Subscribe: drupal.org
http://drupal.org/rss.xml
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
association  board  community  composer  content  drupal association  drupal org  drupal  new  org  project  release  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: drupal.org

Drupal.org



Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.



 



Meet the Drupal Association At-Large Board Member Candidates

Fri, 24 Feb 2017 21:59:10 +0000

Did you know you have a say in who is on the Drupal Association Board? Each year, the Drupal community votes in a member who serves two years on the board. It’s your chance to decide which community voice you want to represent you in discussions that set the strategic direction for the Drupal Association. Go here for more details.

Voting takes place from March 6 - March 18. Anyone who has a Drupal.org profile page and has logged in to their account in the last year is eligible to vote. This year, there are many candidates from around the world. Now it’s time for you to meet them.

Meet the candidates

We just concluded the phase where 13 candidates nominated themselves for the board seat. From now through March 4, 2017 we encourage you to check out each person’s candidate profile, where they explain which board discussion topics they are most passionate about and what perspectives they will bring to the board.

This year, we asked candidates to include a short video - a statement of candidacy - that summarizes why you should vote for them. Be sure to check them out. Videos are found in the candidate’s profile as well as here:

(image)

What To Consider

When reviewing the candidates, it is helpful to know what the board is focusing on over the next year or two, so you can decide who can best represent you.

Here are the key topics the board will focus on.

  • Strengthening Drupal Association’s sustainability. The board discusses how the Association can improve its financial health while expanding its mission work.

  • Understanding what the Project needs to move forward and determine how the Association can help meet those needs through Drupal.org and DrupalCon.

  • Growing Drupal adoption through our own channels and partner channels.

  • Developing the strategic direction for DrupalCon and Drupal.org.

There are certain duties that a candidate must be able to perform as a board member. The three legal obligations are duty of care, duty of loyalty, and duty of obedience. In addition to these legal obligations, there is a lot of practical work that the board undertakes. These generally fall under the fiduciary responsibilities and include:

  • Overseeing Financial Performance

  • Setting Strategy

  • Setting and Reviewing Legal Policies

  • Fundraising

  • Managing the Executive Director

Hopefully providing this context gives you a helpful way to assess the candidates as you decide how to vote from March 6 - March 18.

We encourage you to ask the candidates questions. Use comments to leave a question on their candidate profile page.




Doing our part for the community

Thu, 23 Feb 2017 17:25:00 +0000

The Drupal Association Engineering Team delivers value to all who are using, building, and developing Drupal. The team is tasked with keeping Drupal.org and all of the 20 subsites and services up and running. Their work would not be possible without the community and the project would not thrive without close collaboration. This is why we are running a membership campaign all about the engineering team. These are a few of the recent projects where engineering team + community = win! Want to hear more about the work of the team, rather than read about it? Check out this video from 11:15-22:00 where Tim Lehnen (@hestenet) talks about the team's recent and current work. Leading the Documentation System migration We now have a new system for Documentation. These are guides Drupal developers and users need to effectively build and use Drupal. The new system replaces the book outline structure with a guides system, where a collection of pages with their own menu are maintained by the people who volunteer to keep the guides updated, focused, and relevant. Three years of work from the engineering team and community collaborators paid off. Content strategy, design, user research, implementation, usability testing and migration have brought this project to life. Pages include code 'call-outs' for point-version specific information or warnings. Thanks to the collaborators: 46 have signed up to be guide maintainers, the Documentation Working Group members (batigolix, LeeHunter, ifrik, eojthebrave), to tvn, and the many community members who write the docs! Enabling Drupal contribution everywhere Helping contributors is what we do best. Here are some recent highlights from the work we're doing to help the community: Users now have better profiles to make into Drupal résumés. Months of content strategy work resulted in a better communication plan, including improved user experience for newly registered users. Organization pages have expanded in scope to encourage more participants than just Drupal service providers. The organization list, new layout making case studies and contributions stand out, and a more robust contribution credit system are all helping to bring more contributors to the Drupal ecosystem. We're expanding the contribution credit system to include more types of contribution, and we'll keep working on improving the system with check-ins every 6 months. Our project to help contributors currently in development is revamping the project applications process. More on this soon on our blog. When a community need doesn't match our roadmap We have a process for prioritizing community initiatives so we can still help contributors. Thanks to volunteers who have proposed and helped work on initiatives recently, we've supported the launch of the Drupal 8 User guide and the ongoing effort to bring Dreditor features into Drupal.org itself.   Thanks to the collaborators: jhodgdon, eojthebrave, and the contributors to the user guide. Thanks also to markcarver for the Dreditor effort. How to stay informed and support our work. The change list and the Drupal.org roadmap help you to see what the board and staff have prioritized out of the many needs of the community. You can help sustain the work of the Drupal Association by joining as a member. Thank you![...]



Drupal Association membership campaign: February 20 to March 8

Fri, 17 Feb 2017 18:51:30 +0000

(image) Drupal.org is home of the Drupal project and the Drupal community. It has been continuously operating since 2001. The Engineering Team— along with amazing community webmasters— keeps Drupal.org alive and well. As we launch the first membership campaign of 2017, our story is all about this small and productive team.

Join us as we celebrate all that the engineering team has accomplished. From helping grow Drupal adoption, to enabling contribution; improving infrastructure to making development faster. The team does a lot of good for the community, the project, and Drupal.org.

Check out some of their accomplishments and if you aren't yet a Drupal Association member, join us! Help us continue the work needed to make Drupal.org better, every day.

Share these stories with others - now until our membership drive ends on March 8.

(image) Share

(image) Tweet

(image) Share

Thank you for supporting our work!




Drupal.org Industry Pages Are Live!

Tue, 14 Feb 2017 23:30:09 +0000

We are excited to announce that the first three industry pages are now live on Drupal.org, highlighting the power of Drupal solutions in higher education, government and media/publishing. The pages are designed to quickly inform and inspire technical evaluators and connect them to service providers and technology vendors who can help them move further through their Drupal adoption journey. The Drupal Association is incredibly proud to showcase the Drupal community’s innovation, creativity, and ability to solve end users’ challenging problems. More importantly, these pages are a resource that Drupal businesses can point to as they convince potential clients that Drupal is the right choice for them. We know this is a needed resource not only because Drupal agencies have asked for this, but because our user research was resoundingly positive. One government digital director said “I wish this was around when I was pitching my state CIO on Drupal”. This launch is the first phase for this initiative. We will learn and iterate to keep improving the pages and we will expand the industries to include pages like healthcare, finance, ecommerce, and more. The Research We Used Building the industry pages was a community effort. Drupal Association staff framed the concept and then reached out to end-users of Drupal in these industries, service providers who've built solutions for these markets, and the community at large. We listened to all of you who shared your thoughts in the original blog post about this initiative. We conducted user research, interviewing decision makers and influencers at end user organizations to make sure the pages resonated strongly with them. We talked to organizations like Weather.com, Burda Media, State of North Carolina, Georgia Technology Authority, Duke University, Cornell University - and more! We also talked to people at agencies who pitch Drupal solutions all day long such as Acquia, Ashday, Blackmesh, Digital Echidna, FFW, Forum One, ImageX Media, Kwall, Lingotek, Lullabot, Palantir.net, Pantheon, and Phase2. We will continue to take feedback from our global community. Our goal is to keep iterating on these industry pages as we learn more. About The Pages The industry pages are part of the About Drupal section and they are promoted from the Drupal.org front page. The homepage of Drupal.org receives about 350,000 visits a month, and about 50% of those visitors are new to Drupal.org The front page is primarily technical evaluators coming to learn more about Drupal and we see this as they click on our evaluator resources like About Drupal, TryDrupal, and Case Studies. Based on user research, we know that before someone comes to the industry pages, they likely know that Drupal is an open source community-built CMS and their organization is leaning towards an open source solution. However, we did make sure the pages do not assume the visitor already knows what Drupal is, because some will find the page through search. Another key feature is geo-targeting. Currently, we serve localized content for the Americas, EMEA, and AP/Australia/New Zealand regions. This allows us to showcase case studies that will resonate to visitors based on their location. For example, on the Americas page, we highlight the Department of Energy - a U.S federal agency. In EMEA, we highlight City of London - a UK city, and in AP/Australia/New Zealand we highlight the State Revenue Office of Victoria, Australia - a federal agency.  We took this approach because business owners at digital agencies from each region said that having localized brand names and case studies helps them convince their potential clients that Drupal is a viable option for them. The Story We Are Telling The story that the pages tell to visitors is: Drupal is the open source CMS of choice for this industry. Just look at the strong adoption rate, industry brand names, and their success stories. Build amazing Drupal solutions to solve problems related to your industry. [...]



