Release notes for Plone 6.2.0

• Released: May 19th, 2026
• Check the release schedule.
• Read the upgrade guide, explaining the biggest changes compared to 6.1.
• Canonical place for these release notes and the full packages changelog.

If you want to jump straight in, here are some important links:

• With pip you can use the constraints file at https://dist.plone.org/release/6.2.0/constraints.txt. This includes the extra and ecosystem constraints, which are separate in the Buildout configs.
• With Buildout you can use the versions file at https://dist.plone.org/release/6.2.0/versions.cfg, plus optionally versions-extra.cfg and versions-ecosystem.cfg.
• Use Docker image plone-backend.

Highlights

These are the main changes compared to 6.2.0rc2:

• Products.DateRecurringIndex:
  • Replace pkg_resources namespace with PEP 420 native namespace. This was done earlier, but never made it into a release.
  • Implement IDateRangeIndex to exclude DateRecurringIndex by indexes with value in the keys of the catalog plan.
• Mostly just making final releases of individual packages, with no changes compared to their earlier alpha/beta/rc releases. Or only internal changes.

These are the main changes compared to 6.1:

• We have switched to native namespaces (also known as implicit namespaces) for plone.*, Products.*, collective.* and all other namespaces.
• We use Zope 6.0b2, pinning versions with native namespaces.
• We have updated zc.buildout to version 5, and in the requirements.txt we have added horse-with-no-namespace.
  That helps avoid problems when not all packages in a namespace are using the same namespace style.
  See also below, in the section about "pip, buildout, setuptools".
• lxml: updated from 5.4.0 to 6.0.2.
  This parses html slightly differently. The update caused problems in diazo, which have been fixed.
  On Classic UI you should check if your theme still renders correctly. Most sites are expected to be fine though.
• icalendar has various breaking changes, but that should only affect you if you directly interact with that package.
• plone.base:
  • Add boolean utils: is_truthy (improved), is_falsy and boolean_value.
  • Add plone.base.interfaces.IAddonList.
  • Add munge_search_term, BAD_CHARS, and MULTISPACE as canonical location in plone.base.utils.
    Fix multi-word search so all word parts get wildcard prefix matching, not just the last one.
• plone.exportimport: Add @export and @import REST API services.
• plone.registry: Add per-request cache for registry value and forInterface proxy lookups, avoiding repeated OOBTree traversals within a single request.
• plone.restapi:
  • @aliases service: Add support for filtering aliases for a non-root item.
  • Services which take boolean parameters now check the input more strictly, using the boolean_value util.
  • The @controlpanel service now includes searchable_text for each control panel.
  • Added support for sorting vocabularies by title before batching for the @vocabularies endpoint.
  • Add CSV import and export support to the @users endpoint.
  • Add support for plate block from @kitconcept/volto-plate (text indexer, resolveuid transforms, link integrity).
• Products.CMFPlone:
  • MigrationTool: Prepare support for custom base profiles without subclassing.
    Make AddonList a named utility and register ours under the name Products.CMFPlone.
    The utility must have an addon_list property and optionally may have a pre_addon_list, which gets upgraded before the base profile upgrade.
    Add MigrationTool.get_profile method, returning the base profile id that was set, by default Products.CMFPlone:plone.
    Add MigrationTool.get_package_name method, taking the package name from the profile, so by default Products.CMFPlone.
    In MigrationTool.coreVersions return core_package and core_version. If core_package is not Products.CMFPlone, show this version in the overview control panel.
  • Resource registry: Allow to use * dependencies.
    Earlier we added the all keyword for the depends attribute of resource registry entries to define a resource which should be loaded after all others.
    In Plone 5 we had the * keyword for exactly that.
    This brings now back * in addition to all for the same purpose.
    This might also allow for a smoother upgrade experience.
• Products.isurlinportal: Prevent URLs that start with more than two slashes to be considered as URLs in portal.
  See security advisory.
• Products.PluggableAuthService: Add property to clear session data at login boundary to the session auth helper. This property defaults to False to preserve the current behavior. Clearing session data during login helps mitigate session fixation attacks: Session fixation | OWASP Foundation

Thanks!

