Subscribe: drupal.org
http://drupal.org/rss.xml
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: drupal.org

Drupal.org



Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.



 



Massachusetts launches Mass.gov on Drupal 8

Tue, 05 Dec 2017 16:04:18 +0000

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post.

Earlier this year, the Commonwealth of Massachusetts launched Mass.gov on Drupal 8. Holly St. Clair, the Chief Digital Officer of the Commonwealth of Massachusetts, joined me during my Acquia Engage keynote to share how Mass.gov is making constituents' interactions with the state fast, easy, meaningful, and "wicked awesome".

allow="encrypted-media" allowfullscreen="" frameborder="0" gesture="media" height="315" src="https://www.youtube.com/embed/dK4k2w7MZyY" width="560">

Constituents at the center

Today, 76% of constituents prefer to interact with their government online. Before Mass.gov switched to Drupal it struggled to provide a constituent-centric experience. For example, a student looking for information on tuition assistance on Mass.gov would have to sort through 7 different government websites before finding relevant information.

(image)

To better serve residents, businesses and visitors, the Mass.gov team took a data-driven approach. After analyzing site data, they discovered that 10% of the content serviced 89% of site traffic. This means that up to 90% of the content on Mass.gov was either redundant, out-of-date or distracting. The digital services team used this insight to develop a site architecture and content strategy that prioritized the needs and interests of citizens. In one year, the team at Mass.gov moved a 15-year-old site from a legacy CMS to Drupal.

The team at Mass.gov also incorporated user testing into every step of the redesign process, including usability, information architecture and accessibility. In addition to inviting over 330,000 users to provide feedback on the pilot site, the Mass.gov team partnered with the Perkins School for the Blind to deliver meaningful accessibility that surpasses compliance requirements. This approach has earned Mass.gov a score of 80.7 on the System Usability Scale; 12 percent higher than the reported average.

Open from the start

As an early adopter of Drupal 8, the Commonwealth of Massachusetts decided to open source the code that powers Mass.gov. Everyone can see the code that make Mass.gov work, point out problems, suggest improvements, or use the code for their own state. It's inspiring to see the Commonwealth of Massachusetts fully embrace the unique innovation and collaboration model inherent to open source. I wish more governments would do the same!

Congratulations Mass.gov

The new Mass.gov is engaging, intuitive and above all else, wicked awesome. Congratulations Mass.gov!




We have 10 days to save net neutrality

Tue, 05 Dec 2017 16:01:35 +0000

This blog has been re-posted and edited with permission from Dries Buytaert's blog. Please leave your comments on the original post. Last month, the Chairman of the Federal Communications Commission, Ajit Pai, released a draft order that would soften net neutrality regulations. He wants to overturn the restrictions that make paid prioritization, blocking or throttling of traffic unlawful. If approved, this order could drastically alter the way that people experience and access the web. Without net neutrality, Internet Service Providers could determine what sites you can or cannot see. The proposed draft order is disheartening. Millions of Americans are trying to save net neutrality; the FCC has received over 5 million emails, 750,000 phone calls, and 2 million comments. Unfortunately this public outpouring has not altered the FCC's commitment to dismantling net neutrality. The commission will vote on the order on December 14th. We have 10 days to save net neutrality. Although I have written about net neutrality before, I want to explain the consequences and urgency of the FCC's upcoming vote. What does Pai's draft order say? Chairman Pai has long been an advocate for "light touch" net neutrality regulations, and claims that repealing net neutrality will allow "the federal government to stop micromanaging the Internet". Specifically, Pai aims to scrap the protection that classifies ISPs as common carriers under Title II of the Communications Act of 1934. Radio and phone services are also protected under Title II, which prevents companies from charging unreasonable rates or restricting access to services that are critical to society. Pai wants to treat the internet differently, and proposes that the FCC should simply require ISPs "to be transparent about their practices". The responsibility of policing ISPs would also be transferred to the Federal Trade Commission. Instead of maintaining the FCC's clear-cut and rule-based approach, the FTC would practice case-by-case regulation. This shift could be problematic as a case-by-case approach could make the FTC a weak consumer watchdog. The consequences of softening net neutrality regulations At the end of the day, frail net neutrality regulations mean that ISPs are free to determine how users access websites, applications and other digital content. It is clear that depending on ISPs to be "transparent" will not protect against implementing fast and slow lanes. Rolling back net neutrality regulations means that ISPs could charge website owners to make their website faster than others. This threatens the very idea of the open web, which guarantees an unfettered and decentralized platform to share and access information. Gravitating away from the open web could create inequity in how communities share and express ideas online, which would ultimately intensify the digital divide. This could also hurt startups as they now have to raise money to pay for ISP fees or fear being relegated to the "slow lane". The way I see it, implementing "fast lanes" could alter the technological, economic and societal impact of the internet we know today. Unfortunately it seems that the chairman is prioritizing the interests of ISPs over the needs of consumers. What can you can do today Chairman Pai's draft order could dictate the future of the internet for years to come. In the end, net neutrality affects how people, including you and me, experience the web. I've dedicated both my spare time and my professional career to the open web because I believe the web has the power to change lives, educate people, create new economies, disrupt business models and make the world smaller in the best of ways. Keeping the web open means that these opportunities can be available to everyone. If you're concerned about the future of net neutrality, please take action. Share your comments with the U.S. Congress and contact your representatives. Speak up about your concerns with your friends and colleagues. Organizations like The Battle for the Net help you contact your representatives —[...]