What's new on Drupal.org? - January 2017

Tue, 14 Feb 2017 16:42:33 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. Drupal.org updates Recognizing more types of contribution in the Drupal.org Marketplace We were very pleased to announce an expansion of the issue credit system into a broader contribution credit system which recognizes more than just code contributions for the purposes of ranking organizations in the marketplace. We now calculate the following 4 types of contribution into overall contribution credit: Issue credits — helping build the Drupal software happens in the issue queues. Issue credits remain the primary factor in ranking, and continue to be shown prominently. Issue credits on more widely used projects, like Drupal Core, will also receive greater weight in the ranking. Learn how to help in the issue queue Drupal 8 case studies — success stories show how Drupal is used across industries and the world, helping effectively introduce Drupal to more people. Learn how to write a case study Drupal Association Supporter Programs and Organization Membership — our partners and members help us build and maintain Drupal.org. Learn about supporter programs and organization membership Projects supported — the work to maintain a project sometimes happens outside of issues. Project maintainers can credit organizations which help provide time and sponsorship. Learn more about crediting project contributions User research for the upcoming industry pages In a previous blog post on Drupal.org, we talked about our increasing focus on the adoption journey and our plans to create industry specific landing pages on Drupal.org. In January we did extensive user research with people in media and publishing, higher education, and government, which will be the first industries we promote. We're hoping to launch these pages very soon, so keep an eye on the home page. Preparing for community elections for the Drupal Association board The elections process for the community seats on the Drupal Association board kicks off with self-nominations in February each year. This means that we dedicated some time in January to making small refinements and improvements to the nomination process. In particular we've added more in-context educational materials about the board to the self-nomination form, including a video by executive director Megan Sanicki. We've also refined our candidate questions to help candidates express their unique qualifications. If you're interested in bringing your perspective to the Drupal Association board, please nominate yourself. Membership history messaging To make it easier for members to understand their membership history, we've added new messaging to the membership join and renew pages. Users who go to join or renew their Drupal Association membership will now see a message indicating their current membership expiration date, their last contribution amount, a link to contribute again, and their auto-renewal status. Migration of Drupal Association content to Drupal.org In January we also migrated the majority of content from assoc.drupal.org to a new section on Drupal.org itself. This effort is part of our larger content restructure initiative. By moving Drupal Association content into Drupal.org we hope to increase discoverability of information about the DA, and create a tighter integration between Drupal Association news and the front-page news feed. DrupalCI Checkstyle results now available on the DrupalCI dispatcher Thanks to community member mile23, DrupalCI now supports automated code style testing. To see checkstyle results for any test on Drupal.org, click on the test result bubble and then click the 'view results' link to view the detailed test results on DrupalCI's jenkins dispatcher. We're still gathering input and feedback for this initial release of the checkstyle feature, as we decide how to integrate the checkstyle results more [...]



2017 Community Board Election Begins 1 February

Fri, 27 Jan 2017 20:11:57 +0000

Now that Drupal 8 is a year old, it is an exciting time to be on the Drupal Association Board. With Drupal always evolving, the Association must evolve with it so we can continue providing the right kind of support. And, it is the Drupal Association Board who develops the Association’s strategic direction by engaging in discussions around a number of strategic topics throughout their term. As a community member, you can be part of this important process by becoming an At-large Board Member. We have two At-large positions on the Association Board of Directors. These positions are self-nominated and then elected by the community. Simply put, the At-large Director position is designed to ensure there is community representation on the Drupal Association Board. If you are interested in helping shape the future of the Drupal Association, we encourage you to read this post and nominate yourself between 1 February and 19 February 2017. How do nominations and elections work? Specifics of the election mechanics were decided through a community-based process in 2012 with participation by dozens of Drupal community members. More details can be found in the proposal that was approved by the Drupal Association Board in 2012 and adapted for use this year. What does the Drupal Association Board do? The Board of Directors of the Drupal Association are responsible for financial oversight and setting the strategic direction for serving the Drupal Association’s mission, which we achieve through Drupal.org and DrupalCon. Our mission is: Drupal powers the best of the Web.  The Drupal Association unites a global open source community to build and promote Drupal. New board members will contribute to the strategic direction of the Drupal Association. Board members are advised of, but not responsible for matters related to the day-to-day operations of the Drupal Association, including program execution, staffing, etc. Directors are expected to contribute around five hours per month and attend three in-person meetings per year (financial assistance is available if required). Association board members, like all board members for US-based organizations, have three legal obligations: duty of care, duty of loyalty, and duty of obedience. In addition to these legal obligations, there is a lot of practical work that the board undertakes. These generally fall under the fiduciary responsibilities and include: Overseeing Financial Performance Setting Strategy Setting and Reviewing Legal Policies Fundraising Managing the Executive Director To accomplish all this, the board comes together three times a year during two-day retreats. These usually coincide with the North American and European DrupalCons as well as one February meeting. As a board member, you should expect to spend a minimum of five hours a month on board activities. Some of the topics that will be discussed over the next year or two are: Strengthening Drupal Association’s sustainability Understanding what the Project needs to move forward and determine how the Association can help meet those needs through Drupal.org and DrupalCon Growing Drupal adoption through our own channels and partner channels Developing the strategic direction for DrupalCon and Drupal.org And more! Please watch this video to learn more. Who can run? There are no restrictions on who can run, and only self-nominations are accepted. Before self-nominating, we want candidates to understand what is expected of board members and what types of topics they will discuss during their term. That is why we now require candidates to: Read the Drupal Association bylaws Read the board member agreement Watch the video of what it means to be a board member (transcript available. Request it here) Read The Drupal Association mission statement What will I need to do during the elections? During the elections, members of the Drupal community will ask questions of candidates. You can post comments on[...]



What’s new on Drupal.org? - December 2016

Wed, 25 Jan 2017 00:04:24 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. Our December update comes to you a bit later than our usual monthly posts, for all the usual practical reasons: holidays, vacations, and our staff retreat in early January. But also, because we've been reflecting on the past year, and planning for the year to come. You'll soon hear about our initiatives for 2017, but for now— let's dive into what we did in December. Drupal.org updates DrupalCon Baltimore At the beginning of December we launched the full site for DrupalCon Baltimore, which is coming up April 24-28. For the first time, we launched the full event site including the call for papers, scholarship applications, and registration all on the same day. Early bird pricing is available for a limited time, so we encourage you to register today. Stable release of the Composer Façade Drupal.org's support for Composer has been in development since the beginning of last year. We released the public alpha of our composer endpoints at DrupalCon New Orleans, and then entered beta over the course of this past summer. After a period of feedback, bug fixes, and further refinement with the help of core and contrib developers we announced the stable release of Drupal.org's composer support on December 21st. We'd like to thank the following community members for their help with this initiative: seldeak, webflo, timmillwood, dixon_, badjava, cweagans, tstoeckler, and mile23. We'd also like to thank Appnovation for sponsoring our initial Composer support work. Improved messaging for new users One of the innovations of Drupal.org's online community that we introduced about 2 years ago, is the process by which new users get confirmed by trusted users. As a user of Drupal.org, you know that when you see a new user with a 'confirm' button under their user icon, you can check their recent activity and help confirm for us that they're a real user (not a bot or spammer who managed to slip through). However, we received some feedback from recently registered users, that this process was too opaque. New users did not have enough guidance to understand that they can only perform a sub-set of site activities until another user confirms them. After hearing this feedback, we spent some time in December improving the messaging tonew users when they first sign up on Drupal.org— so they can better understand how to become confirmed. DrupalCI refactored and updated to use composer In December we also completed a refactor of DrupalCI and updated the testing system to use Composer when testing Drupal. This means we can now test projects with external composer dependencies on Drupal.org. Other new features and bugfixes include: more available test artifacts; dependency changes can now be submitted in patches to composer json; the test runner produces a build file that can be downloaded and run locally to re-execute any test verbatim. There are more added features as well.. This work has continued into January, particularly around making more testing environments available, and adding new test types (such as code sniffer). Look for additional updates in the upcoming January report. Special thanks to mile23 for collaborating with us on this work. Jenkins upgraded to better manage our EC2 Instances The cost of automated testing for the Drupal project is a significant expense for the Drupal Association. In December we updated Jenkins and several of the plugins that are used to orchestrate the creation and management of DrupalCI testbots, and now our enforcement of instance limits is much more reliable. In December this saved us nearly 50% on our testing bill, without a significant increase in testing wait times. In January we are projecting a similar savings. The work of community member fabianX might also provide similar savings[...]



