennie
  • Kim Paulissen (new board member)

Read more at: https://plone.org/foundation/board/plone-foundation-board-for-2021-2022

You can email the entire board at board@plone.org

The Plone Newsroom Podcast Episode #03

Posted by PLONE.ORG on November 11, 2021 12:40 PM

The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. They cover technical and non-technical topics including Plone, the Plone community, and whatever else they come up with to keep us informed!

Episode #03 on 11 November 2021 featured a recap of the Plone Conference and the Conference Fanzone in Sorrento, Italy, plus information about Plone 6 development status, volto-eea-kitkat, and the add-on collective.taxonomy. Go to the Newsroom page to view other episodes.

David Ichim: What's new in Plone 6 frontend for developers

Posted by Maurits van Rees on November 08, 2021 11:18 AM

Distilled from the latest work done in Volto, we're showcasing some patterns, features, or enhancements that have landed in Volto from the last year to the present. We will also have a glimpse of what is ahead in the future of Volto with the new features roadmap.

In the past year we had four major releases, 40 minor releases, 36 alpha releases, 25 patch releases, for a total of 105 releases. Plus some new tooling and tool releases, like plone i18n and plone generator.

New Volto config, dubbed as Volto's Configuration Registry, introduced to fix circular import dependency problems. Hot Module Reloader was fixed. Read the upgrade guide.

New i18n (internationalisation) infrastructure. This is now a separate package. Same is used for generation of i18n in add-ons.Read the upgrade guide.

Forms as schema. Forms should be constructed from schemas instead of by hand. InlineForm allows us to create forms for blocks from a schema. Blocks can have variations, or we can extend it. Read the edit component documentation.

New widgets:

  • Object List Widget. Similar to the original DataGridField. Used in core by the Search Block facets.
  • Object Browser Widget is now a separate widget, instead of part of a block, and now allows the addition of external content.
  • Querystring Widget. Behaves like its counterpart from plone.app.querystring. Allows to create search criteria, used by the search block.
  • URL Widget. Used on text inputs, it knows to validate their value as a url, both internal and external.
  • Vocabulary Terms Widget for a JSONField, acts as a source for a SimpleVocabulary or Choice field. Play with it in the storybook.

New core blocks:

  • Search block
  • Teaser block (ongoing work).

Pluggable framework, similar to React's Portal component. See the talk by Tiberiu and see the Pluggables development recipe.

Storybook provides a sandbox to build and test visual components in isolation. Currently it is only setup to be used by Volto core. We need help with work to have storybook setup with adding. See the Storybook talk held by Victor, and see the storybook itself.

Critical CSS: inline the critical CSS for improved performance. Run critical-cli to output critical.css. This is then inlined in the headers, while regular CSS is moved to the bottom of the body. See the deployment documentation.

Lazy Loading utilities. Introduced injectLazyLibs HOC wrapper to inject lazy-loaded libraries as properties to your components. These components are only loaded once all your main libs are loaded.

Express.js middleware. Volto uses this for SSR and static resources serving. You can now write custom middleware and add it to settings.expressMiddleware.

API expanders allow the expansion of different API endpoints from Volto with calls from your custom endpoints. Avoid adding too many expanders if they are not critical to the initial page.

External routes: useful when another application is published under the same top domain as Volto. If Volto would fetch the content for that path, it will break. You can disable this path in config.settings.externalRoutes. You can also use regular expressions.

Seamless mode, introduced in Volto 13, enhanced in Volto 14, which has already seen a lot of alpha releases. Originally, we tried to unify both frontend and backend servers under the same path, but this was tricky, causing various problems. We settled on a new ++api++ traversal for getting information from the backend. Also, to come closer to zero config, you can now pass environment variables at runtime instead of build time. This means you can generate one build, and use this in all environments (testing, production). Read the deployment documentation.

Context navigation component. This is a navigation portlet component, similar to Classic Plone. The view is there, but you need to enable it. See the development recipe.

There is some work in progress:

  • Slots are Volto's answer to portlets, see the Volto Slots talk by Tiberiu Ichim for more details.
  • Image proxy: image scale generation done by a middleware instead of plone.scale.
  • Authentication from backend.
  • Replace Draft.js editor with Volto Slate. What is missing is a migration tool from one to the other. But work has started on a block conversion tool.
  • Async blocks that work with SSR.
  • Defaults in blocks form.

Future work:

  • Defaults in all widgets
  • Enable blocks enhancers in all blocks
  • Storybook in add-ons
  • Use newest react-intl package
  • Refactor the folder contents component
  • Form editing text enhancements, making it easier to modify text inputs.
  • A "group block" included with Volto
  • Quanta toolbar

I did nothing, I just brag about what others have done. So thank you Volto early adopter community!

Tiberiu Ichim: Volto Pluggables

Posted by Maurits van Rees on November 08, 2021 09:55 AM

This presentation is an introduction to the new Volto developer-targeted feature, the Pluggables framework. It is more an argument for extensibility in CMS UI and in Volto.

Basically, with Pluggable a central component provides a pluggable slot that other components can fill, like this:

<div className="toolbar">
<Pluggable name="toolbar-main" />
</div>
// ...
<Plug id="quicklinks" pluggable="toobar-main">
<Button />
</Plug>

This is a Volto port of https://github.com/robik/react-view-slot.

The big picture:

  • I work with Eaudeweb Romania
  • Our client EEA is an early adopter of Volto
  • The strategy is: move everything to Volto
  • But the EEA sites are less brochure, the CMS side is really strong.
  • We build powerful UIs for power users.
  • The EEA already has 91 Volto repositories on GitHub. How can we scale that? Can we write an add-on to make it easier to write an add-on?

In React, data flow is top to bottom. A parent component passes properties to children and children communicate with the parent by emitting events. This makes sense and works well. For "out of tree" data you need Redux. There is no protocol for add-hoc communication between components.

UI state is fluid. Extensibility means reusability and scalability. This is hard. You need to design upfront. Plone backend uses the Zope Component Architecture, which means pluggability is baked in, it is very natural. You can view Pluggables as viewlets-on-demand, but they are really not. But yes, you can think about a Pluggable as a viewletmanager and a Plug as a viewlet.

You can overwrite a Plug with a Plug, by registering it with the same id. So if the original Plug gives you color blue, you can overwrite it with color red.
You can do custom rendering of Plugs within your Pluggable, by iterating over all Plugs and for example wrapping each in a div with a class name.

Showcase: volto-workflow-progress (main toolbar plugin) and volto-editing-progress ("sidebar" for plugin).

Limitations:

  • No Server Side Rendering
  • Watch out for dependency lists.
  • Limited adoption for now.

Implementation in pseudocode:

First the context:

<PluggablesProvider>
<Pluggable name="top" />
<Plug name="delete" />
</PluggablesProvider>

Then the dumb version of the Plug:

const Plug = ({id, children}) => {
const { register } = useContext(PluggablesProvider.Context);

React.useEffect(() => {
register(id, () => children);
});

return null;
}

Takes a bit of study, but in the end it is not so hard.
The Pluggable becomes a bit simpler:

const Pluggable = (name) => {
const { getPlugs } => useContext(PluggablesProvider.Context);
return getPlugs(name).map(f => f());
}

Site updated from Plone 2.5 to Plone 6.0

Posted by Maurits van Rees on November 04, 2021 11:34 AM

I am one of the Plone Release Managers, and have been working on Plone 6, which is now in alpha stage. But my personal website was still using the ancient Plone 2.5:

Screenshot maurits.vanrees.org Plone 2.5 Screenshot of my website end of October 2021: still Plone 2.5

Often I have made plans to update my site to:

  • Plone 3
  • Grok
  • Plone 4
  • Plone 5
  • Plone 5.2
  • finally Plone 6

Long ago it was clear to me that an inline migration would not be practical. It would take too many steps: update the code to Plone 3.3, migrate the data, to Plone 4.3, migrate data, to Plone 5.2 Python 2.7, migrate data, Plone 5.2 Python 3, migrate data, Plone 6, migrate data.