Holistic Collaboration

Fri, 01 Dec 2017 20:44:24 +0000

The following blog was written by Drupal Association Premium Supporting Partner, Wunder Group. For the past couple of years I have been talking about the holistic development and operations environments at different camps. As this year’s highlight,  I gave  a session in DrupalCon Vienna around that same topic. The main focus of my talk has been on the improvement opportunities offered by a holistic approach, but there is another important aspect I’d like to introduce: The collaboration model. Every organization has various experts for different subject matters. Together these experts can create great things. As the saying goes “the whole is more than the sum of its parts”, which means there is more value generated when those experts work together, than from what they would individually produce. This however, is easier said than done.  These experts have usually worked within their own specific domains and for others their work might seem obscure. It’s easy to perceive them as “they’re doing some weird voodoo” while not realizing that others might see your work in your own domain the same way. Even worse, we raise our craft above all others and we look down at those who do not excel in our domain. How IT people see each other: But each competence is equally important. You can’t ignore one part and focus on the other. The whole might be greater than the sum of its parts, but the averages do factor in. Let's take for example a fictional project. Sales people do great job getting the project in, upselling a great design. The design team delivers and it gets even somehow implemented, but nobody remembered to consult the sysops. Imagine apple.com, the pinnacle of web design, but launched on this:   (Sorry for the potato quality).   Everything needs to be in balance. The real value added is not in the work everybody does individually, but in what falls in between. We need to fill those caps with cooperation to get the best value out of the work.  So how do you find the balance? The key to find balance and to get the most out of the group of experts is communication and collaboration. There needs to be active involvement from every part of the organization right from the start to make sure nothing is left unconsidered. The communication needs to stay active throughout the whole project. It is important to speak the same language. I know it’s easy to start talking in domain jargon. And every single discipline has their own. The terms might be clear to you, but remember that the other party might not have ever heard of it. So pay attention to the terms you use.  “Let's set the beresp ttl down to 60s when the request header has the cache-tag set for all the bereq uris matching /api/ endpoint before passing it to FastCGI” - Space Talk Instead of looking down to each other we should see others like they see themselves. Respect both their knowledge and the importance of their domain. How IT people should see each other:  (Sysadmins: not because we like to flip at everybody, but because Linus, the guy who can literally change the source code of the real world Matrix, the Web.)   Everybody needs to acknowledge the goal and work towards it together. Not just focus on their own area but also make sure their work is compatible with that of others. There needs to be a shared communications channel where everyone can reach each other. It should also be possible to communicate directly to those people who know best without having any hierarchy to go through. The flat organization structure doesn’t only mean you can contact higher ups directly, but also that you can contact any individual from different area of expertise directly. By collaboration you can also eliminate redundancies. It can be so that there are different units doing overlapping work, both with their own ways. Or there could be a team that is doing the work falling in between two other teams. A good example of this is the devops team. Only in a very large organization there is probabl[...]