Nominations are now open for the 2017 Aaron Winborn Award

Tue, 17 Jan 2017 05:00:00 +0000

The Drupal Community Working Group is pleased to announce that nominations for the 2017 Aaron Winborn Award are now open. This annual award recognizes an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community. It will include a scholarship and stipend to attend DrupalCon and recognition in a plenary session at the event.

Nominations are open to not only well-known Drupal contributors, but also people who have made a big impact in their local or regional community. If you know of someone who has made a big difference to any number of people in our community, we want to hear about it.

This award was created in honor of long-time Drupal contributor Aaron Winborn, whose battle with Amyotrophic lateral sclerosis (ALS) (also referred to as Lou Gehrig's Disease) came to an end on March 24, 2015. Based on a suggestion by Hans Riemenschneider, the Community Working Group, with the support of the Drupal Association, launched the Aaron Winborn Award.

Nominations are open until March 1, 2017. A committee consisting of the Community Working Group members and past award winners will select a winner from the submissions. Members of this committee and previous winners are exempt from winning the award.

Previous winners of the award are:

*  2015: Cathy Theys  
*  2016: Gábor Hojtsy  

If you know someone amazing who should benefit from this award please nominate them at https://www.drupal.org/aaron-winborn-award




Predictions for 2017

Sun, 15 Jan 2017 19:18:51 +0000

Like last year around this date, it is the time of year where we predict what the future wil bring for Drupal. Will decoupled Drupal get a head start? Wil chatbots be written in Drupal, will our tool fuel the Internet of Things, will the Whitehouse still run Drupal and will there be an IPO of a Drupal company?

Time to put your predictions, deep thoughts and even deeper thoughts online, and post them as a comment here. And in case you lack inspiration, see the previous predictions for 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015 and 2016.




Recognizing more types of contribution in the Drupal.org Marketplace

Thu, 12 Jan 2017 20:56:05 +0000

Within weeks of introducing the contribution credit system on Drupal.org we realized we had created something powerful. Like all open source projects, Drupal has a behind-the-scenes economy of contribution in which individuals, organizations, and end users work together to maintain the software as a public good. That behind-the-scenes economy was brought to the fore when we chose to rank the Drupal Marketplace by issue credits. For the first time, Drupal.org gave businesses a direct financial incentive to contribute code.   Being good stewards of these incentives is a sobering responsibility, but also a great opportunity. We can use this system to recognize the selfless effort of our community volunteers, to reward the organizations that sponsor their employees' time to give back to the project, and to connect end-users with the organizations that are the biggest contributors. But as we often say in this community—contribution is more than code. It is the time provided by dedicated volunteers; the talent of community organizers, documentation maintainers, and developers; and the treasure provided by organizations that sponsor Drupal events and fund the operations and infrastructure that maintain the project. What are we changing? We’re updating the ranking algorithm for Drupal.org’s Marketplace of service providers and list of all organizations in the Drupal ecosystem. We've expanded on the issue credit system to create a more generic contribution credit system which lets us recognize more types of contribution. Each type of contribution is now weighted to give the organization an overall amount of contribution credit. We've built this system so that we can continuously evolve the incentives it creates by adjusting the weight given to each type of contribution as the project's needs change. To prevent gaming, we will not be publishing the exact weights or total contribution score, but those weights have been reviewed by the Association Board and Community Working Group. We've carefully chosen a few new types of contribution to factor into the ranking. These were selected because they create incentives to reach specific goals: encouraging organizations to sponsor development of Drupal, gathering more Drupal 8 success stories that can be used to promote Drupal adoption, and recognizing the financial contributions that promote the fiscal health of the Drupal association. We now calculate the following 4 types of contribution into overall contribution credit: Issue credits — helping build the Drupal software happens in the issue queues. Issue credits remain the primary factor in ranking, and continue to be shown prominently. Issue credits on more widely used projects, like Drupal Core, will also receive greater weight in the ranking. Learn how to help in the issue queue Drupal 8 case studies — success stories show how Drupal is used across industries and the world, helping effectively introduce Drupal to more people. Learn how to write a case study Drupal Association Supporter Programs and Organization Membership — our partners and members help us build and maintain Drupal.org. Learn about supporter programs and organization membership Projects supported — the work to maintain a project sometimes happens outside of issues. Project maintainers can credit organizations which help provide time and sponsorship. Learn more about crediting project contributions What about other types of contribution? Of course, these new factors still don't include all types of contribution. This iteration aims to add measurable factors that reward the behavior of organizations that are good Drupal citizens, and incentivize some of the most important contributions that have a big impact in moving the project forward. But there are other factors we'd like to include in the future! We're keepi[...]



Moving the Drupal 8 workflow initiative along

Fri, 06 Jan 2017 17:49:54 +0000

Republished from buytaert.net Nine months ago I wrote about the importance of improving Drupal's content workflow capabilities and how we set out to include a common base layer of workflow-related functionality in Drupal 8 core. That base layer would act as the foundation on which we can build a list of great features like cross-site content staging, content branching, site previews, offline browsing and publishing, content recovery and audit logs. Some of these features are really impactful; 5 out of the top 10 most requested features for content authors are related to workflows (features 3-7 on the image below). We will deliver feature requests 3 and 4 as part of the "content workflow initiative" for Drupal 8. Feature requests 5, 6 and 7 are not in scope of the current content workflow initiative but still stand to benefit significantly from it. Today, I'd like to provide an update on the workflow initiative's progress the past 9 months. The top 10 requested features for content creators according to the 2016 State of Drupal survey. Features 1 and 2 are part of the media initiative for Drupal 8. Features 3 and 4 are part of the content workflow initiative. Features 5, 6 and 7 benefit from the content workflow initiative. Configurable content workflow states in Drupal 8.2 While Drupal 8.0 and 8.1 shipped with just two workflow states (Published and Unpublished), Drupal 8.2 (with the the experimental Content moderation module) ships with three: Published, Draft, and Archived. Rather than a single 'Unpublished' workflow state, content creators will be able to distinguish between posts to be published later (drafts) and posts that were published before (archived posts). The 'Draft' workflow state is a long-requested usability improvement, but may seem like a small change. What is more exciting is that the list of workflow states is fully configurable: you can add additional workflow states, or replace them with completely different ones. The three workflow states in Drupal 8.2 are just what we decided to be good defaults. Let's say you manage a website with content that requires legal sign-off before it can be published. You can now create a new workflow state 'Needs legal sign-off' that is only accessible to people in your organization's legal department. In other words, you can set up content workflows that are simple (like the default one with just three states) or that are very complex (for a large organization with complex content workflows and permissions). This functionality was already available in Drupal 7 thanks to the contributed modules like the Workbench suite. Moving this functionality into core is useful for two reasons. First, it provides a much-requested feature out of the box – this capability meets the third most important feature request for content authors. Second, it encourages contributed modules to be built with configurable workflows in mind. Both should improve the end-user experience. Support for different workflows in Drupal 8.3 Drupal 8.3 (still in development, planned to be released in April of 2017) goes one step further and introduces the concept of multiple types of workflows in the experimental Workflows module. This provides a more intuitive way to set up different workflows for different content types. For example, blog posts might not need legal sign-off but legal contracts do. To support this use case, you need to be able to setup different workflows assigned to their appropriate content types. What is also interesting is that the workflow system in Drupal 8.3 can be applied to things other than traditional content. Let's say that our example site happens to be a website for a membership organization. The new workflow system could be the technical foundation to move members through different workflows (e.[...]