Additionally, the question was how to handle the weblog, which is the main content. This was using Products.Quills, a Plone add-on for blogs. Updating to Plone 3 could have worked at the time, but this was made harder by some some custom code I added. This enabled me to use it as a podcast. I used this to enrich some of my summaries of sermons from my church with the actual audio of the sermon. I doubted whether to even include this content in Plone 6, as the last sermon was from 2008. I hate breaking links, so I kept it, although a bit hidden.

Another point that needed some extra attention, was that most, if not all, blog entries were not written in html, but in ReStructuredText. I make a lot of summaries of talks when there is a Plone Conference. The html editor on Plone 2.5 did not work anymore, or I disabled it to a simple textarea. I always open up the same text editor that I use for programming (previously Emacs, currently VSCode), and type the summary there. I much prefer writing ReStructuredText there, especially when I simply need text without any markup. I then paste it in Plone, without fear of losing all my work when my internet connection dies.

Lastly, I have an RSS/atom feed which is used by planet.plone.org and maybe others to stay updated when I add a new blog entry. I did not want this url to change.

Anyway, about six years ago I decided that I would use collective.jsonify to export my site, and then import it using transmogrifier. But time passed without any progress. This year, collective.exportimport was shaping up to be the preferred way to import the data. For export you can use it in Plone 4.3 as well, but definitely not in Plone 2.5.

At the beginning of this week I looked at jsonify. Didn't I have a local copy of my website on my laptop, with collective.jsonify installed? No! And it was not installed on the live site either. And installation would be hard, because the site uses Python 2.4, and currently you cannot even reach PyPI with older versions of Python 2.7.

Mildly panicked, I started on a custom script to export the content, still as json. Some details aside, this actually was not so hard. I looked at what collective.exportimport expected, and created the Python list of dictionaries accordingly. Then do a simple json.dumps() call and you are done. Except that this gave an ImportError: the json module is not available in Python 2.4. Okay, install simplejson package. But you need PyPI access for that, which does not work. Workaround:

  • Manually download an egg of Python 2.4-compatible simplejson 1.7 and save it in the buildout directory.
  • cp bin/instance bin/instance-json
  • Edit the new script and add the simplejson egg to the system path.
  • bin/instance-json run export_mvrsite25.py

After that, it was not too hard anymore. I used plonecli to create a new add-on with Plone 6.0.0a1. I actually do not yet use the add-on code, except for loading a minor patch that I added, but this gave a reasonable, modern Plone 6 buildout. Create a Classic Plone site, tweak a few settings (let Folder use folder_workflow, allow English and Dutch, navigation depth 1, enable syndication, configure caching and mail), import the content with collective.exportimport, edit a bit, and done.

The weblog now consists of standard Folders and Pages. To improve the view, I added a Collection, showing the latest pages first, and showing all content of the last seven blogs. I enabled syndication here, so it has an RSS/atom feed.

The weblog has always advertised two atom feeds:

  1. One for all weblog entries, at https://maurits.vanrees.org/weblog/atom.xml
  2. One for weblog entries with keyword 'plone' at https://maurits.vanrees.org/weblog/topics/plone/@@atom.xml

In the new site, the first one kind-of worked out of the box, but it only showed the items that were directly in the weblog folder, and this is not where my weblog entries are. I solved this with a patch to Products.CMFPlone.browser.syndication.views.FeedView: when atom.xml is viewed on a folder, check if it has a default page, and show the atom.xml of this default page instead. In this case, the default page is a Collection with the correct settings. So the general feed will keep working.

For the second one, my first idea was to create a folder 'topics' and within it a Collection with id 'plone'. Problem: 'plone' is a reserved word and cannot be used as id of a content item, so the id became 'plone-1'. Solution here: create the 'plone-1' collection directly in the weblog folder, and do a redirect in the frontend server (nginx):

 rewrite ^/weblog/topics/plone/@@atom.xml /weblog/plone-1/atom.xml last;

And that's it! My website is now on Plone 6.0.0a1:

Screenshot maurits.vanrees.org Plone 6.0 Screenshot of Site overview in new site.

There are some more details that I could go into, like splitting up the buildout into multiple parts, with tox as main way to build everything, in preparation for moving more and more parts to pip-only. But that will have to be for another time.

Meanwhile: have a look around, and enjoy the fresh look!

Steering Circle

Posted by Maurits van Rees on October 31, 2021 02:39 PM

Volto 14 alpha 23 is out. So still in alpha, but companies are using it in production. Should be final soon. Some plans for Volto 15. Created plone.volto integration package, where we try to give an easy transition from earlier company-specific versions. plone.restapi as always is pretty boring, stable. Erico worked on Docker integration.

Plone 6 alpha 1 is out. Eric sent an email for some coordination, like docs, training, accessibility, installers. If you want to be involved, let me know.

Franco has stepped out of the Framework Team, thank you for all your work. There is discussion about the role of the Framework Team. Plan is to keep it running, some more people have been asked.

Membership team: we have some people in sight as new members. Erico is stepping down as team lead, Victor is stepping up.

Security: Plone 6 will have 5 years security support. Synchronizing with Zope team. Some new members may be coming.

Marketing: busy with conference, also after the conference. Busy with plone.org renewal.

Installers: see the talk by Jens Klein earlier. Plone 6: no more installer, but we do have tooling. There are Docker images. We may want to reduce the role of buildout, and focus more on pip.

Plone Conference: you are looking at it. Some tasks to do afterwards. If anyone is interested in getting a certificate for following a training, ask us, and we can send it.

Internationalization: new branches for Plone 6, so Plone 5 uses different branch. New releases for 5 and 6. Updating po files, looking at i18n in Mockup.

Admin/Intrastructure: servers are still running. Cat herding sysadmins for doing stuff, keeping things up to date.

Trainings: relaunch is complete. We have three new trainings: Theming Plone Classic, Deploying Plone 6, Getting Started with Plone 6 (that one only in video). Various have seen major updates. Need to work on landing pages (we have two), remove the number 5 from the url, update some more trainings. Maybe Mastering Plone Classic training, but hard with navigation due to duplicate section targets when copying. Migration training would be good. We need to prune and tag some.

Plone Classic: We did polishing on Barcelonate, it is pretty ready. Focussing on bobtemplates before the trainings, making theming easier. JavaScript/ES6 is the remaining big issue. Plan is to finish it this year, we are quite far. We need other people helping us out.

Documentation: will be releasing a new Plone 5 branch today. For the new stuff, the tech stack is ready. New version of automated screen shot is about ready. We don't want a duplicate of the training, but we can automatically include code of it, so there is only one source of truth. The style guide is not always followed, seeing what we can do about that. Biggest point is missing documentation. There are now branches where the various teams can add and edit their content. We may change things, but we take this as input for the final structure.

Fred van Dijk: 7 things that can surprise you when you start customising or developing for Plone

Posted by Maurits van Rees on October 29, 2021 09:06 AM

This is a basic rundown and summary of our beloved subjects like ZODB persistence. Traversal. The view/viewlet/portlet trinity. How is a call handled in Plone. The differences between zcml and generic setup. Utilities and the ZCA. restrictedTraverse. The Plone catalog.

These are surprises that I have encountered myself, or that I have seen on faces of people I have trained or worked with during the years.

  1. Everything can or could be done through the web (TTW).

Zope vision from the nineties. Why don't we use this dynamic language called Python so we can change things TTW? It's so easy.

