You are here: Home / An Alternative to Plone?

An Alternative to Plone?

Plone has been having a rash of severe, critical, security compromises to all versions the past seveal months, and even their hotfixes and newer releases have ended up regressing back into newer versions. The multiple exploits this year have been severe, and impacting all versions of Plone since at least 2.5.

I made the switch to Zope-Plone around 2004 (After a year of testing), with the 2.x version range. At 2.5 I made the switch for dozens of sites to Plone.

The number one problem for years has been the upgrade process rarely works properly for anything beyond the most basic websites. More recent releases have been incrementally getting better at upgrading older versions thankfully, but there is still a dearth of useful tools for complex and large migrations.

Plone has usually been pretty vulnerable to spambots and creation of bogus user accounts for spamming, but the most recent vulnerabilities have been much more serious, compromising admin-level functions and content.

After years os use, I am concerned that Plone and the Plone community making starting to go down the path of old Perl-based web content systems in the 90's, and php-based content systems in the early 2000's. I hope I am wrong about this, and only time will tell if they are able to stem the tide of security breaches.

Also, the community is starting to devolve. For years it was a very supportive, cordial, and helpful community in the IRC channels, email lists, and web forums. This has been degrading in recent years. Of course it is the vast minority that are so rude and unhelpful, but they can have a serious impact on a community due to their high levels of activism that drives others away. Hopefully this immature community members will be driven out by the more mature developers, but as Plone grows in popularity, it is entirely possible that the lowest common denominator of pesonality types will increasing infiltrate the ranks of the Plone development and user community.

Because of this recent rash of vulnerabilities and development gaffs, i began researching other CMS systems, especially trying to find Java-based (my preferred programming language). Unfortunately most of the systems seem to be php-based or are not very mature at all. I am still searching, and will post if I find anything that is comparaable to Zope-Plone's ease of setup, administration, use, flexibility, performance, and security (past history, not recent).

If you have a favorite CMS that you've implemented successfully and fits the above criteria (and is open source), please post a comment, I'd love to hear about suggestions and experiences from others.