Drupal.org's Composer endpoints are out of beta

Wed, 21 Dec 2016 17:03:00 +0000

Drupal.org's Composer endpoints have been available in beta for some time now, and in that time we've begun to see many, many people use Composer to manage Drupal modules and themes. We first launched these repositories before DrupalCon New Orleans as an alpha release, and move into beta a few months later. After receiving your feedback and bug reports we've made updates, and are ready to call this service stable. What is Composer? Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. … Composer is strongly inspired by node's npm and ruby's bundler." - Source In a nutshell, Composer allows you to declare the dependencies of your project in a composer.json file in the root of your PHP project. Those dependencies, which you then install through Composer, can have their own composer.json files and their own dependencies—all of which will be automatically managed and installed by Composer. When you need specific control over the versions of dependencies, you can use a composer.lock file. You can read more about Composer at GetComposer.org. How do Drupal.org's composer repositories work? Drupal.org offers two Composer repositories—one for Drupal 7, and one for Drupal 8. Composer requires that packages adhere to semantic versioning, which Drupal 8 core does, but Drupal 8 contrib, and Drupal 7 core and contrib, don’t. To solve this problem, we've created a Composer façade, which takes all of the metadata about projects on Drupal.org and translates them into a format Composer can understand—including translating the Drupal-specific versioning for Drupal 7 and contrib into semantic versioning. By creating this façade, we've made sure that Drupal.org is still the canonical source for metadata about Drupal.org projects, and that we can update this translation layer as the versioning schema changes. (Learn more about the effort to move Contrib projects to semantic versioning). In addition to providing endpoints for building projects, Drupal's automated testing suite— DrupalCI—now uses Composer to test Drupal core and contributed projects. This allows developers to test any external dependencies. How do I use Drupal.org's Composer repositories? To begin using Drupal.org's Composer repositories, you'll need to update your composer.json file to include the appropriate Composer repository for the version of Drupal. To use Composer with Drupal 7, use the repository url: https://packages.drupal.org/7. To use Composer with Drupal 8, use the repository url: https://packages.drupal.org/8, as in this example. After setting up composer, simply run the command: $ composer config repositories.drupal composer https://packages.drupal.org/8 And your project's composer.json should be updated to look like the following: { "repositories": { "drupal": { "type": "composer", "url": "https://packages.drupal.org/8" } } } Once you've made that change, you should be able to use Composer for Drupal modules and themes as you would for any other PHP package, using the drupal/ namespace: $ composer require drupal/ There is one caveat about the pattern: there are some namespace collisions among modules, and so it is on our roadmap to update Drupal.org project pages to specify the exact namespace to use to require a given project. To learn more about how to use Drupal.org's Composer repositories, and for some troubleshooting tips, read the Project Composer documentation. What about licensing? All the projects hosted on Drupal.org are licensed GPLv2 or later or have an entry in the packaging whitelist. This means that you can rely on Drupal Core and contributed modules [...]



Promoting Drupal Solutions by Industry Vertical

Mon, 12 Dec 2016 20:44:58 +0000

Earlier this year, I talked about The Drupal Association stepping further into its mission to better promote Drupal through its channels - especially via Drupal.org. With 20 million unique visitors annually, Drupal.org is a powerful tool to help evaluators move through their Drupal adoption journey. However, our research showed that technical evaluators didn’t find the information they needed and they ultimately left the site to find Drupal information elsewhere. It was a real missed opportunity that we wanted to solve for. Not only is it our mission to promote Drupal, but helping Drupal businesses thrive is important. Knowing that 69% of code contribution is sponsored by Drupal businesses, it’s imperative that our business community is strong and able to continually support our contributors. The Association is in a unique position to help these evaluators get inspired and informed about Drupal and to quickly connect them to service provider experts, who can show them how to use Drupal to solve their business challenges. That is why we turned the Drupal.org front page into a Drupal marketing section, giving it new design, copy, and calls to action for visitors to learn more about Drupal 8 and how to Try Drupal. We will continue to iterate the copy, case studies, and call to action on this page and subpages throughout 2017. The Power of Drupal By Industry Our next iteration will be the addition of industry vertical pages, which highlight the power of Drupal solutions for various industries. Each page will explain the impact that Drupal solutions made for well known brands in each industry. The pages will also connect the visitor to an industry expert - a Drupal service provider - who can answer their questions and ultimately build their Drupal solution. Plus, each page highlights featured third-party technology and hosting companies who add value to a Drupal solution. Our first three industry pages will be for the higher education, government, and the media/entertainment industry verticals. They will launch in Q1 2017. Here is a work-in-progress mockup of the Higher Education Industry Page. Sponsors with a history of contribution As you can see, we only highlight three service providers on each industry page. Naturally we have a global network of experts who we can highlight. So how do we decide who gets promoted on these pages? While working with the Drupal Association Board, we decided that it is important to continually reward the businesses who contribute back to the Project. Contribution comes in the form of time, talent, and treasure. We looked at these three categories and decided to rank companies by the issue credits they earned over the last 90 days, what level they are in the Drupal Supporting Partner Program, and how many years they were Supporters. We are using this contribution ranking to invite the top service providers to sponsor the page. We are also using geo-targeting on each page, showcasing service providers who serve the region that the visitor is located in. That means that each page will highlight three service providers who offer services in the Americas, EMEA, and AP Australia/NZ. This allows us to expand the number of organizations to participate in this program. Of course, the visitor can still find all of the other amazing Drupal businesses in our ecosystem by going to the marketplace, which can be filtered by industry verticals as well. We are excited to push our mission work forward on several fronts from promoting Drupal to rewarding contributing organizations. As we launch this program, we want to thank the Drupal Association Board, Acquia, FFW, Lullabot, MediaCurrent, and Phase2 for providing input into the process.[...]



What’s new on Drupal.org? - November 2016

Thu, 08 Dec 2016 17:27:56 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. The engineering team at the Drupal Association had much to be thankful for in November. With the support of the wonderful volunteers in our community and the contributions of our Supporting Partners we were able to deliver some great tools for the project. Let's dive and see what's new. Drupal.org updates Promoting Drupal by Industry In November we finished the technical scaffolding for the upcoming industry pages, and began working with the wider Association team on content development for these pages. Because we were ahead of our internal targets for this page and we felt it would add significant value, we've also added the ability to geotarget content on these industry pages. This is the first instance of geo-targeting on Drupal.org, and we'll be using it to help connect Drupal evaluators with regionally appropriate content and partners on these pages. Work on the industry pages is ongoing, but we're excited to bring them to you soon. Developer Tools Evaluation During November the engineering team also had a two day retreat here in Portland, OR with webchick - one of the members of the Technical Advisory Committee. We used this retreat to do a deep dive into the current state of developer tools on Drupal.org, and to evaluate our options to continue evolving the tools we offer to the community. We gave a summary of our exploration along with some next steps to the Drupal Association Board on November 22nd. You can find the minutes and a recording here. Core release packaged with --no-dev composer dependencies Starting with the Drupal 8.2.3 release, we are now packaging full releases of Drupal core with --no-dev composer dependencies. This means that packages downloaded will not include extraneous developer extras that should not be used in production sites, and that the release packages will be smaller. We will continue to package dev releases with the dev dependencies. Feature branch testing support Drupal.org allows maintainers to create feature branches for issues by using the name format [issue#]-[short-description]. Any commits made to a branch in this format will appear in the sidebar of the associated issue. To improve the utility of these feature branches, DrupalCI patch file tests now also run on push to these branches. To add tests, users can simply click on the 'add test' link beneath the git branch in the issue sidebar, or click on the existing test result bubble to re-test or add a new test. Since this feature was introduced we've run over 200 issue branch tests. Project maintainers can add Documentation Guides We're continuing to support the migration of documentation to the new documentation system, and we've now enabled Project Maintainers to add related documentation guides to their projects. Once added, the related projects will appear on the documentation guides, in the sidebar. Documentation Maintainers can find their Guides Many community volunteers have stepped up to become maintainers of the new documentation guides. We want to make sure we're giving them the tools they need to do the work of maintaining those guides and the pages within them. We've added a 'Your Guides' section to the user profile which will list all of the guides that a user maintains, as well as the pages within those guides. This should allow maintainers to see when pages have been recently changed or added, and to easily keep their guide content curated and up to date. Infrastructure Virtualization and Improved Config Management In November, we completed the majority of two major infrastructure projects. Firstly, [...]



Drupal 8 turns one!