  1. The learning curve.

It starts easy, but then you hit what we call a Z-shaped learning curve. Dynamic Python makes things easy, and then it makes things hard, at least when you put Zope on it, then CMF, then Plone. Plone the product on top of a CMS on top of a framework on top of a language. We have a product, a framework, a stack, so it is hard.

  1. Five levels of conceptual complexity.

It helps to teach all the levels. Give new users a drawer for each level, so they have a box that they can put some info in.

You have:

  • browser: html, css, js
  • frontend: transforms, templates, zpt, metal, diazo
  • application logic: views, viewlets, portlets, adapters, Zope Component Architecture
  • dynamism: GenericSetup, zcml, xml, zope schema
  • programming language: Python, buildout, pip
  • package WorkManager (OS): apt, rpm

4 Same language/formats on different levels:

  • XML is used for the ZCA, GS, zope.schema, Diazo rules
  • package manager: buildout, pip, setuptools, GS

But: there is no magic. It is just advanced technology.

Startup:

  • Python uses sys.path modules to start bin/instance
  • ZCA loads site.zcml, package includes, other zcml to change configuration.
  • Then we have a runtime environment with objects and classes, the ZODB. GenericSetup is then some XML that you can use to change the ZODB.

So the ZCA overrides components in runtime. The alternative is to edit core files, maybe compile them, and restart. Much less nice and not sustainable.

So now we have a Plone process running.

  1. Zope is not that complicated.

Over HTTP Zope gets a request, does traversal, finds an object in the ZODB, loads it in memory. Then on top of this object we show a browser view / template. The template hooks into a main template, maybe does some sub requests, some Diazo, and we end up with some html and we are done.

This is all still 'lies to children'. It is simplified until we are able to understand more. With increment exposure to these concepts, it will stick more. It is complicated, but there is no magic.

  1. Acquisition.

It is traversal in the wrong direction.

  1. When you try to explain things, you improve your own understanding.

There is so much Plone content online: training, docs, youtube, github, discourse. We all learn in different ways, with own preferences, reading, viewing. There are so many repositories on github that you can explore for new ideas. Just yesterday Philip did a talk about exportimport and afterwards I did it, but from a different angle. It helps.

The community is our biggest asset.

Annette Lewis and Will Gwin: From Zope to Plone: Thinking User-First During Migration

Posted by Maurits van Rees on October 28, 2021 02:39 PM

Migrating a site is always a challenging task, but when you have dozens of subsites with specific brand standards and custom user functionality, the challenge becomes mammoth. Six Feet Up worked hand-in-hand with Purdue's College of Engineering to migrate their existing Zope site and its subsites into a new Plone instance running on Plone 5.2 / Python 3. Throughout the migration process, we considered the project scale, timelines, and limiting the impact on end users, all while managing the balance between user needs and best practices. During this presentation, you will learn:

  • why it matters to think user-first during migration,
  • about creative solutions for translating content and functionality into Plone, and
  • how to successfully migrate subsites.

An overview of the project:

  • HigherEducation always seems to go a bit slower, certainly with migrations.
  • Our previous CMS was built in Zope and was getting extremely old.
  • We have been using Python since 2001.
  • There were security concerns and modernization issues.

The impact:

  • Only 15+ content editors.
  • 40+ public facing subsites
  • 30,000 total pages.
  • 20+ departments and units

Why did we select Plone as the next CMS?

  • It is a modern CMS solution
  • Python-based, so that fit what we currently have.
  • It is built on top of the Zope web framework that we were already using.
  • We looked at Drupal, Wordpress, and more, but that would have been a too big undertaking.

This was in 2018.

Laying out the solution. From requirements to action. Who are our users and what do they want? Not just our direct client (Will and his team) but their clients/users.

Challenges during development:

  • Purdue University changed its brand look. We had to seamlessly blend subsites into the existing parent site.
  • Convert all content types and templates from Zope to Plone.
  • Keep sight of the user experience in both environments. Could they use the new environment without too much training, or needing to have too much tech knowledge?

Determine the project essence. Distill the requirements down into broad categories: accessibility, usability, flexibility, security.

What is the path to successful collaboration?

  • The absolute best might not be the right answer.
  • It's okay to say no to an idea, but you dhouls have an alternative ready.
  • Aim for the best, avoid the dangerous, end up somewhere in the middle sometimes.

On to our development goals:

  • Do things in a Plone way. Plone uses Zope, but Zope may do some things in a different way than is the best way in Plone.
  • So observe best practices.
  • Make it intuitive and keep it familiar for the editors.

Solutions at a glance

Migrating site content:

  • We wanted to move subsites one by one, as needed.
  • Translate existin content to Plone content types
  • We could re-import content over existing content non-destructively.

Theming: retrofitting Plone into an existing theme. That is what Diazo was made for, bridging the gap between Plone and the theme, especially since the theme is 'living', with subtle changes coming in often.

Each subsite had a browser view named local.css to change some things. Not really what you want in Plone, but they really needed it, as a way to make subsites or sections look different. So we added an action to edit the local css, inheriting from parent folders.

We created a subsite settings control panel. We used lineage.registry for this. All kinds of customizations can be done based on that, for example add extra text and links in the navigation menu. They used to be able to do this in Zope as well, but that was with various properties, and much more code oriented.

We use Mosaic for flexibility of layout. In Zope we had blocks for layout. Mosaic took this a step further into a nice UI with drag and drop. It gives faster site prototyping and development.

The sandbox: we wanted to have safe spaces for content experimentation. Completely separate from production environment. It is used for new user training and testing. It is quick and easy to reset.

This migration project has been a constant collaboration between the Purdue communications office, Engineering Computer Network, and Plone company Six Feet Up. The content editors feel empowered to make complex changes, without constant oversight from my team.

Alan Runyan: Building a Secure Cross Platform Mobile/Tablet Application (Flutter) using Plone as Backend Server

Posted by Maurits van Rees on October 28, 2021 01:44 PM

Enfold has been working on a secure cross platform mobile application the past eight months. Walk through of the Requirements, Security, Flutter framework, Backend configuration of Plone, Authentication and Lessons Learned. Our goal is to have a free public release of a limited version of the application Q4 2021.

It was an adventure for us. The core team never built a large mobile application. We did not know what we did not know.

The big picture:

  • A mix of devices (Android, iOS) needs to synchronize files to and from Plone.
  • All services are self-hosted in GovCloud. So we have no central database or server that we control.
  • If this becomes a success, then future phases may require a lot of certification of the codebase, code reviews.
  • Initially we worked with 15k devices, supporting 40k would be a success, the ceiling that we might support is 300k.
  • Users are completely offline for longer times.

We used Flutter to create a React native app, see https://flutter.dev It is a UI toolkit. Why did we use Flutter?

  • It is cross platform mobile.
  • It uses Dart, which is statically typed, making code analysus much easier.
  • Google seems to be prioritizing developer user experience, it really shows of quite a bit.

Dart has asynchronous code as a first class citizen. Quite different from Python. Runtime reflection (pdb) is unavailable. It has good ergonomics, with generics and closures. It is a driving force behind the Flutter toolkit.

Thoughts on mobile development:

  • It is a lot to take in.
  • You need to understand lots of languages, for us: kotlin/java, swift/obj-c, and Dart.
  • No idea how to test platform integration.
  • Native libraries are managed using Cocoapods/Gradle. Flutter drives those. Setting it up is yet another new thing to learn.
  • There are lots of inconveniences, like how do you read sqlite off a device, because that is how we store some of the info?
  • Also inconsistencies: if the app works on an emulator, that does not mean it works on a device.

On the server side:

  • Plone operating as a Webdav server
  • We need to support OIDC (mod_openids/oauth2)
  • Not many writes, maybe 100-1000 per day, but lots of reads.
  • 20k+ devices daily

Alternatives to the server/protocol could be nice:

  • Honestly, are there any standards other than WebDav?
  • An S3 api would be reasonable.
  • So ideas are welcome, let me know.
  • We have been working on prototypes with guillotina_webdav + openidc.