An update on the Workflow Initiative for Drupal 8.4/8.5

Wed, 22 Nov 2017 17:57:15 +0000

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post. Over the past weeks I have shared an update on the Media Initiative and an update on the Layout Initiative. Today I wanted to give an update on the Workflow Initiative. Creating great software doesn't happen overnight; it requires a desire for excellence and a disciplined approach. Like the Media and Layout Initiatives, the Workflow Initiative has taken such an approach. The disciplined and steady progress these initiative are making is something to be excited about. 8.4: The march towards stability As you might recall from my last Workflow Initiative update, we added the Content Moderation module to Drupal 8.2 as an experimental module, and we added the Workflows module in Drupal 8.3 as well. The Workflows module allows for the creation of different publishing workflows with various states (e.g. draft, needs legal review, needs copy-editing, etc) and the Content Moderation module exposes these workflows to content authors. As of Drupal 8.4, the Workflows module has been marked stable. Additionally, the Content Moderation module is marked beta in Drupal 8.4, and is down to two final blockers before marking stable. If you want to help with that, check out the Content Moderation module roadmap. 8.4: Making more entity types revisionable To advance Drupal's workflow capabilities, more of Drupal's entity types needed to be made "revisionable". When content is revisionable, it becomes easier to move it through different workflow states or to stage content. Making more entity types revisionable is a necessary foundation for better content moderation, workflow and staging capabilities. But it was also hard work and took various people over a year of iterations — we worked on this throughout the Drupal 8.3 and Drupal 8.4 development cycle. When working through this, we discovered various adjacent bugs (e.g. bugs related to content revisions and translations) that had to be worked through as well. As a plus, this has led to a more stable and reliable Drupal, even for those who don't use any of the workflow modules. This is a testament to our desire for excellence and disciplined approach. 8.5+: Looking forward to workspaces While these foundational improvements in Drupal 8.3 and Drupal 8.4 are absolutely necessary to enable better content moderation and content staging functionality, they don't have much to show for in terms of user experience changes. Now a lot of this work is behind us, the Workflow Initiative changed its focus to stabilizing the Content Moderation module, but is also aiming to bring the Workspace module into Drupal core as an experimental module. The Workspace module allows the creation of multiple environments, such as "Staging" or "Production", and allows moving collections of content between them. For example, the "Production" workspace is what visitors see when they visit your site. Then you might have a protected "Staging" workspace where content editors prepare new content before it's pushed to the Production workspace. While workflows for individual content items are powerful, many sites want to publish multiple content items at once as a group. This includes new pages, updated pages, but also changes to blocks and menu items — hence our focus on making things like block content and menu items revisionable. 'Workspaces' group all these individual elements (pages, blocks and menus) into a logical package, so they can be prepared, previewed and published as a group. This is one of the most requested features and will be a valuable differentiator for Drupal. It looks pretty slick too: An outside-in design that shows how content creators could work in different workspaces. When you're building out a new section on your site, you want to preview your entire site, and publish all the changes at once. Designed by Jozef Toth at Pfizer. I'm impressed with the work the Workflow team has accomplished during[...]



An update on the Layout Initiative for Drupal 8.4/8.5

Wed, 15 Nov 2017 16:39:11 +0000

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post. Now Drupal 8.4 is released, and Drupal 8.5 development is underway, it is a good time to give an update on what is happening with Drupal's Layout Initiative. 8.4: Stable versions of layout functionality Traditionally, site builders have used one of two layout solutions in Drupal: Panelizer and Panels. Both are contributed modules outside of Drupal core, and both achieved stable releases in the middle of 2017. Given the popularity of these modules, having stable releases closed a major functionality gap that prevented people from building sites with Drupal 8. 8.4: A Layout API in core The Layout Discovery module added in Drupal 8.3 core has now been marked stable. This module adds a Layout API to core. Both the aforementioned Panelizer and Panels modules have already adopted the new Layout API with their 8.4 release. A unified Layout API in core eliminates fragmentation and encourages collaboration. 8.5+: A Layout Builder in core Today, Drupal's layout management solutions exist as contributed modules. Because creating and building layouts is expected to be out-of-the-box functionality, we're working towards adding layout building capabilities to Drupal core. Using the Layout Builder, you start by selecting predefined layouts for different sections of the page, and then populate those layouts with one or more blocks. I showed the Layout Builder in my DrupalCon Vienna keynote and it was really well received: allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/Hx4EEzI7aNE" width="560">8.5+: Use the new Layout Builder UI for the Field Layout module One of the nice improvements that went in Drupal 8.3 was the Field Layout module, which provides the ability to apply pre-defined layouts to what we call "entity displays". Instead of applying layouts to individual pages, you can apply layouts to types of content regardless of what page they are displayed on. For example, you can create a content type 'Recipe' and visually lay out the different fields that make up a recipe. Because the layout is associated with the recipe rather than with a specific page, recipes will be laid out consistently across your website regardless of what page they are shown on. The basic functionality is already included in Drupal core as part of the experimental Fields Layout module. The goal for Drupal 8.5 is to stabilize the Fields Layout module, and to improve its user experience by using the new Layout Builder. Eventually, designing the layout for a recipe could look like this: Layouts remains a strategic priority for Drupal 8 as it was the second most important site builder priority identified in my 2016 State of Drupal survey, right behind Migrations. I'm excited to see the work already accomplished by the Layout team, and look forward to seeing their progress in Drupal 8.5! If you want to help, check out the Layout Initiative roadmap. Special thanks to Angie Byron for contributions to this blog post, to Tim Plunkett and Kris Vanderwater for their feedback during the writing process, and to Emilie Nouveau for the screenshot and video contributions. [...]