A big thank you to everyone who worked on Plone 6.2. Looking through all the changelogs, I found dozens of excellent people who have graciously put in their time, effort, and skills. We could mention you by name, but then we would miss the people who contributed outside of the pure code that we ship, for example people who work on documentation, marketing, system administration, etc.

Thank you all very much!

Volto frontend

The default frontend for new Plone 6 sites is Volto.
Note that this is a JavaScript frontend that you need to run in a separate process with NodeJS.

Plone 6.2 is meant to be used with Volto 19.
Latest release is 19.0.0. See the changelog. This is an alpha release, but it is ready to be made final. Volto is just waiting for the Plone 6.2 final release.

Please have a look at the upgrade guide for migration from Volto 18 to 19.

Key New Features in Volto 19

• Support for Subpath Domains (PLIP plone/volto#4290)
• Restore Unsaved Changes (PLIP plone/volto#4168)
• Improved Image Upload Widget (PLIP plone/volto#4268)

General UI / Editor Improvements

• Cross-language support in the Blocks chooser search, improving block discovery on multilingual sites.
• Drag-and-drop file uploads directly into folder contents.
• New widgets: Size/Width/BlockAlignment
• Single-selection mode added to the SelectAutoComplete widget.

Developer Tooling

• @plone/components library is now core, thus, it is allowed to be used in core
• Migration from Jest to Vitest as the default unit testing framework.
• Continued refactoring of core components towards modern React patterns (hooks and TypeScript).
• Internationalization and Accessibility
• Internationalised help text for selected fields (for example, Group Name).
• Improved screen-reader labels and more accessible button text across the UI.
• Improved toolbar accessibility and fixed several editor crashes.

Breaking Changes and Important Upgrades

• Jest is no longer supported and removed from core
• The default language is now loaded from the backend API instead of being controlled via environment variables.
• Build tooling was forked (@plone/razzle and related Babel presets) to maintain long-term compatibility after upstream changes.
• Several widgets (such as AlignWidget and ButtonsWidget) were moved to @plone/components, which may require styling adjustments in custom projects.
• Updates to the Node.js toolchain, including dropping Node 20 support and now uses pnpm 10 with catalog support.
• Image handling changes require add-ons to use the Volto Image component instead of raw tags.
• Related items (showRelatedItems) are now enabled by default.

Bug Fixes and Quality Improvements

• Many miscellaneous bugfixes
• Multiple fixes to drag-and-drop interactions and folder contents behavior.
• Resolved login, redirect, and multilingual navigation issues.
• Increased stability of Cypress and other automated tests.
• Fixes related to server-side rendering hydration, image uploads, and schema handling.

Volto related changes in the Python backend since 6.1:

• plone.volto:
  • Add larger scales to plone.allowed_sizes for new sites. This helps avoid the need to serve the original image which can be very large.
    2k is large enough for a default-width image on a high-density display.
    4k is large enough for a full-width images on high-density viewports up to 2000 pixels wide.
  • Add /@blocktypes endpoint to expose block_types index.
  • Added a block_types metadata column to the catalog to include a count for each type.

Classic UI

The HTML based and server side rendered UI that was present in Plone 5.2 and earlier major Plone releases is still available and has also been updated and improved upon in Plone 6. Our documentation now refers to this frontend as 'Classic UI'.

Classic UI related changes since 6.1:

• Some templates are being moved to plone.app.layout, this is ongoing. Progress so far:
  • Moved lock info viewlet from plone.locking.
  • Modify plone.protect.confirm to use a simpler template that does not assume Classic UI is installed.
    The previous template was moved to plone.app.layout.
• plone.base:
  • IClassicUISchema: Add new control panel.
  • Add "license key" field to TinyMCE schema.
• plone.app.layout:
  • Add default GenericSetup profile with IPloneAppLayout BrowserLayer.
  • Add the new property is_ajax to the Plone layout view.
    This returns True, if an AJAX request is detected. This is done by checking if the HTTP_X_REQUESTED_WITH request header is set to XMLHttpRequest.
    plone.app.theming has related changes.
    Note: this is an unreliable way to detect AJAX requests. While many client-side
    libraries (like jQuery) add this request header automatically, the Fetch API
    does not. When using fetch, it is recommended to wrap it with a helper function
    that adds this header to each request.
• plone.app.z3cform:
  • Remove EmailWidget template and use generic attributes instead.
  • Implement URI widget for type="url" inputs.
• plone.classicui: Install the plone.app.layout default profile when creating a site using the classic distribution.
• plone.staticresources: Update mockup from 5.4 to 5.6.4 with TinyMCE 8. See also mockup 5.6.4 changelog and earlier.
  This is a substantial Classic UI modernization release with focused follow-up stabilization:
  • TinyMCE was upgraded to version 8, including support for reading license_key from the Plone control panel.
  • pat-contentbrowser was modernized internally (Svelte 5 migration), with follow-up fixes for batching, level filtering, selected items behavior, and upload interactions.
  • pat-structure and related table handling were aligned with newer DataTables behavior, including fixes for initial sorting, column width handling, and ordering logic.
  • Navigation and toolbar behavior were improved, including enhanced pat-navigationmarker capabilities and better toolbar scrolling behavior for constrained viewport heights.
  • Accessibility and keyboard handling were improved in modal and recurrence interactions, including better focus trapping and semantically correct button-based controls.
  • Several legacy jQuery-dependent paths were removed or reduced in favor of modernized pattern implementations.
    After the larger feature jump in 5.6.0, the 5.6.1-5.6.4 updates primarily deliver bug fixes, UX polishing, and dependency maintenance for production readiness in Plone 6.2.

Python compatibility

This release supports Python 3.10, 3.11, 3.12, 3.13, and 3.14.

pip, buildout, setuptools

In Plone core we use these versions to install Plone:

horse-with-no-namespace==20260202.0
pip==26.1.1
setuptools==81.0.0
wheel==0.47.0
zc.buildout==5.2.0

In general you are free to use whatever versions work for you, but these worked for us.

setuptools 82.0.0 was released, which removed the pkg_resources module.
So if you want to use this setuptools version, none of the packages that you use should use pkg_resources style namespaces.
If that is no problem, then setuptools 82 is fine if you use pip, but not if you use zc.buildout.
The reason is that zc.buildout still uses pkg_resources code (not its namespaces, but other parts).

On setuptools 81 and older, problems start when you have multiple packages in the same namespace, that use different namespace implementations.
Then on startup of Plone you may get an error saying "Package not found".
This depends on what you use to install the packages.
In the following examples, we have two packages in the same namespace, say ns.native (using native namespaces) and ns.deprecated (using pkg_resources style).

• Make editable installs of both packages (pip install -e or in buildout, develop =):

  • This works neither in pip nor in buildout.
  • You can install the horse-with-no-namespace package to get this working.

• Make a normal install of both packages:

  • This works fine in pip.
  • This fails in buildout 4.x.
  • This works fine in buildout 5.x.

• Make a normal install of one package and an editable install of the other:

  • This works fine in pip.
  • This fails in buildout 4.x.
  • This fails in buildout 5.x as well. But again, you can use horse-with-no-namespace to get this working.

For more explanation, see the zc.buildout 5 readme, the part about
"native namespaces and breaking changes in 5.x". This is also good to read if you use pip instead of Buildout.

Installation

For installation instructions, see the documentation.

Plone 6.1

With the release of Plone 6.2, Plone 6.1 is out of maintenance support. You are encouraged to upgrade.
We will still do a last Plone 6.1.5 release to wrap things up. This is expected this month (May 2026).

All Plone 6 minor versions (6.0, 6.1, 6.2) get security support until 2027-12-31, 5 years after Plone 6.0.0 was released.
If Plone 7 is not out by that time, security support will be extended.

Issues

If you find any issues, please report them in the main issue tracker.

A more end-user friendly news item (as opposed to these technical release notes) will appear later on plone.org, with some screen shots.

(post deleted by author)