The good parts of Flutter:

  • UI/UX development is very fast, with lots of widgets. We had two developers who were used to Angular, and they took it up quite fast.
  • The bridge to native code (Pigeon) is straight forward.
  • Drift is an amazing sqlite library.
  • Riverpod for state management
  • Dependency management is good (flutter pub). You can tell that they learned a ton from others, like pip. Except that very occasionally the package cache is broken so you need to clean it.
  • They have a good community, with add-ons.

The not so good parts of Flutter:

  • Inconsistent platform features, like WorkManager (Android) versus NSUrlSession (iOS)
  • Dependency churn: often new versions come in, which you then need to check.

The mobile app:

  • We are still wrapping up the remote file operations.
  • After we deploy into production, we will improve the UI.

Yes, we hope to open source the synchronization framework, and maybe the foreground/background transferring subsystem. Yes, we have built a Flutter web-app of this, but it looks just like the mobile app currently. Needs a separate layout really. No, we have not done a Desktop app.

Lightning talks Wednesday

Posted by Maurits van Rees on October 27, 2021 08:35 PM

Peter Holzer: My first Plone 6 site

This was in April 2020. I friend wanted a shop for his post cards. Lots of search filters.

We create a new Plone theme on Bootstrap 5. Updated our bda.shop stack.

See https://www.fotoeigenart.ch

Michael McFadden: Web developer confessions

I had a web form up where people could submit confessions, totally anonymous.

  • I used Perl
  • I sometimes test things in production.
  • I voted against removing the tag from HTML.
  • I store user passwords, as we often need to login as a user to fix their... stuff. We take precautions, but still.
  • I allowed editors to add css at a top level in the site.
  • I have a marquee tag on our site.
  • I am using iframes to include those who are unwilling to move into our big Plone Site. It is a way to do imports.
  • I use pdb on production all the time with a client instance.
  • I use
    for my page layout.
  • I don't setup the whole translation machinery on our Plone Site. Hello USA!
  • I use heavily duplicated code. What's wrong with coding with copy and paste.
  • I did not backup my data, and I knew the RAID aray was bad.
  • I think downtime is good for mental health.
  • I still hate javascript. And now we have node.
  • I don't always do web development. But when I do, I do it through Zope using plone_custom.css on a production site.
  • I fixed it with css. .class {display: none !important}
  • I suggested to a user to try it in another browser, like Edge. I am still ashamed.
  • I am not trained in UX or web design, but I do it anyway, because I just know what's right.

Fulvio Casali: Plone sponsorships

We are looking for financial sponsorship on a regular basis. Open source is a labor of love, but we also need money. The Plone Foundation supports the community financially for sprints, conferences, releases. We have administrative costs, like for trademarks, lawyers, hosting.

So you support independent media producers via Patreon, Substack, Medium, Youtube? How much? If not, maybe your boss does? Have you watched listened to the Plone podcasts?

Sponsors can be providers, customers, universities, companies that somehow use Plone. We couldn't do it without you.

Mail sponsor@plone.org.

Dylan Jay: Why Drupal won down under

Two stories of government websites, in this case UK and Australia, where other CMSes won the day. Maybe with Plone 6 we can gain some ground back.

PreviousNext is a Drupal shop in Australia. In 2012 aGov launched, a distribution of Drupal specifically for Australian Government websites. That was cleverly done. They organized a Drupal conf in Canberra, the capitol. Most of the stuff could not have been done without support by Acquia, the behemoth company behind Drupal. It helps to be able to say that they have got you backed.

Then the UK. In 2012 Gov.uk launched. 2013 Service manual published.

Ideas for Plone:

  • Open CMS for a specific government.
  • Acquia equivalent
  • How to sell o governments that have been burnt by Plone?
  • Target internal React developers.
  • Use a better term than 'enterprise'. Governance CMS for React Developers?
  • Concentrate on services, not websites?

Maik Derstappen: Current state of Mockup

We are moving Mockup and Patternslib to ES6. We replaced some Mockup patterns with patterns from Patternslib. Most mockup patterns are finished, just a few left that need a bit of work. Plone Classic UI frontend works basically, some issues left in control panels mostly.

Things will get easier. No more RequireJS yelling at you. Add-ons can provide, require and ship any javascript module. Plone will only load everything once, thanks to Webpack module federation.

Timeline: ES6 branch will be merged in the coming months.

Give it a try using the buildout.coredev repository and:

./bin/buildout -c plips/plip-3211-mockup-redone.cfg

Help us! Join us during the conference sprint or every Thursday on Discord, the classic-ui voice channel.

Johannes Raggam: Javascript integration

This is about Webpack module federation.

Goals:

  • add-on without recompiling
  • No or negligable code duplication, small bundle size

Hard to achieve with Plone 5 and RequireJS.

New concept: Webpack module federation, or actually just module federation, as it is not tied to webpack.

  • separate bundles
  • dependencies between each other
  • define shared bundles
  • define exported and remote modules
  • fallback to own dependency

David Glick: Snowfakery

Snowfakery is a tool for generating fake data that has relations between tables. Every row is faked data, but also unique and random, like a snowflake. To tell Snowfakery what data you want to generate, you need to write a Recipe file in YAML.

You may want realistic data in tests, but not production data.

I write a yaml file and tell it how many folders and documents to create. I let snowfakery export this to json. Actually, I have defined a slightly different format for Plone. This outputs a json file that can be used by collective.exportimport.

Snowfakery documentation: https://snowfakery.readthedocs.io/en/docs/

Philip Bauer: One small VS Code trick

For the training this year for the first time I used one editor for both Volto and Classic. This is because of one VS Code trick.

I use the Pylance language server for VS Code, which is fine, but it cannot initially find the Plone code. Simple fix for that: I have a script zopepy in my bin folder. Find it, copy the path, in VS code configuration go to 'Python: Select interpreter', and paste the path. After a few seconds, or maybe reloading an open file, it works, and VS Code finds all packages and modules.

Erico - New Docker images

Plone loves containers. Some have had a love/hate relationship with Docker, but we are over it. Maybe Docker is over it too.

We have a new generation of Plone Docker images:

- ``plone/plone-backend`` 5.2.6 and 6.0.0a1
- ``plone/plone-frontend`` Volto 14.0.0-alpha
- ``plone/plone-zeo`` is still available (5.2)
- ``plone/plone-haproxy``

Use your own Plone image, with an example extra add-on:

FROM plone/plone-backend:6.0.0a1
RUN ./bin/pip install "pas.plugins.authomatic --use-deprecated legacy-resolver"

The use-deprecated option should hopefully not be needed in the near future. Maurits has opened a [PR in pip](https://github.com/pypa/pip/pull/10574) for that.

All these images are based on pip. One point: do not use autoIncludeDependencies in your zcml, as this does not work with pip.

Examples for Docker compose: https://github.com/plone/plone-frontend#using-docker-compose

Thank you to the installers team: Jens, Alin, Silvio, Steve, Kim, Erico.

Thomas Schorr: Pyruvate WSGI Server Status Update

Posted by Maurits van Rees on October 27, 2021 07:23 PM

At last year's Plone conference, I presented Pyruvate, a WSGI server implemented in Rust (and Python). Since then, Pyruvate has served as the production WSGI server in a couple of projects. In this talk I will give a project status update and show how to use Pyruvate with Zope/Plone and other Python web applications and frameworks. I will also present some use cases along with benchmark results and performance comparisons.

WSGI is the Python webserver gateway interface. It is the default way for Python apps to talk with a webserver.