Fri, 18 Nov 2016 13:49:42 +0000

Republished from buytaert.net Tomorrow is the one year anniversary of Drupal 8. On this day last year we celebrated the release of Drupal 8 with over 200 parties around the world. It's a project we worked on for almost five years, bringing the work of more than 3,000 contributors together to make Drupal more flexible, innovative, scalable, and easier to use. To celebrate tomorrow's release-versary, I wanted to look back at a few of the amazing Drupal 8 projects that have launched in the past year. 1. NBA.com The NBA is one of the largest professional sports leagues in the United States and Canada. Millions of fans around the globe rely on the NBA's Drupal 8 website to livestream games, read stats and standings, and stay up to date on their favorite team. Drupal 8 will bring you courtside, no matter who you're rooting for. 2. Nasdaq allowfullscreen="" frameborder="0" height="480" src="https://www.youtube.com/embed/s2HTiiNBuzo" width="742"> Nasdaq Corporate Solutions has selected Drupal 8 as the basis for its next generation Investor Relations Website Platform. IR websites are where public companies share their most sensitive and critical news and information with their shareholders, institutional investors, the media and analysts. With Drupal 8, Nasdaq Corporate Solutions will be providing companies with the most engaging, secure, and innovative IR websites to date. 3. Hubert Burda Media For more than 100 years, Hubert Burda Media has been Germany's premier media company. Burda is using Drupal 8 to expand their traditional business of print publishing to reach more than 52 million readers online. Burda didn't stop there, the media company also open sourced Thunder, a distribution for professional publishers built on Drupal 8. 4. Jurassic World Drupal 8 propels a wide variety of sites, some of Jurassic proportion. Following the release of the blockbuster film, Jurassic World built its digital park on Drupal 8. Jurassic World offers fans games, video, community forums, and even interactive profiles all of the epic dinosaurs found on Isla Nublar. 5. WWF The World Wide Fund for Nature has been a leading conservation organization since its founding in 1961. WWF's mission is to protect our planet and Drupal 8 is on their team. WWF UK uses Drupal 8 to engage the community, enabling users to adopt, donate and join online. From pole to pole, Drupal 8 and WWF are making an impact. 6. YMCA Greater Twin Cities The YMCA is one the leading non-profit organizations for youth development, healthy living, and social responsibility. The YMCA serves more than 45 million people in 119 countries. The team at YMCA Greater Twin Cities turned to Drupal 8 to build OpenY, a platform that allows YMCA members to check in, set fitness goals, and book classes. They even hooked up Drupal to workout machines and wearables like Fitbit, which enables visitors to track their workouts from a D8 powered mobile app. The team at Greater Twin Cities also took advantage of Drupal 8's built-in multilingual capabilities so that other YMCAs around the world can participate. The YMCA has set a new personal record, and is a great example of what is possible with Drupal 8. 7. Jack Daniels The one year anniversary of Drupal 8 is cause for celebration, so why not raise a glass? You might try Jack Daniels and their Drupal 8 website. Jack Daniels has been making whiskey for 150 years and you can get your fill with Drupal 8. 8. Al Jazeera Media Network Al Jazeera is the largest news organization focused on the Middle East, and broadcasts news and current affairs 24 hours a day, 7 days a week. Al Jazeera required a platform that could unify several different content streams [...]



Drupal 8.2.3 and 7.52 released

Wed, 16 Nov 2016 18:11:36 +0000

Drupal 8.2.3 and Drupal 7.52, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 8.2.3 and Drupal 7.52 release notes for further information. Download Drupal 8.2.3Download Drupal 7.52 Upgrading your existing Drupal 8 and 7 sites is strongly recommended. There are no new features nor non-security-related bug fixes in these releases. For more information about the Drupal 8.2.x release series, consult the Drupal 8 overview. More information on the Drupal 7.x release series can be found in the Drupal 7.0 release announcement. Security information We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list. Drupal 8 and 7 include the built-in Update Manager module, which informs you about important updates to your modules and themes. Bug reports Both Drupal 8.2.x and 7.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle. Change log Drupal 8.2.3 is a security release only. For more details, see the 8.2.3 release notes. A complete list of all changes in the stable 8.2.x branch can be found in the git commit log. Drupal 7.52 is a security release only. For more details, see the 7.52 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log. Security vulnerabilities Drupal 8.2.3 and 7.52 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisories: Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005 To fix the security problem, please upgrade to either Drupal 8.2.3 or Drupal 7.52. Update notes See the 8.2.3 and 7.52 release notes for details on important changes in this release. Known issues See the 8.2.3 release notes or 7.52 release notes for a list of known issues affecting each release. [...]



Drupal 8 will no longer include dev dependencies in release packages

Sat, 12 Nov 2016 01:19:26 +0000

As a best practice, development tools should not be deployed on production sites. Accordingly, packaged Drupal 8 stable releases will no longer contain development PHP libraries, because development code is not guaranteed to be secure or stable for production.

This only applies to a few optional libraries that are provided with Drupal 8 for development purposes. The many stable required libraries for Drupal 8, like Symfony and Twig, will still be included automatically in packaged releases. Drupal 7 is not affected.

Updating your site

To adopt this best practice for your site, do one of the following (depending on how you install Drupal):

  • If you install Drupal using the stable release packages provided by Drupal.org (for example, with an archive like drupal-8.2.2.tar.gz or via Drush), update to the next release (8.2.3) as soon as it is available. (Read about core release windows.) Be sure to follow the core update instructions, including removing old vendor files. Once updated, your site will no longer include development libraries and no further action will be needed.
  • If you use a development snapshot on your production site (like 8.2.x-dev), you should either update to a stable release (preferred) or manually remove the dependencies. Remember that development snapshots are not supported for production sites.
  • If you install your site via Composer, you should update your workflows to ensure you specify --no-dev for your production sites.

Development and continuous integration workflows

If you have a continuous integration workflow or development site that uses these development dependencies, your workflow might be impacted by this change. If you installed from a stable Drupal.org package and need the development dependencies, you have three options:

  1. Install Composer and run composer install --dev,
  2. Use a development snapshot (for example, 8.2.x-dev) instead of a tagged release for your development site, or
  3. Install the development dependencies you need manually into Drupal's vendor directory or elsewhere.

However, remember that these development libraries should not be installed on production sites.

For background on this change, see Use "composer install --no-dev" to create tagged core packages. For more information on Composer workflows for Drupal, see Using Composer to manage Drupal site dependencies.




What’s new on Drupal.org? - October 2016

Fri, 11 Nov 2016 20:43:21 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. The Drupal Association team has been getting back to work after coming back from DrupalCon Dublin in September. For the engineering team, October has been focused on some back-end services and infrastructure that support the Drupal project, while we continue to move forward on some longer term front facing initiatives. Drupal.org updates Promoting Drupal by Industry Last month we talked about the new homepage we released for Drupal.org, and using those editorial tools to build a membership campaign. We hinted that additional changes will be coming soon. While we're not ready to launch this new content - we can talk about it in some greater detail. Dries Buytaert, the project founder, has called Drupal the platform for ambitious digital experiences. That phrase expresses the incredible power and flexibility of Drupal, but also encapsulates an aspect of Drupal that can be difficult for newcomers. It can be very hard for newcomers to Drupal to understand how to take a base install of Drupal core, and extend that to achieve that ambitious vision. We want to help close that gap in understanding—to help evaluators see how Drupal achieves these ambitions. To do this, we'll be creating a series of landing pages that focus granularly on how Drupal creates success stories in particular industries. Look for more on this topic in coming months. DrupalCon Vienna Site Launched As is tradition, during the closing session of DrupalCon Dublin we announced that the next DrupalCon in Europe will be held in Vienna! We launched the splash page announcing the event at vienna2017.drupal.org and we have information about sponsorship and hotel reservations already available. DrupalCon Vienna will happen from the 25th to 29th of September 2017, and we'll hope to see you there! More flexible project testing We've made a significant update to how tests are configured on the Automated Testing tab of any project hosted on Drupal.org. Automated testing, using the DrupalCI infrastructure, allows developers to ensure their code will be compatible with core, and with a variety of PHP versions and database environments. In October, we updated the configuration options for module maintainers. Maintainers can now select a specific branch of core, a specific environment, and select whether to run the test once, daily, on commit, or for issues. Issues are limited to a single test configuration, to ensure that the code works in a single environment before being regression tested against multiple environments on on-commit or daily tests. Better database replication and reliability Behind the scenes, we've made some updates to our database cluster - part of our infrastructure standardization on Debian 8 environments managed in Puppet 4. We've made some improvements to replication and reliability - and while these changes are very much behind the scenes they should help maintain a reliable and performant Drupal.org. Response to Critical Security Vulnerabilities When it rains, it pours—a maxim we take to heart in Portland, Oregon—and that was especially true in the realm of security in October. The most widely known vulnerability disclosed was the 'DirtyCow' vulnerability in the Linux kernel. A flaw in the copy-on-write system of the Linux kernel made it possible, in principle, for an unprivileged user to elevate their own privileges. Naturally, responding to this vulnerability was a high priority in October, but DirtyCow was not the only vul[...]



