Close this search box.

New Plumi 4.0 beta & Plumi 3.1.2 final security release

We are very pleased to announce the release of a beta version of Plumi, our free software video-sharing application, based on the new Plone 4. This is a major step forward for the Plumi project, which includes all the improvements available inside Plone 4. Plone 4 is faster and easier to use than ever, you can read all about it here. The beta also includes a simplified installation process, updating of components including taxonomy and tagging, and improvements to the underlying code architecture. From the Plumi blog:

This beta release is primarily focused on rebasing Plumi on Plone 4, in addition to other improvements and re-factoring of Plumi including new production and development buildouts located inside the egg, updating the caching system, cleanup of installation code and moving parts to GenericSetup, replacing older products with newer and better-maintained products or removing dependencies and other improvements. FFmpeg and codecs required by the transcoding framework are also now included in the buildout which means a simpler installation process

The package can be found on PyPI here.

It is available here on

Changes include:

  • remove and replace deprecated code and rebase on Plone 4 [clopy]
  • deprecate plumi.buildout which was not a proper egg. Now the buildout lives inside [dimo]
  • new production and devel buildout based on Martin Aspeli’s uber buildout [dimo]
  • use varnish instead of squid [dimo]
  • use haproxy instead of pound [dimo]
  • move install code to & cleanup [dimo]
  • move parts of the install code to GenericSetup [clopy]
  • use qi.portlet.TagCloud instead of Vaporisation [dimo,clopy]
  • remove dependency on plonebookmarklets [dimo,clopy]
  • remove dependency on ATCountryWidget [dimo]
  • build ffmpeg and qt-faststart using buildout [dimo]
  • Remove ability for ordinary users to change video view [clopy]

A full list of tickets closed for this release can be found on the Plumi development tracker.

We also released Plumi 3.1.2 as an important security update for previous versions of Plumi based on Plone 3.

From the Plumi blog:

A new 3.1.2 Plumi package has been released including an important security patch addressing an XSS vulnerability. Please update your Plumi 3.x sites immediately.

You can download a tar.gz of the package here.

This vulnerability was discovered by Andy Nicholson of Infinite Recursion. Thanks Andy!

November was a busy month for Plumi, also including the Plone Conference and Plone Video Sprint. We are looking forward to another busy period over December and January, with new features such as p2p video sharing and video analytics on the horizon. Plumi is currently developed by Unweb in conjunction with EngageMedia.