During the Python 3 migration of Zope and Plone, WSGI replaced ZServer as the default, since Plone 4. The ZODB is not thread-safe. This means there is a limited choice of WSGI servers. The Zope docs recommend only two: waitress and Bjoern. Other popular servers showed poor performance for Zope.

Rust is a new, popular programming language. It can also be used to extend Python packages. The cryptography package does this, and we all use this package.

Pyruvate from a user perspective:

pip install pyruvate

Then create an importable Python module:

import pyruvate

def application(environ, start_response):
    """WSGI application"""
    ...

pyruvate.serve(application, "0.0.0.0:7878", 3)

Using pyruvate with Zope/Plone. In buildout you add pyruvate to the eggs of your instance, and use a different wsgi-ini-template.

  • Pyruvate supports active Python versions, currently 3.6-3.10.
  • Using Mio to implement I/O event loop.
  • Worker pool based on threadpool, 1:1 threading.
  • A PasteDeploy entry point.
  • It is stable since 1.1.0.
  • Supports Linux and MacOS
  • Hosted on Gitlab
  • There are binary packages for Linux, so there you don't need a Rust compiler to install it.

Let's see about performance. As starting point: Performance analysis of WSGI servers by Omed Habib, see Appdynamics blog. This is a performance comparison of 6 WSGI servers, published in 2016. Tested were: Bjoern, CherryPy, Gunicorn, Meinheld, mod_wsgi and uWSGI.

Benchmarking tool was wrk. The test WSGI application simply returns some headers, and the text "OK".

I changed the original setup. Swapped Meinheld and mod_wsgi for Pyruvate and Waitress, swapped CherryPy for Cheroot. Use Python 3 only. Now we look at the metrics.

Number of requests served:

  • Bjoern is by far the best.
  • Pyruvate does not do so well with lower number of simultaneous connections, but with higher numbers, it jumps to second place after Bjoern.

CPU usage:

  • Bjoern is single threaded, so is 100 percent, the others can do more.
  • Gunicorn starts the best, but drops in performance with more simultaneous connections.
  • Pyruvate starts slightly below it, but sustains it better.

Memory usage:

  • More or less okay for all.
  • Except uWSGI, where memory usage steadily goes up.

Errors:

  • With increasing load, all servers show errors on higher load.
  • Except waitress and Pyruvate.
  • uWGI always shows errors for every single request, so something is wrong. But it still serves the request. So maybe an issue of the benchmarking tool.

Why is Bjoern so much faster?

  • Good implementation, many optimizations.
  • It is single threaded. Switching from single to multi-threaded comes with benefits and costs.
  • Shared access to resources adds to complexity.
  • Offloading requests to worker threads only makes sense when there is something to work on, which is not the case in this benchmark.
  • Python's GIL generally makes multithreading less effective.

Let's look at benchmarking Plone 5.2.5. Testing with Bjoern, Pyruvate and Waitress. All three serve the Zope root about 600 requests per second, and this stays the same when simultaneous connections increase. Serving the Plone root: all three about 27 requests per second.

Number of errors, mostly socket errors:

  • Bjoern starts giving errors a bit earlier, starting from ten simultaneous connections, but it holds up well.
  • Pyruvate and waitress start giving errors at 50 simultaneous connections.
  • With 100, Pyruvate does a lot worse than Bjoern, and waitress even more than that.
  • So you really can't have that many simultaneous requests to Plone.

CPU usage is the same, all 100 percent. In this setup I have used one worker for each server.

Serving /Plone as json: Bjoern is slightly better than Pyruvate, which is slightly better than waitress, but all are around 500 requests per second, quite close to each other.

The most interesting is number of requests served when getting a 5.2 MB blob from blobstorage. Bjoern is around 200, Pyruvate 180, so close, and waitress a lot worse, dropping from about 80 to 40.

Next setup: 2 threads for Pyruvate and waitress. Pyruvate is then better than Bjoern. Waitress starts better, but cannot keep up.

Using 2 threads but 4 CPU, Both Pyruvate and waitress are a bit better than Bjoern, and keep it up.

Conclusions from benchmarking:

  • Bjoern is the winner when using a single worker for all URLs except /Plone.
  • When serving a more complex page such as /Plone, there is no real difference in the number of requests served, but Bjoern is showing errors a bit earlier.
  • Adding one thread plus sufficient resources lets both Pyruvate and waitress perform better than Bjoern.
  • All configurations failed to sustain higher loads, more than 50 connections.
  • Bjoern and Pyruvate are serving blobs a lot faster than waitress.
  • Pyruvate can challende waitress in all scenarios.
  • When adding worker threads, Pyruvate seems to make better use of resources than waitress.

As test I setup Apache for fair balancing between two ZEO clients on Plone 5.2, one served by Pyruvate, one by waitress. Consistently more requests are sent to Pyruvate (53 percent).

Code: https://gitlab.com/tschorr/pyruvate

Tiberiu Ichim: Volto slots, portlets on steroids

Posted by Maurits van Rees on October 27, 2021 03:55 PM

Problem: Volto has no equivalent of a viewlet. Solution: slots. They can be management slots, presentation slots, below-footer slots.

One reason: we try not to customize the main template.

Volto also does not have portlets. Well, if you really want them badly enough, you can have them. There is a PR in plone.restapi to export portlets, so you could render them in Volto.

Idea: reuse Volto blocks for layout.

Plone has had portlets for a long time, and it is very useful, especially for smaller sites. You should not have to be a web developer to change the website layout. Portlets give site administrators some power to influence the look of their own site. We should keep that possibility.

Volto's slot proposition:

  • Simplify configuration. Portlets in Classic need too many files.
  • Volto blocks are very expressive.
  • Require Modify Portal Content permission for slots.
  • UI Power: give more capabilities: - atomic blocking of parent blocks - override parent blocks

How can we use them?

  • Sidebars: listings, info boxes, navigation
  • section headers, content

Current status: big PRs on plone.restapi and Volto. Overall the basic functionality is 60-70 percent ready. I will do a live demo.

Questions for the October Steering Circle?

Posted by PLONE.ORG on October 25, 2021 06:35 PM

As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be October 29th at 13:00 UTC (15:00 CEST). Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.

The Steering Circle meetings will include a discussion of questions from community members. Please use this form to submit any questions you have and we will put them on the agenda.

Thank you for being an awesome community and for helping to move Plone forward into its third decade!

Plone 6.0.0a1 Alpha Is Here!

Posted by PLONE.ORG on October 22, 2021 07:50 PM

Plone community proudly presents the first alpha release of Plone 6 - feel free to try it out!

https://plone.org/download/releases/6.0.0a1

Some Highlights of the Alpha Release

  • The big one: Volto as new front-end, using React, built with modern JavaScript tools.
  • The backend is now called Plone Classic. It generally works the same as Plone 5.2, so if you are not ready for Volto yet, you can just use this.
  • Support only for Python 3.7, 3.8 and 3.9.
  • Zope 5.3
  • Extensive overhaul of Plone UI elements based on Bootstrap 5 components.
  • Barceloneta LTS theme
  • Add control panel for relations
  • Add plone.api.relation module to ease using relations.
  • Use Dexterity for the Plone Site root object.

Plone 6 editing experience combines the robust usability of Plone with a blazingly fast JavaScript frontend

Plone 6 editor

Plone 6 Uses the Latest Web Technologies

The Plone 6 user experience has been redesigned from scratch to be awesome for power users and occasional users alike. It's easy to create adaptive layouts using a flexible and powerful blocks system built from the latest web technologies. There's no need for in-depth knowledge of how the web works or how the page will look on thousands of different devices - editors can split individual blocks into multi-column content that will automatically adapt to any device. Building complex, responsive pages with Plone 6 is effortless.