An update on the Media Initiative for Drupal 8.4/8.5

Fri, 10 Nov 2017 15:49:06 +0000

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post. In my blog post, "A plan for media management in Drupal 8", I talked about some of the challenges with media in Drupal, the hopes of end users of Drupal, and the plan that the team working on the Media Initiative was targeting for future versions of Drupal 8. That blog post is one year old today. Since that time we released both Drupal 8.3 and Drupal 8.4, and Drupal 8.5 development is in full swing. In other words, it's time for an update on this initiative's progress and next steps. 8.4: a Media API in core Drupal 8.4 introduced a new Media API to core. For site builders, this means that Drupal 8.4 ships with the new Media module (albeit still hidden from the UI, pending necessary user experience improvements), which is an adaptation of the contributed Media Entity module. The new Media module provides a "base media entity". Having a "base media entity" means that all media assets — local images, PDF documents, YouTube videos, tweets, and so on — are revisable, extendable (fieldable), translatable and much more. It allows all media to be treated in a common way, regardless of where the media resource itself is stored. For end users, this translates into a more cohesive content authoring experience; you can use consistent tools for managing images, videos, and other media rather than different interfaces for each media type. 8.4+: porting contributed modules to the new Media API The contributed Media Entity module was a "foundational module" used by a large number of other contributed modules. It enables Drupal to integrate with Pinterest, Vimeo, Instagram, Twitter and much more. The next step is for all of these modules to adopt the new Media module in core. The required changes are laid out in the API change record, and typically only require a couple of hours to complete. The sooner these modules are updated, the sooner Drupal's rich media ecosystem can start benefitting from the new API in Drupal core. This is a great opportunity for intermediate contributors to pitch in. 8.5+: add support for remote video in core As proof of the power of the new Media API, the team is hoping to bring in support for remote video using the oEmbed format. This allows content authors to easily add e.g. YouTube videos to their posts. This has been a long-standing gap in Drupal's out-of-the-box media and asset handling, and would be a nice win. 8.6+: a Media Library in core The top two requested features for the content creator persona are richer image and media integration and digital asset management. The results of the State of Drupal 2016 survey show the importance of the Media Initiative for content authors. With a Media Library content authors can select pre-existing media from a library and easily embed it in their posts. Having a Media Library in core would be very impactful for content authors as it helps with both these feature requests. During the 8.4 development cycle, a lot of great work was done to prototype the Media Library discussed in my previous Media Initiative blog post. I was able to show that progress in my DrupalCon Vienna keynote: allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/S82paYMycNE" width="560">The Media Library work uses the new Media API in core. Now that the new Media API landed in Drupal 8.4 we can start focusing more on the Media Library. Due to bandwidth constraints, we don't think the Media Library will be ready in time for the Drupal 8.5 release. If you want to help contribute time or funding to the development of the Media Library, have a look at the roadmap of the Media Initiative or let me know and I'll get you in touch with the team behind the Media Initiative. Special thanks to Angie Byron for contributions to this blog post and to Janez Urevc, Sean Blommaert, Marcos Cano Miranda, Adam G-H and G[...]



5 Steps to Get Your Drupal Site Multilingual Ready

Wed, 01 Nov 2017 20:43:18 +0000

The following blog was written by Drupal Association Premium Technology Partner, Lingotek. Everyone is jumping on the localization bandwagon because it’s dawning on enterprises everywhere that creating site content in a customer’s language is one way to personalize their experience and improve engagement. That means more organizations are going to prioritize making their Drupal websites multilingual, so we’ve created a handy checklist to help you get ready. From Module Mayhem to Built-in Language Support Drupal 7 is a very stable and well-used content management platform and it supports a vast array of modules, but it wasn’t built with multilingual in mind. Making a Drupal 7 site multilingual can be a time-intensive process for developers. To address this issue, the Drupal community went to work to rebuild language support. Drupal 8 was created to understand language from the beginning. Custom or contributed modules or themes don’t have to understand language support--it’s already built in. Drupal 8 is a great platform to work with, not only because it is so multilingual capable out-of-the-box, but also because you can easily expand while maintaining the translatability of your data. The Drupal 8 multilingual core paves the way for more automation, more seamless workflows, and better publication management. Whether you use Drupal 7 or Drupal 8, every Drupal developer who works with contributed or custom modules designed for multilingual or non-English sites needs to know how to build the best integration possible. To make your path to global engagement and localization easier, we’ve created a checklist for getting your Drupal site multilingual ready in five steps. Step 1: Understand Your Site First step in your multilingual prep is to understand your site! Take a look at your customizations, nodes, fields, and modules so you have an idea of the size and scope of your multilingual prep. Let’s be honest though, most of us will never really know our sites completely. But that doesn’t mean you shouldn’t try. Start your multilingual readiness by taking a look at your theme, content, and modules. Step 2: Examine Your Theme Next step, review any customizations you have. Make sure all strings are wrapped in a t() function. You need to ensure both your base and sub-themes are multilingual ready. It helps if you use a well-established, multilingual-ready base theme like Zen, BootStrap3, etc. Step 3: Think About Your Content Figure out how many nodes are on your site and familiarize yourself with how and where they are used. Find out how many different content types you have and make note of diverse custom fields. The more types of content, the more complex your site translation will be. It’s also important to know how many languages are currently on the site, so check your node language settings. If they aren’t set up correctly, it can lead to translation barriers down the road. Step 4: Rein In Your Modules Find out how many modules are installed on your site. For multilingual, the fewer modules installed, the better! When it comes to contributed modules, you’ve got to rein them in. Too many modules can compromise functionality and interfere with site translation. Limit your modules to those that you really need and use. It’s best to have as few as you can (under 200). Be sure to code review your custom modules to ensure all strings are properly wrapped in t() functions. Step 5: Examine Potential Trouble Spots There are some additional areas that have the potential to become trouble spots. They may not affect large portions of your site, but it’s good to know where you might run into issues. Take a moment to inspect the following areas to ensure your Drupal site’s multilingual readiness: URL Aliases Taxonomy Terms Blocks Fieldable Panels Panes Mini-panels Groups Views Every Drupal developer who works with contributed or custom modules de[...]



