Plone (software)

Plone is a free and open source content management system (CMS) built on top of the Zope application server. Plone is positioned as an enterprise CMS and is commonly used for intranets and as part of the web presence of large organizations. High-profile public sector users include the U.S. Federal Bureau of Investigation, Brazilian Government, United Nations, City of Bern (Switzerland), New South Wales Government (Australia), and European Environment Agency. Plone's proponents cite its security track record and its accessibility as reasons to choose Plone.

Plone has a long tradition of development happening in so-called "sprints", in-person meetings of developers over the course of several days, the first having been held in 2003 and nine taking place in 2014. The largest sprint of the year is the sprint immediately following the annual conference. Certain other sprints are considered strategic so are funded directly by the Plone Foundation, although very few attendees are sponsored directly. The Plone Foundation also holds and enforces all copyrights and trademarks in Plone, and is assisted by legal counsel from the Software Freedom Law Center.

History
The Plone project began in 1999 by Alexander Limi, Alan Runyan, and Vidar Andersen. It was made as a usability layer on top of the Zope Content Management Framework. The first version was released in 2001. The project quickly grew into a community, receiving plenty of new add-on products from its users. The increase in community led to the creation of the annual Plone conference in 2003, which is still running today. In addition, "sprints" are held, where groups of developers meet to work on Plone, ranging from a couple of days to a week. In March 2004, Plone 2.0 was released. This release brought more customizable features to Plone, and enhanced the add-on functions. In May 2004, the Plone Foundation was created for the development, marketing, and protection of Plone. The Foundation has ownership rights over the Plone codebase, trademarks, and domain names. Even though the foundation was set up to protect ownership rights, Plone remains open source. On March 12, 2007, Plone 3 was released. This new release brought inline editing, an upgraded visual editor, and strengthened security, among many other enhancements. Plone 4 was released in September 2010. There are over 450 developers contributing to Plone's code. Plone won two Packt Open Source CMS Awards.

Design
Plone runs on the Zope application server, which is written in Python. Plone by default stores all information in Zope's built-in transactional object database (ZODB). It comes with installers for Windows, macOS, and Linux, along with other operating systems. New updates are released regularly on Plone's website. Plone is available in over 50 languages. It complies with WCAG 2.0 AA and U.S. section 508,   which allows people with disabilities to access and use Plone. A major part of Plone is its use of skins and themes. Plone's Diazo theming engine can be used to customize a website's look. These themes are written with JavaScript, HTML, XSLT, and Cascading Style Sheets. In addition, Plone comes with a user management system called Pluggable Authentication Service (PAS). PAS is used to search for users and groups in Plone. Most importantly, PAS covers the security involved for users and groups, requiring authentication in order to log into Plone. This gives users an increase in both security and organization with their content. A large part of Plone's changes have come from its community. Since Plone is open source, the members of the Plone community regularly make alterations or add-ons to Plone's interface, and make these changes available to the rest of the community via Plone's website.

The name Plone comes from a band by that name and "Plone should look and feel like the band sounds".

Languages
Plone is built on the Zope application framework and therefore is primarily written in Python but also contains large amounts of HTML and CSS, as well as JavaScript. Plone uses jQuery as its Javascript framework in current versions, after abandoning a declarative framework for progressive enhancement called KSS. Plone uses an XML dialect called ZCML for configuration, as well as an XML based templating language, meaning approximately 10% of the total source code is XML based.

Add-on products
The community supports and distributes thousands of add-ons via company websites but mostly through PYPI and www.plone.org. There are currently 2149 packages available via PyPI for customizing Plone.

Since its release, many of Plone's updates and add-ons have come from its community. Events called Plone "sprints" consist of members of the community coming together for a week and helping improve Plone. The Plone conference is also attended and supported by the members of the Plone community. In addition, Plone has an active IRC channel to give support to users who have questions or concerns. Up through 2007, there have been over one million downloads of Plone. Plone's development team has also been ranked in the top 2% of the largest open source communities.

Strengths and weaknesses
A 2007 comparison of CMSes rated Plone highly in a number of categories (standards conformance, access control, internationalization, aggregation, user-generated content, micro-applications, active user groups and value). However, as most of the major CMSes, including Plone, Drupal, WordPress and Joomla, have undergone major development since then, only limited value can be drawn from this comparison. Plone is available on many different operating systems, due to its use of platform-independent underlying technologies such as Python and Zope. Plone's Web-based administrative interface is optimized for standards, allowing it to work with most common web browsers, and uses additional accessibility standards to help users who have disabilities. All of Plone's features are customizable, and free add-ons are available from the Plone website.

Focus on security
Mitre is a not-for-profit corporation which hosts the Common Vulnerabilities and Exposures (CVE) Database. The CVE database provides a worldwide reporting mechanism for developers and the industry and is a source feed into the U.S. National Vulnerability Database (NVD). According to Mitre, Plone has the lowest number of reported lifetime and year to date vulnerabilities when compared to other popular Content Management Systems. This security record has led to widespread adoption of Plone by government and non-governmental organizations, including the FBI.

The following table compares the number of CVEs as reported by Mitre. Logged CVEs take into account vulnerabilities exposed in the core product as well as the modules of the software, of which, the included modules may be provided by 3rd party vendors and not the primary software provider.