The blocks system is not limited to rich text. It will come with a faceted search block that allows editors to easily create sophisticated searches that make use of content metadata. Other blocks can present collections of content dynamically generated from a search. Plone has always included search, now the blocks system allows the search to be harnessed in new ways.

Form Builder, No-Code Content Types, Rich Ecosystem

Plone 6 also includes: 

  • A powerful form builder. Editors can create forms via drag and drop and define actions such as sending form data via email or storing it in CSV format for later use;
  • No-code custom content types that can be created through the web, including metadata fields, behaviors and view templates;
  • A rich ecosystem with more than 100 add-ons, even before it has been launched; an active and enthusiastic community of developers and companies is creating new add-ons every day.

The quick growth of the Plone 6 community is the result of developer-friendly technology choices. It is built with the two most popular programming languages (Python and JavaScript) and an open-source software stack that powers some of the largest websites in the world.

Read more about Plone 6.

Try Plone 6 and learn more at the Plone Conference 2021 Online

Plone Conference 2021 - Schedule, Trainings and Participation Info

Posted by PLONE.ORG on October 19, 2021 05:05 PM

Taking place over 9 days, from 25th to 31st October 2021, the Plone Conference 2021 Online will feature training, keynotes, talks, open spaces, sprints, and social activities.

Schedule

Important dates:

  • Training will happen over the weekend - October 23 & 24
  • 4 days of keynotes and talks + 1 day of open spaces - October 25 - 29
  • Sprint - October 30 & 31

All information can be found at: https://2021.ploneconf.org

Check the full schedule at Schedule with precise starting times (CET).

Training

Two days of training is included in the ticket price. Learn about topics like:

  • Mastering Plone 6
  • Volto Add-On Develoment
  • React and Volto
  • Plone 6 Classic UI Theming
  • Volto and Plone Deployments
  • Getting started with your Plone 6 site
  • Guillotina React
  • And more!

All training info can be found at https://2021.ploneconf.org/schedule/training

All trainers are friendly professionals from the Plone community.

Important! Remember to register to training at using registration form.
(Just make sure you have a ticket first).

Keynotes

We will have three amazing keynotes:

Check the schedule at https://2021.ploneconf.org/schedule

Talks and speakers

There will be over 40 professional talks by speakers from all over the world. Topics will range from Plone 6 and Volto to theming, migrations, case studies, documentation, and much more. Talks about Guillotina, React, Python, Accessibility, Open Source, Community, UX, Frontend and Backend development are scheduled.

Talk audience level is clearly described, so there will be something for everyone through 3 tracks. All talks will be streamed live and will be available as recordings immediately after. Participants will be able to discuss with the speakers after every presentation.

https://2021.ploneconf.org/schedule/talks

https://2021.ploneconf.org/speakers

The conference will also feature one day of lightning talks and open spaces for bringing up ideas and innovation!

Get your tickets

Only 100$ per ticket, and only 25$ for people from developing countries

https://2021.ploneconf.org/tickets

How to participate

This year’s conference will be entirely online, through the LoudSwarm virtual platform, the same as with the 2020 conference. 

Each registered person will get an email about how to access the system. Rest assured it will be very easy, and the level of interaction will be high! This is a community event, with lots of discussion and friendly emojis :)

Join the Slack spaces

The Plone Conference Slack Workspace is where all information about the event will be shared. This is also where you will be able to chat with speakers, attendees, and organizers. If you haven't already, join the Plone Slack now and navigate to channel #conf2021_hallway.

If you have a question during the event, please visit the #conf2021_help_desk channel and our team will be available to assist.

Code of conduct

The Plone Foundation is dedicated to providing a respectful, harassment-free community for everyone.

https://2021.ploneconf.org/code-of-conduct

Follow Plone Conference

Follow Plone Conference https://twitter.com/ploneconf
Follow Plone at https://twitter.com/plone
Contact the organizers at conf@plone.org

https://2021.ploneconf.org/

Contact the organizers at conf@plone.org.

The Plone Newsroom Podcast

Posted by PLONE.ORG on October 18, 2021 12:40 PM

The Plone Newsroom is a monthly podcast brought to you by Philip Bauer and Fred van Dijk. Technical and non-technical topics will be covered, including Plone, the Plone community, and whatever else they come up with to keep us informed!

Suggest a topic to include in the next episode by sending an email to Philip or Fred (first name 'at' plone dot org).

The premier episode featured a discussion of Plone Open Garden and a roundup of conference and release news, plus information about collective explicit acquisition and the Volto Search Block. Go to the Newsroom page to view other episodes.

Plone Store Is Now Open - Get Your Plone Gear!

Posted by PLONE.ORG on October 13, 2021 12:00 AM

The Plone Foundation proudly presents:

https://store.plone.org

The new shop for all Plone-related gear from T-shirts and hoodies to stickers and such is now open!

For now, you can get:

The shop is built on the TeeMill platform by the Plone Marketing Team, and we will be adding more Plone-themed gear over the coming weeks and months.

We made an extra effort to bring the site online before the Plone Conference 2021 online, so if you order your conference T-shirt now you might get it just in time before the conference opens 23rd October!

The Plone Foundation provides all items in the store without any markup, so the prices should be relatively low (Shipped from UK, so take note of customs and shipping fees).

All clothing items are high-quality certified organic products, made from post-consumer remanufactured organic cotton in a renewable energy-powered factory, audited for a wide range of social and sustainability criteria. Read more at https://plone.teemill.com/the-journey.

The Plone Foundation Welcomes Two New Members

Posted by PLONE.ORG on October 12, 2021 12:00 AM

The Plone Foundation welcomes two new members after unanimous confirmation by the Foundation's Board of Directors on September 30, 2021.

Membership in the Foundation is conferred for significant and enduring contributions to the Plone project and community. The Plone Foundation Membership Committee overwhelmingly recommended each applicant for their ongoing contributions to Plone.

Nicola Zambellos presenting at Plone conference

Nicola Zambello

Nicola has been developing with Plone since 2016 and has become an important contributor to the Volto project. He started RawMaterial, a Plone-based company, last year and will present his vision for a practical Green Web strategy at this year's conference. "I love Plone," he writes. "I feel at home with the community and I strongly want to support and invest in Plone, taking it to new horizons while maintaining what makes it so good."

Nicola will present one of the trainings at this year's conference; he lives in Ferrara, Italy.

Tiberiu IchimTiberiu Ichim

Tiberiu works with EauDeWeb and has been a member of the Plone community since 2004. Since 2019 he has been focused on Volto, and is a member of the Volto Core Developers team. He is the initial author or major contributor for several Volto add-ons, including volto-slate (alternative rich text editor) and volto-block-style (generic styling for Volto blocks).

Tiberiu lives in Oradea, Romania.


The Plone Foundation encourages applications from long time contributors to the Plone project and community. Learn more about the Foundation membership and the application process.

Nominations Open for Plone Foundation Board of Directors

Posted by PLONE.ORG on September 27, 2021 07:00 AM

If you have an interest in helping the governance of Plone, and particularly the energy and time to pitch in, please consider nominating yourself to serve on the Plone Foundation board of directors for 2021-2022.

Nomination Process

  1. Log in on plone.org and go here: 
    https://plone.org/foundation/meetings/membership/2021-membership-meeting/nominations
  2. Add a page there with your name in the title.
  3. For the body, discuss:
    • Who you are
    • Why you're interested
    • What you think you can add to the Plone Foundation
    • Most importantly, the name(s) of one or more Plone Foundation members who "second" your nomination
  4. Once ready, click "submit" in the workflow drop-down menu to get a reviewer to look at your nomination.
  5. Nominations will be accepted until October 22 2021, 23.59, UTC. The election will be conducted in conjunction with the annual meeting, which will take place during the Plone Conference 2021. All active members of the Plone Foundation will be eligible to vote.