Community Spotlight: Rwandan enthusiasm for Drupal causes big challenge

Wed, 18 Oct 2017 19:00:16 +0000

For Ildephonse Bikino (bikilde) of Rwanda, it was supposed to be an uneventful Drupal Global Training Day call-out; he expected 50 people but he got 388! Bikino began working to get local interest in Drupal, sharing information by creating a simple website and posting information about the trainings on groups.drupal.org and sharing it locally. Hoping to reach the room capacity of 50 people, the registrations came flowing in. “The venue, which is kLab, where I was expecting to run my first training, they only accommodate 50 people. And the channel I used to announce the training, I was not expecting too many people attending, but people ...shared my communication to different channels and in so many different ways. I was surprised to get more than 388 applications.” How do you deal with the logistics of training 388 people? That’s hard! Bikino was committed to the challenge. One session became eight over a number of weekends. Bikino made sure everyone got the opportunity to attend! Discovering Drupal Bikino's start with Drupal began commonly enough; through his job. Like many small teams, staff get mixed roles and he inherited the website role. His experience grew from there. In 2016 he had the opportunity to attend DrupalCon New Orleans via scholarship through the Drupal Association. This let him discover the global opportunities and connections that open source software and the Drupal community can provide. “My interest [in going to DrupalCon New Orleans] was to learn how thousands of people can just work together to deliver one single platform, how it works, and how people can really do it as volunteering work and through contributions. [The experience left me feeling that] I could really share that culture and community with young Rwandan people… and how they can love what they are doing this much. That’s where my inspiration came from.” Bikino says technology offers more than just jobs, it provides local activities, ways to collaborate, and a chance to build knowledge. He plans to create a platform for the Rwanda Drupal community to share skills, projects, opportunities and experience. Moving Forward The local support for the Drupal Global Training Day is a sign of changing times in Rwanda. Those attending the training are educated, but there can be a lack of connection between what they are learning in school and the outside market. Bikino wants to connect those gaps by creating opportunities to learn, build, and develop. Like many countries across the globe, the Rwandan government sees technology as a way to build economic diversity, nurture jobs, and transform the country. Local Projects The Rwanda Information and Communication Association (RICTA) and partners launched The 1K Websites project, to promote Local Content Hosting. For now most of the websites made are Government, but they are expanding the project. With good internet infrastructure already in place, this is the start of local content creation and websites for business and community.. Diversity in the community is going to be a challenge, but Bikino realises it’s an important one. The Sustainable Development Goals 5 is “achieve gender equality and empower women and girls”, and access to technology in developing countries such as Rwanda is important for sustainability. Bikino is actively working with kLab management to find funds to develop opportunities for women in technology. The Future The last group of the 388 people have just gone through their training. The aim now is to develop local freelancers, do projects within the community, and find mentors to share tips, guidance and best practices. The group would even like to contribute to translating Drupal into the local language (Kinyarwanda). And of course one day, host an African DrupalCon. Peel away the layers of an impressive attendance to a Drupal Global Training Day event, and you hav[...]