Nasdaq Chooses Drupal 8

Fri, 21 Oct 2016 12:47:49 +0000

Republished from buytaert.net

(image)

I wanted to share the exciting news that Nasdaq Corporate Solutions has selected Drupal 8 as the basis for its next generation Investor Relations Website Platform. About 3,000 of the largest companies in the world use Nasdaq's Corporate Solutions for their investor relations websites. This includes 78 of the Nasdaq 100 Index companies and 63% of the Fortune 500 companies.

What is an IR website? It's a website where public companies share their most sensitive and critical news and information with their shareholders, institutional investors, the media and analysts. This includes everything from financial results to regulatory filings, press releases, and other company news. Examples of IR websites include http://investor.starbucks.comhttp://investor.apple.com andhttp://ir.exxonmobil.com -- all three companies are listed on Nasdaq.

All IR websites are subject to strict compliance standards, and security and reliability are very important. Nasdaq's use of Drupal 8 is a fantastic testament for Drupal and Open Source. It will raise awareness about Drupal across financial institutions worldwide.

In their announcement, Nasdaq explained that all the publicly listed companies on Nasdaq are eligible to upgrade their sites to the next-gen model "beginning in 2017 using a variety of redesign options, all of which leverage Acquia and the Drupal 8 open source enterprise web content management (WCM) system."

It's exciting that 3,000 of the largest companies in the world, like Starbucks, Apple, Amazon, Google and ExxonMobil, are now eligible to start using Drupal 8 for some of their most critical websites. 




What's new on Drupal.org? - September 2016

Thu, 20 Oct 2016 15:37:09 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. This month's update comes to you a couple weeks late, but only because we were on site at DrupalCon together with the community to move the project forward! DrupalCon Dublin was a great event, with the entire Drupal Association staff engaged to make DrupalCon the best place to develop your Drupal skills, learn what's coming for the project, and sprint on core and contrib. We are tremendously thankful to the community that joins us for DrupalCon, and to the incredible volunteers that help us put on the event. If you couldn't join us in person, you can still review the session recordings. Now, on to the updates! Drupal.org updates New homepage Certainly the most visible change to Drupal.org in September was the refresh of our home page. As the front door of our community home, the front page needs to be inviting to both existing community members, and people new to Drupal who are just beginning their adoption journey. The changes are more than aesthetic. We also put in place new editorial tools to give us greater flexibility with the front page itself, and with future landing pages that we hope to create in the same highly-designed, attractive style. In addition to these structural and editorial changes we made some content changes as well, cleaning up our news feed, and giving DrupalCon a new, more prominent position on the home page. And there are more updates to come! Using the same editorial tools we'll soon be rolling out additional content for Drupal evaluators - promoting proven solutions built using Drupal in specific industries. Look forward to this in the coming months. Membership campaign We used the same editorial tools that built the new homepage to build a landing page for our fall membership campaign. This campaign showcases how Drupal Association members make community cultivation grants possible - and the stories that those grants create. These community stories run to the heart of our mission - enabling our global community build connections on the local level, and extending Drupal's reach across the world. Case studies on organization profiles In September we also made a small but significant update to organization profiles. We've moved the often unwieldy index of people associated with an organization to a subpage, in order to make room for listing the case studies that an organization has created. We want to encourage Drupal organizations of all kinds to share their stories of success, especially around Drupal 8. If your organization has never created a Drupal case study before, we have some materials to teach you how to create a case study on Drupal.org. Issue Credit Updates The issue credit system has had a remarkable impact on the community. Being able to quantify the contribution of organizations to Drupal's codebase has lead to an unprecedented level of healthy competition between organizations who support the project—each trying to outdo the other with their contributions. It has been amazing to see how generous these organizations are, sponsoring the work of committed community contributors to advance the project. To maintain this system in a healthy way, we need to monitor it carefully and make small adjustments to ensure that we're creating the right incentives for true contribution, and not a system to be gained for self-promotion. We've made a few small tweaks in september to reduce spurious re-opening of issues in order [...]



Technical Advisory Committee formed to modernize developer tools

Tue, 18 Oct 2016 18:37:51 +0000

(image) At DrupalCon Dublin, I spoke about The Association’s commitment to help Drupal thrive by improving the contribution and adoption journeys through our two main community assets, DrupalCon and Drupal.org. You can see the video here.

One area I touch on was my experience as a new code contributor. Contributing my patch was a challenging, but joyous experience and I want more people to have that feeling—and I want to make it as easy as possible for others to contribute, too. It’s critical for the health of the project.

At the heart of the Drupal contributor community are our custom development tools, including the issue tracker, Git repositories, packaging, updates server, and automated testing. We believe there are many aspects of Drupal’s development workflow that have been essential to our project's success, and our current tooling reflects and reinforces our community values of self-empowerment, collaboration, and respect, which we seek to continue to uphold.

It’s time to modernize these developer tools. To support the Association with this objective The Drupal Association created a Technical Advisory Committee (TAC). The TAC consists of community members Angie Byron, Moshe Weitzman, and Steve Francia, who is also our newest Drupal Association board member. The TAC acts in an advisory role and reports to me.

Building off of the work the community has already done, the TAC is exploring opportunities to improve the tools we use to collaborate on Drupal.org. The crux of this exploration is determining whether we should continue to rely on and invest in our self-built tools, or whether we should partner with an organization that specializes in open source tooling.

Our hope is that we will be able to bring significant improvements to our contribution experience faster by partnering with an organization willing to learn from our community and adapt their tools to those things we do uniquely well. Such a partnership would benefit both the Drupal community—with the support of their ongoing development—and potentially the broader open source community—by allowing our partner to bring other projects those aspects of our code collaboration workflow.

The TAC will use a collaborative process, working with staff and community to make a final recommendation. The TAC has already begun the process and has some very positive exploratory conversations. The TAC and staff will be communicating their progress with the community in upcoming blog posts.  




Drupal file upload by anonymous or untrusted users into public file systems -- PSA-2016-003

Mon, 10 Oct 2016 17:09:07 +0000

Advisory ID: DRUPAL-PSA-2016-003 Project: Drupal core Version: 7.x, 8.x Date: 2016-October-10 Security risk: 20/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Exploit/TD:All Description Recently the Drupal Security Team has seen a trend of attacks utilizing a site mis-configuration. This issue only affects sites that allow file uploads by non-trusted or anonymous visitors, and stores those uploads in a public file system. These files are publically accessible allowing attackers to point search engines and people directly to them on the site. The majority of the reports are based around the webform module, however, other modules are vulnerable to this misconfiguration as well. For example, if a webform configured to allow anonymous visitors to upload an image into the public file system, that image would then be accessible by anyone on the internet. The site could be used by an attacker to host images and other files that the legitimate site maintainers would not want made publicly available through their site. To resolve this issue: Configure upload fields that non-trusted visitors, including anonymous visitors, can upload files with, to utilize use the private file system. Ensure cron is properly running on the site. Read about setting up cron for for Drupal 7 or or Drupal 8). Consider forcing users to create accounts before submitting content. Audit your public file space to make sure that files that are uploaded there are valid. Awareness acknowledgment The Drupal Security Team became aware of the existence and exploits of this issue because the community reported this issue to the security team. As always, if your site has been exploited, even if the cause is a mistake in configuration, the security team is interested in hearing about the nature of the issue. We use these reports to look for trends and broader solutions. Coordinated by Michael Hess of the Drupal Security Team Damien McKenna of the Drupal Security Team Alex Pott of the Drupal Security Team David Snopek of the Drupal Security Team Greg Knaddison of the Drupal Security Team Cash Williams of the Drupal Security Team This post may be updated as more information is learned. Contact and More Information The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact. Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site. [...]