About Board Membership

The Plone Foundation is a not-for-profit, public-benefit corporation with the mission to "promote and protect Plone". That has meant that the board is involved in:

  • protecting the trademark, copyrights and other intellectual property, including considering licensing and usage issues;
  • hiring the release manager;
  • working with sub-communities like Zope, Guillotina, and Volto
  • working with various committees, including marketing and membership;
  • handling "other stuff in the community" as needed
  • but not: directing Plone development. The board facilitates, but does not direct, the development of Plone itself.

While there's lots of work that happens online, much of the critical business of the board is conducted during video meetings every two weeks — typically, board meetings last about an hour to 90 minutes though occasionally they can run over to handle time-critical issues.  Please consider whether this fits your schedule, since missing more than an occasional meeting severely limits the ability of the board to reach quorum and conduct business.

Historically, board meetings have been organized to occur during daytime hours in America and evening hours in Europe, currently at Thursday nights, 19.00 UTC in northern hemisphere summer and 20.00 UTC in northern hemisphere winter. That can always change with new board members.

In addition, there is a board mailing list (private), where we discuss things in addition to the meetings.

This is a working board. Be ready to regularly take on and complete responsibilities for board business.

The board writes no code and makes no development decisions. It is much more concerned with marketing, budgets, fundraising, community process and intellectual property considerations.

You do not need to be a Foundation member to serve on the board (in fact, board leadership is an excellent way to become a Foundation member). All you need is to get an active Foundation member to second your nomination.

The Plone Foundation is interested in broadening the diversity of our leadership, with regards to gender, ethnicity, and geography.

If you have questions about the nomination process, contact the board: board@plone.org

Plone.org Is Getting a Facelift

Posted by PLONE.ORG on September 16, 2021 04:21 PM

Years have passed since the 2016 sprint at Penn State where a team of community members worked on a new theme and madly reorganized content on the Plone 5 version of plone.org. The site dates back to 2002 and the Plone 1 days, and the software and content had been upgraded in place over the years with only minor theme changes - to Plone 2 and 2.5, then Plone 3, then Plone 4, and finally Plone 4.3. It served us well, but because Plone 5 brought many changes, including a new out-of-the-box theme (Barceloneta), we mounted a major effort to refresh the design as well as upgrade the content and software.

What was new then is now looking old, and the marketing team has embarked on a modernization effort. The ultimate goal is to upgrade to Plone 6 and create a React-based theme using the new front end. But meanwhile we've been having a series of mini-sprints to improve what we have now.

Our first major initiative was to improve the News section, which holds an amazing collection of content. Browsing it can take you back in time - to the Plone 1.0 RC1 release announcement for example, or Alan's 2002 thoughts on what Plone should be, or approval of the Plone Foundation as a 501(c)(3) organization. It was already possible to browse news items by year, but we thought categorization by topic would also be useful. So we tagged every news item, and now you can browse news items by category. Fulvio Casali chronicled this effort in his 2020 Plone Conference talk Oh the Places We've Been!

A not very attractive display of news items and listings was another issue. So we sketched out a cleaner look, with a standardized lead image aspect ratio and a more useful byline. Then the more technically adventurous members of the marketing team (Norbert, Fulvio, Érico) strapped on helmets and figured out how to make changes to the site's theme. You are looking at our initial improvements, and there's more to come.

Our other major initiative is to move the contents of the plone.com site over to plone.org. Over the years plone.com became very difficult to maintain, so we have discontinued it. (Contact the marketing team if you need to retrieve any plone.com content.) With that in mind, we created a What is Plone? section on plone.org which is oriented towards the plone.com audience. It is also a place for us to describe all the pieces of the Plone ecosystem and how they fit together.

In addition to these bigger jobs we've been making lots of little improvements during our mini-sprints, including fixing bugs old and new as recorded on the plone.org issue tracker.

Would you like to help with this effort?

We'd love to have you!

  • Join our effort to promote Plone by publishing regular plone.org news items - successes, new developments, controversies, generally telling a broad audience what's happening in the Plone world
  • Do you have design skills? We don't and we need help with design improvements and eventually a new theme for Plone 6
  • If you are a theming wizard please help us modernize the site styles - more 2021 and less 2016
  • Show off Plone's built in search by creating a beautiful search results listing
  • Help us with our ongoing efforts to fix bugs and curate content
  • Help us migrate plone.org to Plone 6

Please contact the marketing team to get involved. Anyone with technical, design or content editor skills is welcome.

 

The Plone Foundation Welcomes Two New Members

Posted by PLONE.ORG on September 09, 2021 10:09 PM

The Plone Foundation welcomes two new members after unanimous confirmation by the Foundation's Board of Directors on September 2nd, 2021.

Membership in the Foundation is conferred for significant and enduring contributions to the Plone project and community. The Plone Foundation Membership Committee overwhelmingly recommended each applicant for their ongoing contributions to Plone.

cleber.jpg

Cléber J. Santos

With over 15 years of Plone experience, Cléber is an important member of the Brazilian Plone community. He was part of the team that helped organize three editions of the Plone Symposium South America and the Plone Conference in Brasilia.

Cléber lives in São Paulo, Brazil.

steve.jpgSteve Piercy

Contributor of many projects under the Pylons Project, including Pyramid, WebOb, Waitress, Colander, Peppercorn, and WebTest, Steve is also a constant presence in Plone community chats and forums. In recent years, he has collaborated with the Plone Documentation and Training materials teams and attended Plone Conferences as a speaker and a trainer.

In his spare time, Steve volunteers technical support for bicycling and environmental activist organizations. He lives in Eugene, Oregon, USA.

The Plone Foundation encourages applications from long time contributors to the Plone project and community. Learn more about the Foundation membership and the application process.

Plone Conference 2021 Online - Tickets for Sale Now!

Posted by PLONE.ORG on August 19, 2021 07:38 PM

The annual conference is a chance for the Plone community to come together to share new developments, success stories, and the future of the community. Taking place over 8 days, the conference will feature training, keynotes, talks, open spaces, sprints, and social activities.

This year’s conference will be entirely online, through the LoudSwarm virtual platform. No matter where you are, you can participate!

Plone Conference website now online

Behold https://2021.ploneconf.org/

The conference website is, of course, built with Plone.

Tickets are now available

Discounted tickets, available until September 30th, also a special price for developing countries.

Get your tickets here.

Submit your talk proposal

The topics can range from Plone, Zope, Volto, and Guillotina to Python and Pyramid or from fancy JavaScript to cool case studies and beyond.

There are many kinds of talk slots, from 5 min lightning talks to 30 and 45 minutes long, and you can target your talk to different audiences too.

Submit your talk proposal!

Stay tuned for more info

Follow Plone Conference at Twitter https://twitter.com/ploneconf

Follow Plone at https://twitter.com/plone

Questions for the August Steering Circle?

Posted by PLONE.ORG on August 11, 2021 11:55 AM

As described in the Foundation's July 2020 discussion of Plone governance, a series of Steering Circle meetings is being held to discuss our organizational structure and processes, and any hot topics of the moment. This is part of the Foundation's initiative to solicit ideas for changes that will better serve the needs of our community, our projects, and our teams. The meetings will be held every two months, and the next one will be August 17th at 2:00 PM UTC. Each Plone team will send one or two representatives, including the Zope, Volto, RestAPI and Guillotina teams.

The Steering Circle meetings will include a discussion of questions from community members. Please use this form to submit any questions you have and we will put them on the agenda.

Thank you for being an awesome community and for helping to move Plone forward into its third decade!

Plone 5.2.5 Released!

Posted by PLONE.ORG on August 06, 2021 07:10 PM

General notes

Plone 5.2.5 is a bug fix release of Plone 5.2. The release Manager for this version is Maurits van Rees.