Drupal looking to adopt React

Wed, 11 Oct 2017 17:05:15 +0000

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post. Last week at DrupalCon Vienna, I proposed adding a modern JavaScript framework to Drupal core. After the keynote, I met with core committers, framework managers, JavaScript subsystem maintainers, and JavaScript experts in the Drupal community to discuss next steps. In this blog post, I look back on how things have evolved, since the last time we explored adding a new JavaScript framework to Drupal core two years ago, and what we believe are the next steps after DrupalCon Vienna. As a group, we agreed that we had learned a lot from watching the JavaScript community grow and change since our initial exploration. We agreed that today, React would be the most promising option given its expansive adoption by developers, its unopinionated and component-based nature, and its well-suitedness to building new Drupal interfaces in an incremental way. Today, I'm formally proposing that the Drupal community adopt React, after discussion and experimentation has taken place. Two years ago, it was premature to pick a JavaScript framework Three years ago, I developed several convictions related to "headless Drupal" or "decoupled Drupal". I believed that: More and more organizations wanted a headless Drupal so they can use a modern JavaScript framework to build application-like experiences. Drupal's authoring and site building experience could be improved by using a more modern JavaScript framework. JavaScript and Node were going to take the world by storm and that we would be smart to increase the amount of JavaScript expertise in our community. (For the purposes of this blog post, I use the term "framework" to include both full MV* frameworks such as Angular, and also view-only libraries such as React combined piecemeal with additional libraries for managing routing, states, etc.) By September 2015, I had built up enough conviction to write several long blog posts about these views (post 1, post 2, post 3). I felt we could accomplish all three things by adding a JavaScript framework to Drupal core. After careful analysis, I recommended that we consider React, Ember and Angular. My first choice was Ember, because I had concerns about a patent clause in Facebook's open-source license (since removed) and because Angular 2 was not yet in a stable release. At the time, the Drupal community didn't like the idea of picking a JavaScript framework. The overwhelming reactions were these: it's too early to tell which JavaScript framework is going to win, the risk of picking the wrong JavaScript framework is too big, picking a single framework would cause us to lose users that favor other frameworks, etc. In addition, there were a lot of different preferences for a wide variety of JavaScript frameworks. While I'd have preferred to make a bold move, the community's concerns were valid. Focusing on Drupal's web services instead By May of 2016, after listening to the community, I changed my approach; instead of adding a specific JavaScript framework to Drupal, I decided we should double down on improving Drupal's web service APIs. Instead of being opinionated about what JavaScript framework to use, we would allow people to use their JavaScript framework of choice. I did a deep dive on the state of Drupal's web services in early 2016 and helped define various next steps (post 1, post 2, post 3). I asked a few of the OCTO team members to focus on improving Drupal 8's web services APIs; funded improvements to Drupal core's REST API, as well as JSON API, GraphQL and OpenAPI; supported the creation of Waterwheel projects to help bootstrap an ecosystem of JavaScript front-end integrations; and most recently supported the development of Reservoir, a Drupal distribution for headless Drupal. There is also a lot of innovation[...]



Progress on the Salesforce Suite for D8 and a Call for Participation

Mon, 09 Oct 2017 19:21:51 +0000

The following blog was written by Drupal Association Premium Supporting Partner, Message Agency. After months of work, hundreds of commits, and lots of new thinking, the Salesforce Suite for Drupal 8 is reaching maturity.  There is tremendous interest in these modules, and many enterprises are waiting for this milestone to integrate D8 sites with Salesforce. In an effort to accelerate refinement and adoption of this important contribution, the module’s developers are raising awareness about the release and asking the community to start downloading and contributing. A few months ago at Drupalcon Baltimore, Message Agency announced a release candidate (8.x-3.0-rc1) for the Salesforce Suite in Drupal 8.  This collection of modules supports integration with Salesforce by mapping Drupal entities with standard or custom Salesforce objects and pushing Drupal data to Salesforce as well as pulling Salesforce data into Drupal. Since then, we've continued to expand the Suite and build out critical features. We've also continued to groom the 8.x roadmap, solicit community participation through webinars, and build awareness about how to use the modules. With a solid foundation and full functionality, the Suite is beginning to gain traction and see increasing adoption as projects switch to Drupal 8. What’s new in the Suite? The modules are a complete rewrite of the Suite for Drupal 8, and they fully leverage Drupal core’s object-oriented code patterns.  Message Agency’s senior software engineer, Aaron Bauman, was the original architect of the Suite for 6.x in 2009 and has continued to support this important tool ever since. He took the lead in porting the modules for Drupal 8, based on feedback from the community, clients, and nearly a decade of experience integrating these two powerful platforms. There is much to be excited about in this new version. There have been a number of updates from Drupal 7.x: Queue on failure. There is now an attempt to push synchronization immediately on entity save and enqueue for asynchronous push only on failure. This feature idea is a great compromise between the previous binary sync/async decision point. Test coverage.  Testing 3rd-party web services can be tricky, and requires careful planning and mocking. This Salesforce 8.x release includes test coverage for push and pull operations using mock REST features, allowing for proper regression testing and test-driven development. Push queue overhaul, and cron-based push.  Drupal 7's asynchronous push left a lot to be desired. Lack of error handling made debugging and troubleshooting difficult to impossible. Lack of optimizations burned unnecessary API calls. Both of these limitations were imposed by Drupal Queue API's fundamental nature. In Drupal 7, our options for extending the Queue system were limited. In Drupal 8, we've implemented a Salesforce Push Queue service, building on Drupal core's overhauled Queue API. We've taken the opportunity to normalize queue items, optimize queue operations, and implement error handling and recovery. Objectification of Salesforce resources. Moving in the direction of a proper REST PHP SDK, we now have proper classes for Query Result, SObject, Salesforce ID, various REST Responses, and others. This not only allows for simple type-hinting across other classes, but also gives developers consistent and reliable interfaces, and paves the way for even greater extensibility in the future. Queue settings per mapping. The Suite now allows administrators to assign sync intervals per-mapping, instead of running all sync operations on every cron run. This feature idea will allow administrators to tweak their synchronizations according to business needs, without the need to implement extensive hook-based logic. Several new features for Drupal 8 also have been developed: [...]