Drupal 8.2.0 is now available

Wed, 05 Oct 2016 09:57:28 +0000

Update: Drupal 8.2.1 is now available. Drupal 8.2.0, the second minor release of Drupal 8, is now available. With Drupal 8, we made significant changes in our release process, adopting semantic versioning and scheduled feature releases. This allows us to make extensive improvements to Drupal 8 in a timely fashion while still providing backwards compatibility. What's new in Drupal 8.2.x? This new version includes additional experimental modules to place blocks on pages, to edit configuration related to blocks without leaving the page, to create content moderation workflows, and to use date ranges. Several smaller authoring experience, site building, and REST and decoupled site improvements are included as well. (Experimental modules are provided with Drupal core for testing purposes, but are not yet fully supported.) Download Drupal 8.2.0 Easier to place and configure blocks on pages The new experimental Place Block module allows placing blocks on any page without having to navigate to the backend administration form. After selecting the region for placement, block configuration can be adjusted in a modal dialog allowing full control of all the details. There is also a much easier way to modify block configuration, with the experimental Settings Tray module. Editing a block opens a tray in a sidebar with the block's title and other settings. For the site name block, for example, you can edit the site name directly in the sidebar. For menu blocks, you can adjust the menu there. Content moderation now included Drupal has always supported both published and unpublished content, but more granular workflow support was not available in Drupal core. The new experimental Content Moderation module, based on the contributed Workbench Moderation project, allows defining content workflow states such as Draft, Archived, and Published, as well as which roles have the ability to move content between states. Support for date ranges The Datetime module included with core only supports storing single points in time. The experimental Datetime Range module provides a new field type that also allows end dates. This is important for helping contributed modules like the Calendar module to work with Drupal 8 core. Site building, content authoring, and administrative improvements Drupal 8.2.0 also improves stable functionality for administration, site building, and authoring. Drupal now enables revisions by default for new content types, to provide better accountability, to create a "safety net" for recovering from unintended changes, and to integrate with future workflow features. Content editors will enjoy a more seamless experience, as CKEditor's built-in dialogs are now styled to match Drupal-native dialogs, and creating any entity will always display a message linking to the new entity. Other incremental enhancements include: The user interface text has been improved on numerous administrative pages. The redirection of site-wide contact forms is now configurable. The comment view mode can now be selected in the display formatter form. Relative URLs are converted to absolute ones in generated RSS feeds (ensuring that images and links work wherever the feeds are used). Administrators can now elect to remove a module's content entities in order to uninstall the module. The internal page cache has been improved for 404 responses. Platform features for web services The Drupal 8.2 release continues to expand Drupal's support for web services that benefit [...]



The transformation of Drupal 8 for continuous innovation

Wed, 28 Sep 2016 07:00:00 +0000

Republished from buytaert.net. In the past, after every major release of Drupal, most innovation would shift to two areas: (1) contributed modules for the current release, and (2) core development work on the next major release of Drupal. This innovation model was the direct result of several long-standing policies, including our culture of breaking backward compatibility between major releases. In many ways, this approach served us really well. It put strong emphasis on big architectural changes, for a cleaner, more modern, and more flexible codebase. The downsides were lengthy release cycles, a costly upgrade path, and low incentive for core contributors (as it could take years for their contribution to be available in production). Drupal 8's development was a great example of this; the architectural changes in Drupal 8 really propelled Drupal's codebase to be more modern and flexible, but also came at the cost of four and a half years of development and a complex upgrade path. As Drupal grows — in lines of code, number of contributed modules, and market adoption — it becomes harder and harder to rely purely on backward compatibility breaks for innovation. As a result, we decided to evolve our philosophy starting after the release of Drupal 8. The only way to stay competitive is to have the best product and to help people adopt it more seamlessly. This means that we have to continue to be able to reinvent ourselves, but that we need to make the resulting changes less scary and easier to absorb. We decided that we wanted more frequent releases of Drupal, with new features, API additions, and an easy upgrade path. To achieve these goals, we adopted three new practices: Semantic versioning: a major.minor.patch versioning scheme that allows us to add significant, backwards-compatible improvements in minor releases like Drupal 8.1.0 and 8.2.0. Scheduled releases: new minor releases are timed twice a year for predictability. To ensure quality, each of these minor releases gets its own beta releases and release candidates with strict guidelines on allowed changes. Experimental modules in core: optional alpha-stability modules shipped with the core package, which allow us to distribute new functionality, gather feedback, and iterate faster on the modules' planned path to stability. Now that Drupal 8 has been released for about 10 months and Drupal 8.2 is scheduled to be released next week, we can look back at how this new process worked. Drupal 8.1 introduced two new experimental modules (the BigPipe module and a user interface for data migration), various API additions, and usability improvements like spell checking in CKEditor. Drupal 8.2 further stabilizes the migration system and introduces numerous experimental alpha features, including significant usability improvements (i.e. block placement and block configuration), date range support, and advanced content moderation — among a long list of other stable and experimental improvements. It's clear that these regular feature updates help us innovate faster — we can now add new capabilities to Drupal that previously would have required a new major version. With experimental modules, we can get features in users' hands early, get feedback quickly, and validate that we are implementing the right things. And with the scheduled release cycle, we can deliver these improvements more frequently and more predictably. In aggregate, this enables u[...]



A new look for Drupal.org

Wed, 21 Sep 2016 19:09:50 +0000

As you can see we've put a fresh coat of paint on Drupal.org - but the changes run below the surface. This latest iteration of the front page brings the key concepts of our design system to the forefront: Clean, Modern, Technical.

(image)

This change also brings new editorial tools for Drupal.org content editors. The new home page provides us more flexibility with content and presentation, and so you'll see more frequent updates, more information about DrupalCon, and more editorial flexibility on the home page than you've seen in the past. These tools are also helping us to build cleaner, modern landing pages - like you've just seen with our Fall Membership Campaign.

We've previewed this work with several key members of the community and the board, and we want to say thank you to everyone who's given us their feedback on this first step for our new home page. We also want to give an extra special thank you to dyannenova for her contributions to this effort.

This is just the beginning - very soon we'll have a new visual look for the case studies that are featured on the home page, and then shortly after that we'll begin promoting solutions to Drupal evaluators in specific industries, like Higher Education, Media & Publishing, and Government.

If Drupal.org is the home of the community, then the front page is our front door. We want to welcome new users and evaluators of Drupal, highlight the project's strengths, and promote news and happenings from throughout the ecosystem.

We hope you like the changes, and we think you'll like the upcoming iterations even more. We'd love to hear your feedback!




Drupal 8.1.10 released

Wed, 21 Sep 2016 16:33:14 +0000

Drupal 8.1.10, a maintenance release which contains fixes for security vulnerabilities, is now available for download.

See the Drupal 8.1.10 release notes for further information.

Upgrading your existing Drupal 8 sites is strongly recommended. There are no new features nor non-security-related bug fixes in this release. For more information about the Drupal 8.x release series, consult the Drupal 8 overview.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 8 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

Bug reports

This is the final security release for the 8.1.x series. Future maintenance releases will be made available in the 8.2.x series, according to our monthly release cycle.

Change log

Drupal 8.1.10 is a security release only. For more details, see the 8.1.10 release notes. A complete list of all changes in the upcoming 8.2.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 8.1.10 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisories:

To fix the security problem, please upgrade to Drupal 8.1.10. (Sites testing the 8.2.x release should update to 8.2.0-rc2.)

Update notes

See the 8.1.10 release notes for details on important changes in this release.

This is the final security release of the 8.1.x series. Sites should prepare to update to 8.2.0 following this release.

Known issues

See the 8.1.10 release notes for known issues.




Can Drupal outdo native applications?