Note: this is a fresh release. Installers are not ready yet but will be made available.

Experienced users can update their buildout config by pointing to https://dist.plone.org/release/5.2.5/versions.cfg.

For the Plone 5.2 upgrade guide, see https://docs.plone.org/manage/upgrading/

See https://plone.org/download/release-schedule for the planned release schedule.

Plone 5.2.5

Plone 5.2.5 is a release of Plone 5.2.

Download Plone 5.2.5

Experienced users can update their buildout config by pointing to https://dist.plone.org/release/5.2.4/versions.cfg.

Useful links:

Some highlights of this release are:

  • Security fixes in AccessControl and Products.isurlinportal.
  • Security fixes from Products.PloneHotfix20210518 taken over in core.
  • Zope: 4.5.5 to 4.6.3
  • Products.CMFPlone: Add PLONE52MARKER Python marker.
  • plone.app.iterate: Add proper support for Dexterity folderish content.
  • plone.folder: restore webdav support.
  • plone.registry: Allow plone.schema.JSONField to be stored in registry (dictionary-like).
  • plone.namedfile: Cache stable image scales strongly.
  • plone.recipe.zope2instance: customize WSGI, profiling, python-env.
  • plone.restapi: JSONField, sub blocks, use_site_search_settings.
  • Lots of bugfixes, especially improving Python 3 compatibility.

For detailed changelog, go to https://plone.org/download/releases/5.2.5

Join Plone Chat, Now at Discord!

Posted by PLONE.ORG on August 05, 2021 03:13 PM

There are many ways to reach out to other Plone developers and users. The two most important platforms are the Community forum at https://community.plone.org/ and our chat platform, which has been moved from Gitter to Discord.

Online Chat at Discord

Discord is now the best way to chat with members of the friendly Plone community. There are various channels to choose from.

Join the Plone Discord.

Please remember that you will be chatting with volunteers. Read more about chat info.

Please do not use chat to ask for support. Support questions should be directed to either the volunteers in the Plone forum or commercial providers.

Guillotina and its contributors

Posted by PLONE.ORG on July 01, 2021 08:18 PM

Guillotina is a modern, asynchronous back end designed for building high-performance, horizontally scaling JavaScript applications.

Who are the Guillotina contributors?

First, let’s introduce our new contributors: Roger Boixader and Joan Antoni. They both work at Iskra which is a well-known company in the Plone community as they have been actively using and supporting Plone for years (for decades actually!).

Roger was kind enough to answer few questions about his involvement in Guillotina:

Q: As a developer, where are you coming from and what do you do? How much Python has been in your career until now?


Roger: My name is Roger Boixader Güell, I come from Berga, Barcelona, Catalunya and I am 28 years old. I studied computer engineering in Girona, Catalunya. I had never used Python before entering Iskra and for the first year I have mainly used JavaScript. My first steps with Python were with Django and then with Guillotina.


Q: Why is using Guillotina relevant in your technical context?

Roger: Because it is the main framework that we use in Iskra on the backend side.


Q: What is the thing you like the most in Guillotina?


Roger: The simplicity to create an application, with a few lines of code of Python or with a YAML file you can start a project easily
.

Q: What do you think should be improved in Guillotina?

Roger: Documentation and transactions.


Q: Have you been involved in an open source community before?

Roger: No, it's my first time.


Q: What would you expect from the Plone Community?

Roger: I think the Plone Community can help recruiting more Guillotina contributors, and the more contributors we have, the better Guillotina will get!

As we could expect, Guillotina attracts people who are not necessarily connected to the CMS world, but it is quite interesting to see Guillotina is considered as a valuable alternative to Django by young Python developers.

How is the core project managed?

The Guillotina project belongs to the Plone Foundation, just like the Plone project does, but it is obviously much younger and does not have (yet) all the Plone development and decision-making workflows.

So far, there is a periodic meeting every three weeks which allows us to discuss evolutions, important pull requests, and new use cases. Currently there are six participants in this meeting.

The repository is in the Plone Github organization.

When they join, Guillotina contributors do sign the Plone Contributor Agreement (as does any contributor to any Plone Foundation project), but they are not core contributors immediately (unlike Plone contributors). At the moment, there are three core contributors: Ramon Navarro Bosch, Nathan Van Gheem, and Jordi Massip. Their review and approval is needed to merge any pull request.

Apart from the core repository, Guillotina has a full ecosystem, managed in the Guillotinaweb GitHub organization; the most important elements are:

  • guillotina_elasticsearch
  • guillotina_gcloudstorage
  • guillotina_ldap
  • guillotina_react
  • guillotina_s3storage
  • guillotina_stripe
  • guillotina_volto

Each of these projects has an official manager (not necessarily a Guillotina core contributor).

Sprints

We organize a sprint in southern Europe every year when there is no global pandemic! We are also often involved in Volto sprints (and these happen usually in northern Europe, but also when there is no global pandemic).

You should join!

Security patch 20210518 version 1.5 released

Posted by PLONE.ORG on July 01, 2021 08:05 PM

This is a routine patch. There is no evidence that the issues fixed here are being used against any sites.

Version 1.5 of the hotfix is available from:

This version is a recommended upgrade for all users.

Zope users are advised to upgrade to Zope 4.6.1 or 5.2.1. If this is not possible, you can try this new version of the hotfix.

See the original 20210518 hotfix announcement

From the changelog:

1.5 (2021-06-28)

  • Fixed new XSS vulnerability in folder contents on Plone 5.0 and higher.
  • Added support for environment variable STRICT_TRAVERSE_CHECK.
    • Default value is 0, which means as strict as the code from version 1.4.
    • Value 1 is very strict, the same as the stricter code introduced in Zope 5.2.1 and now taken over in Zope 4.6.2. There are known issues in Plone with this, for example in the versions history view.
    • Value 2 means: try to be strict, but if this fails we show a warning and return the found object anyway. The idea would be to use this in development or production for a while, to see which code needs a fix.
  • Fix Remote Code Execution via traversal in expressions via string formatter. This is a variant of two earlier vulnerabilities in this hotfix. This was fixed in Zope 4.6.2, which takes over the already stricter code from Zope 5.2.1.

Note: we don't usually release another version almost six weeks after the original one, and three weeks after the previous version, and including a fix for a vulnerability which was only reported last week. However, this contains a fix for a close variant of one of the original vulnerabilities and needs a fix in the same code, so it seemed easiest for the security team and for Plone users who patch their sites to release a newer version.

Security patch 20210518 version 1.4 released

Posted by PLONE.ORG on June 14, 2021 04:11 PM

This is a routine patch. There is no evidence that the issues fixed here are being used against any sites.

Version 1.4 of the hotfix is available from:

This version is a recommended upgrade for all users.
Zope users are advised to upgrade to Zope 4.6.1 or 5.2.1. If this is not possible, you can try this new version of the hotfix.

See the original 20210518 hotfix announcement

From the changelog:

1.4 (2021-06-08)

  • Use safe html transform instead of escape for richtext diff. Otherwise the inline diff is not inline anymore.
    (Note: I forgot to add this to the changelog on PyPI/plone.org).
  • With PLONEHOTFIX20210518_NAMEDFILE_USE_DENYLIST=1 in the OS environment, use a denylist for determining which mimetypes can be displayed inline. By default we use an allowlist with the most used image types, plain text, and PDF. The denylist contains svg, javascript, and html, which have known cross site scripting possibilities.
  • By popular request, allow showing PDF files inline. Note: browser preference plays a part in what actually happens.
  • In untrusted path expressions with modules, check that each module is allowed. In the first version of the hotfix we disallowed modules that were available as a 'private' alias, for example random._itertools. But if random.itertools without underscore would have been available, it was still allowed, even though itertools has not been explicitly allowed. (itertools might be fine to allow, it is just an example.)