An update on projects created for Drupal

Sat, 07 Oct 2017 07:00:00 +0000

About six months ago we made a significant change to the way that modules, themes, and distributions are created on Drupal.org. In the past, contributors had to first create a sandbox project, and then request manual review of their project in the Project Applications issue queue. The benefit of this community-driven moderation process was that modules were vetted for code quality and security issues by a group of volunteers. Project maintainers who completed this process also received the benefit of security advisory coverage from the Security Team for stable releases of their projects. Unfortunately, the rate of project applications outpaced what volunteers could keep up with, and many worthy projects were never promoted to full project status, or moved off of Drupal.org to be hosted elsewhere. To ameliorate this issue, we changed the process so that any confirmed user on Drupal.org may now make full projects. To mitigate the risks of low code quality or security vulnerabilities we added new signals to project pages: including highlighting which release is recommended by the maintainer, displaying recent test results, and indicating whether the project receives security coverage both on the project page and in the composer 'extra' attribute. We're continuing to work on identifying additional signals of project quality that we can include, as well as surfacing some of this information in Drupal core. We also converted the project applications issue queue into a 'request security advisory coverage' issue queue. What we hoped to see We knew this would be a significant change for the project and the community. While many community members were excited to see the gates to contribution opened, others were concerned about security issues and Drupal's reputation for code quality. Our prediction was that the lower barrier to contribution would result in an increase in full projects created on Drupal.org. This would indicate that new contributors or third party technology providers were finding it easier to integrate with Drupal and contribute those integrations back for use by others. At the same time, we also expected to see an increase in the number of full projects that do not receive coverage from the security team. The question was whether this increase would be within an acceptable range, or represent a flood of low quality or insecure modules. The results The table below provides statistics about the full projects created on Drupal.org in the 5 months before March 17th, 2017 - when we opened the creation of full projects to all confirmed users. Full projects created from 2016-10-16 to 2017-03-17… # % of projects created in this period … without stable release 431 55.76% … with stable releases 342 44.24% … with usage >= 50 sites 237 30.66% … with usage >= 50 sites and without stable release 68 8.80% … with usage >= 50 sites and with stable release 169 21.86% … with an open security coverage application* 18 2.33% Sub-total with security coverage 342 44.24% Sub-total without security coverage 431 55.76% Sub-total with security coverage and >=50 usage 169 21.86% Sub-total without security coverage and >= 50 usage 68 8.80% Total 773 * note: full projects that did not have stable releases were not automatically opted in to security coverage when we opened the full project creation gates. … and this table provides statistics about the projects created in the 5 months after we opened the creation of full projects to all confirmed users: Full projects created from 2017-03-17 to 2017-08-16… # Diff % of projects created Diff % … without stable release 851 +420 69.53% +97% … with stable releases 373 +31 30.47% +9% … with u[...]



