Plone is a free and open source content management system (CMS) built on top of the Zope application server. Plone is positioned as an enterprise CMS and is commonly used for intranets and as part of the web presence of large organizations. High-profile public sector users include the U.S. Federal Bureau of Investigation, Brazilian Government, United Nations, City of Bern (Switzerland), New South Wales Government (Australia), and European Environment Agency. Plone's proponents cite its security track record and its accessibility as reasons to choose Plone. Plone has a long tradition of development happening in so-called "sprints", in-person meetings of developers over the course of several days, the first having been held in 2003 and nine taking place in 2014. The largest sprint of the year is the sprint immediately following the annual conference. Certain other sprints are considered strategic so are funded directly by the Plone Foundation, although very few attendees are sponsored directly. The Plone Foundation also holds and enforces all copyrights and trademarks in Plone, and is assisted by legal counsel from the Software Freedom Law Center.
The Plone project began in 1999 by Alexander Limi, Alan Runyan, and Vidar Andersen. It was made as a usability layer on top of the Zope Content Management Framework. The first version was released in 2001. The project quickly grew into a community, receiving plenty of new add-on products from its users. The increase in community led to the creation of the annual Plone conference in 2003, which is still running today. In addition, "sprints" are held, where groups of developers meet to work on Plone, ranging from a couple of days to a week. In March 2004, Plone 2.0 was released. This release brought more customizable features to Plone, and enhanced the add-on functions. In May 2004, the Plone Foundation was created for the development, marketing, and protection of Plone. The Foundation has ownership rights over the Plone codebase, trademarks, and domain names. Even though the foundation was set up to protect ownership rights, Plone remains open source. On March 12, 2007, Plone 3 was released. This new release brought inline editing, an upgraded visual editor, and strengthened security, among many other enhancements. Plone 4 was released in September 2010. There are over 450 developers contributing to Plone's code. Plone won two Packt Open Source CMS Awards.
|Version||Release date||Development time (days)||Notes and significant changes|
|0.1||October 4, 2001||Initial public release|
|1.0||February 6, 2003||490||First stable release|
|2.0||March 23, 2004||411|
|2.1||September 6, 2005||532|
|2.5||September 19, 2006||378|
|3.0||August 21, 2007||336|
|3.1||May 2, 2008||255|
|3.2||February 7, 2009||281|
|3.3||August 19, 2009||193|
|4.0||September 1, 2010||378||Infrastructure improvements increasing performance and reducing resource use, new base theme, more efficient blob storage, overlays, fit and polish.|
|4.1||August 8, 2011||341||Configuration registry, improved commenting system, more versatile caching, more detailed security roles.|
|4.2||July 5, 2012||332||Diazo theming system, HTML5, Python 2.7, improved collections, improved search.|
|4.3||April 13, 2013||282||Dexterity Content Type development system, Kupu removal, KSS removed, Password API, Improved Syndication, NewsML, TTW Theme Editor|
|5.0||September 28, 2015||898||Simpler, faster Dexterity as the new default content type framework. Theming is made easier with Diazo. The Chameleon rendering engine improves response times by 15 to 30 percent. A modern series of form widgets have been created with usability and accessibility in mind.|
|5.1||May 1, 2018||946||see release notes https://plone.org/download/releases/5.1|
|5.2||July 19, 2019||444||Python 3 support, Inclusion of plone.restapi and more (see release notes https://plone.org/download/releases/5.2)|
The name Plone comes from a band by that name and "Plone should look and feel like the band sounds".
The community supports and distributes thousands of add-ons via company websites but mostly through PYPI and www.plone.org. There are currently 2149 packages available via PyPI for customizing Plone.
Since its release, many of Plone's updates and add-ons have come from its community. Events called Plone "sprints" consist of members of the community coming together for a week and helping improve Plone. The Plone conference is also attended and supported by the members of the Plone community. In addition, Plone has an active IRC channel to give support to users who have questions or concerns. Up through 2007, there have been over one million downloads of Plone. Plone's development team has also been ranked in the top 2% of the largest open source communities.
A 2007 comparison of CMSes rated Plone highly in a number of categories (standards conformance, access control, internationalization, aggregation, user-generated content, micro-applications, active user groups and value). However, as most of the major CMSes, including Plone, Drupal, WordPress and Joomla, have undergone major development since then, only limited value can be drawn from this comparison. Plone is available on many different operating systems, due to its use of platform-independent underlying technologies such as Python and Zope. Plone's Web-based administrative interface is optimized for standards, allowing it to work with most common web browsers, and uses additional accessibility standards to help users who have disabilities. All of Plone's features are customizable, and free add-ons are available from the Plone website.
Mitre is a not-for-profit corporation which hosts the Common Vulnerabilities and Exposures (CVE) Database. The CVE database provides a worldwide reporting mechanism for developers and the industry and is a source feed into the U.S. National Vulnerability Database (NVD). According to Mitre, Plone has the lowest number of reported lifetime and year to date vulnerabilities when compared to other popular Content Management Systems. This security record has led to widespread adoption of Plone by government and non-governmental organizations, including the FBI.
The following table compares the number of CVEs as reported by Mitre. Logged CVEs take into account vulnerabilities exposed in the core product as well as the modules of the software, of which, the included modules may be provided by 3rd party vendors and not the primary software provider.