Wed, 14 Sep 2016 07:00:00 +0000

Republished from buytaert.net I've made no secret of my interest in the open web, so it won't come as a surprise that I'd love to see more web applications and fewer native applications. Nonetheless, many argue that "the future of the internet isn't the web" and that it's only a matter of time before walled gardens like Facebook and Google — and the native applications which serve as their gatekeepers — overwhelm the web as we know it today: a public, inclusive, and decentralized common good. I'm not convinced. Native applications seem to be winning because they offer a better user experience. So the question is: can open web applications, like those powered by Drupal, ever match up to the user experience exemplified by native applications? In this blog post, I want to describe inversion of control, a technique now common in web applications and that could benefit Drupal's own user experience. Native applications versus web applications Using a native application — for the first time — is usually a high-friction, low-performance experience because you need to download, install, and open the application (Android's streamed apps notwithstanding). Once installed, native applications offer unique access to smartphone capabilities such as hardware APIs (e.g. microphone, GPS, fingerprint sensors, camera), events such as push notifications, and gestures such as swipes and pinch-and-zoom. Unfortunately, most of these don't have corresponding APIs for web applications. A web application, on the other hand, is a low-friction experience upon opening it for the first time. While native applications can require a large amount of time to download initially, web applications usually don't have to be installed and launched. Nevertheless, web applications do incur the constraint of low performance when there is significant code weight or dozens of assets that have to be downloaded from the server. As such, one of the unique challenges facing web applications today is how to emulate a native user experience without the drawbacks that come with a closed, opaque, and proprietary ecosystem. Inversion of control In the spirit of open source, the Drupal Association invited experts from the wider front-end community to speak at DrupalCon New Orleans, including from Ember and Angular. Ed Faulkner, a member of the Ember core team and contributor to the API-first initiative, delivered a fascinating presentation about how Drupal and Ember working in tandem can enrich the user experience. One of Ember's primary objectives is to demonstrate how web applications can be indistinguishable from native applications. And one of the key ideas of JavaScript frameworks like Ember is inversion of control, in which the client side essentially "takes over" from the server side by driving requirements and initiating actions. In the traditional page delivery model, the server is in charge, and the end user has to wait for the next page to be delivered and rendered through a page refresh. With inversion of control, the client is in charge, which enables fluid transitions from one place in the web application to another, just like native applications. Before the advent of JavaScript and AJAX, distinct states in web applications could be defined only on the server side as individual pages and requested and transmitted via a round trip to the server, i.e[...]



What's new on Drupal.org? - August 2016

Tue, 13 Sep 2016 14:44:43 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. Our latest update about Drupal.org comes as the Drupal Association has moved out of our central office in Portland, OR, and gone to an all-distributed team. A move of that sort always creates some upheaval but amidst the move we've continued to push forward on several initiatives to improve Drupal.org. At the same time we've been pushing forward towards DrupalCon Dublin at the end of September- and we hope to see you there! Drupal.org updates A new home page, coming soon As we recently previewed on the Drupal.org blog, some changes are coming to the home page. We're building some new editorial tools to allow for more flexibility with the home page content, and to enable an increased focus on the adoption journey for visitors to Drupal.org. You'll see styles reminiscent of the Drupal 8 release announcement pages, and a continued modernization of theme. The launch of the new home page is coming soon, but as a precursor we've been making some small improvements. The new user menu which we launched in July has been updated for better keyboard accessibility, and to show a user picture as an indicator that a user has logged in. We've also moved the search feature into an icon in the top navigation. This gives us more flexibility with the header, which can be customized per-page type or per-section with the overall site search box still being present. For example, the header in the new documentation section features search box specific to this particular section, so while you are there you can search for other documentation without having to go through the full-site search and then filtering down. Lastly, we've merged the 'Get Started' and 'Download & Extend' pages. 90% of the content on these pages was duplicated with each other - and the new page presents a cleaner experience with the essential details needed for getting started with Drupal. The new front page is beginning editorial review, with the help of DA staff, a marketing task-force from the Drupal Association board, and a few key community members. We've also just launched our fall membership campaign, and we've used this opportunity to beta test some of these new editorial tools to build the campaign landing page. Your support makes our work possible. Thank you! Documentation There's some news to report on the documentation front as well. Firstly, as mentioned above, we've updated the header of the documentation section to default to a documentation-specific search box. While not so important for other areas of the site,, we want to preserve and improve the highly-visible, in context search for Documentation. We've also made some updates to the new system for Documentation maintainers. Authors of new documentation guides will now automatically become maintainers of those guides and automatically 'follow' the guide content so that they will receive notifications of activity in that guide. Any user following a guide can modify notifications settings at any time from their user profile. Within the notification settings a user can select their prefered method of receiving updates - via email or via their tracker page. Tvn has continued to spearhed the migration of documentation from t[...]



Drupal 8.2.0-rc1 is available for testing

Wed, 07 Sep 2016 22:07:38 +0000

The first release candidate for the upcoming Drupal 8.2.0 release is now available for testing. With Drupal 8, we made major changes in our release process, adopting semantic versioning and scheduled releases. This allows us to make significant improvements to Drupal 8 in a timely fashion while still providing backwards compatibility. Drupal 8.2.0 is the second such update, expected to be released October 5. Download Drupal-8.2.0-rc1 8.2.x includes many REST improvements; new experimental modules for content moderation, block placement, a sidebar to configure site elements in place, and end date support; and many other features and improvements. You can read a detailed list of improvements in the announcements of beta1, beta2, and beta3. What does this mean to me? For Drupal 8 site owners The final bugfix release of 8.1.x has been released. 8.1.x will receive no further releases following 8.2.0, and sites should prepare to update from 8.1.x to 8.2.x in order to continue getting bug and security fixes. Use update.php to update your 8.1.x sites to the 8.2.x series, just as you would to update from (e.g.) 8.1.4 to 8.1.5. You can use this release candidate to test the update. (Always back up your data before updating sites, and do not test updates in production.) For module and theme authors Drupal 8.2.x is backwards-compatible with 8.1.x. However, it does include internal API changes and API changes to experimental modules, so some minor updates may be required. Review the change records for 8.2.x, and test modules and themes with the release candidate now. For translators Some text changes were made since Drupal 8.1.0. Localize.drupal.org automatically offers these new and modified strings for translation. Strings are frozen with the release candidate, so translators can now update translations. For core developers All outstanding issues filed against 8.1.x are automatically migrated to 8.2.x now. Future bug reports should be targeted against the 8.2.x branch. 8.3.x will remain open for new development during the 8.2.x release candidate phase. For more information, see the beta and release candidate phase announcement. Your bug reports help make Drupal better! Release candidates are a chance to identify bugs for the upcoming release, so help us by searching the issue queue for any bugs you find, and filing a new issue if your bug has not been reported yet. [...]



Who sponsors Drupal development?

Tue, 06 Sep 2016 17:32:58 +0000

Republished from buytaert.net There exist millions of Open Source projects today, but many of them aren't sustainable. Scaling Open Source projects in a sustainable manner is difficult. A prime example is OpenSSL, which plays a critical role in securing the internet. Despite its importance, the entire OpenSSL development team is relatively small, consisting of 11 people, 10 of whom are volunteers. In 2014, security researchers discovered an important security bug that exposed millions of websites. Like OpenSSL, most Open Source projects fail to scale their resources. Notable exceptions are the Linux kernel, Debian, Apache, Drupal, and WordPress, which have foundations, multiple corporate sponsors and many contributors that help these projects scale. We (Dries Buytaert is the founder and project lead of Drupal and co-founder and Chief Technology Officer of Acquia and Matthew Tift is a Senior Developer at Lullabot and Drupal 8 configuration system co-maintainer) believe that the Drupal community has a shared responsibility to build Drupal and that those who get more from Drupal should consider giving more. We examined commit data to help understand who develops Drupal, how much of that work is sponsored, and where that sponsorship comes from. We will illustrate that the Drupal community is far ahead in understanding how to sustain and scale the project. We will show that the Drupal project is a healthy project with a diverse community of contributors. Nevertheless, in Drupal's spirit of always striving to do better, we will also highlight areas where our community can and should do better. Who is working on Drupal? In the spring of 2015, after proposing ideas about giving credit and discussing various approaches at length, Drupal.org added the ability for people to attribute their work to an organization or customer in the Drupal.org issue queues. Maintainers of Drupal themes and modules can award issues credits to people who help resolve issues with code, comments, design, and more. A screenshot of an issue comment on Drupal.org. You can see that jamadar worked on this patch as a volunteer, but also as part of his day job working for TATA Consultancy Services on behalf of their customer, Pfizer. Drupal.org's credit system captures all the issue activity on Drupal.org. This is primarily code contributions, but also includes some (but not all) of the work on design, translations, documentation, etc. It is important to note that contributing in the issues on Drupal.org is not the only way to contribute. There are other activities—for instance, sponsoring events, promoting Drupal, providing help and mentoring—important to the long-term health of the Drupal project. These activities are not currently captured by the credit system. Additionally, we acknowledge that parts of Drupal are developed on GitHub and that credits might get lost when those contributions are moved to Drupal.org. For the purposes of this post, however, we looked only at the issue contributions captured by the credit system on Drupal.org. What we learned is that in the 12-month period from July 1, 2015 to June 30, 2016 there were 32,711 issue credits—both to Drupal core as well as all the contributed themes and modules—attributed to 5,196 different indi[...]