Drupal 8.4.0 is now available

Wed, 04 Oct 2017 20:20:46 +0000

What's new in Drupal 8.4.0? This new version is an important milestone of stability for Drupal 8. It adds under-the-hood improvements to enable stable releases of key contributed modules for layouts, media, and calendaring. Many other core experimental modules have also become stable in this release, including modules for displaying form errors inline and managing workflows. The release includes several very important fixes for content revision data integrity as well as an update to stop the deletion of orphaned files that was causing data loss for many sites, alongside numerous improvements for site builders and content authors. Download Drupal 8.4.0 Important: If you use Drush to manage Drupal, be sure to update to Drush 8.1.12 or higher before updating Drupal. Updating to Drupal 8.4.0 using Drush 8.1.11 or earlier will fail. (Always test minor version updates carefully before making them live.) Inline Form Errors The Inline Form Errors module provides a summary of any validation errors at the top of a form and places the individual error messages next to the form elements themselves. This helps users understand which entries need to be fixed, and how. Inline Form Errors was provided as an experimental module from Drupal 8.0.0 on, but it is now stable and polished enough for production use. Datetime Range The Datetime Range module provides a field type that allows end dates to support contributed modules like Calendar. This stable release is backwards-compatible with the Drupal 8.3.x experimental version and shares a consistent API with other Datetime fields. Future releases may improve Views support, usability, Datetime Range field validation, and REST support. Layout Discovery API The Layout Discovery module provides an API for modules or themes to register layouts as well as five common layouts. Providing this API in core enables core and contributed layout solutions like Panels and Display Suite to be compatible with each other. This stable release is backwards-compatible with the 8.3.x experimental version and introduces support for per-region attributes. Media API The new core Media module provides an API for reusable media entities and references. It is based on the contributed Media Entity module. Since there is a rich ecosystem of Drupal contributed modules built on Media Entity, the top priority for this release is to provide a stable core API and data model for a smoother transition for these modules. Developers and expert site builders can now add Media as a dependency. Work is underway to provide an update path for existing sites' Media Entity data and to port existing contributed modules to the refined core API. Note that the core Media module is currently marked hidden and will not appear on the 'Extend' (module administration) page. (Enabling a contributed module that depends on the core Media module will also enable Media automatically.) The module will be displayed to site builders normally once once related user experience issues are resolved in a future release. Similarly, the REST API and normalizations for Media are not final and support for decoupled applications will be improved in a future release. Content authoring and site administration experience improvements The "Save and keep (un)published" dropbutton has been replaced with a "Published" checkbox and single "Save" button. The "Save and..." dropbutton was a new design in Drupal 8, but users found it confusing, so we have restored a design that is more similar to the user interface for Drupal 7 and earlier. Both the "Comments" administration page at `/admin/content/comment` and the "Recent log messages" report provided by dblog are now configurable views. This allows site builders to easily customize, replace or clone these screens. Updated mi[...]



State of Drupal presentation (September 2017)

Wed, 27 Sep 2017 14:33:25 +0000

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post. Yesterday, I shared my State of Drupal presentation at DrupalCon Vienna. In addition to sharing my slides, I wanted to provide some more detail on how Drupal is evolving, who Drupal is for, and what I believe we should focus on. Drupal is growing and changing I started my keynote by explaining that Drupal is growing. Over the past year, we've witnessed a rise in community engagement, which has strengthened Drupal 8 adoption. This is supported by the 2017 Drupal Business Survey; after surveying 239 executives from Drupal agencies, we can see that Drupal 8 has become the defacto release for them and that most of the Drupal businesses report to be growing. While the transition from Drupal 7 to Drupal 8 is not complete, Drupal 8's innovation continues to accelerate. We've seen the contributed modules ecosystem mature; in the past year, the number of stable modules has more than doubled. Additionally, there are over 4,000 modules in development. In addition to growth, both the vendor and technology landscapes around Drupal are changing. In my keynote, I noted three primary shifts in the vendor landscape. Single blogs, portfolio sites and brochure sites, which represent the low end of the market, are best served by SaaS tools. On the other side of the spectrum, a majority of enterprise vendors are moving beyond content management into larger marketing suites. Finally, the headless CMS market segment is growing rapidly, with some vendors growing at a rate of 500% year over year. There are also significant changes in the technology landscape surrounding Drupal, as a rising number of Drupal agencies have also started using modern JavaScript technologies. For example, more than 50% of Drupal agencies are also using Node to support the needs of their customers. While evolving vendor and technology landscapes present many opportunities for Drupal, it can also introduce uncertainty. After listening to many people in the Drupal community, it's clear that all these market and technology trends, combined with the long development and adoption cycle of Drupal 8, has left some wondering what this all means for Drupal, and by extension also for them. Drupal is no longer for simple sites Over the past year, I've explained why I believe Drupal is for ambitious digital experiences, in both my DrupalCon Baltimore keynote and on my blog. However, I think it would be valuable to provide more detail on what I mean by "ambitious digital experiences". It's important that we all understand who Drupal is for, because it drives our strategy, which in turn allows us to focus our efforts. Today, I believe that Drupal is no longer for simple sites. Instead, Drupal's sweetspot is sites or digital experiences that require a certain level of customization or flexibility — something I refer to as "richness". Ambitious is much more than just enterprise This distinction is important because I often find that the term "ambitious" becomes conflated with "enterprise". While I agree that Drupal is a great fit for the enterprise, I personally never loved that categorization. It's not just large organizations that use Drupal. Individuals, small startups, universities, museums and nonprofits can be equally ambitious in what they'd like to accomplish and Drupal can be an incredible solution for them. An example of this could be a small business that manages 50 rental properties. While they don't have a lot of traffic (reach), they require integrations with an e-commerce system, a booking system, and a customer support tool to support their business. Their allotted budget is $50,000 or less. This company would not be co[...]



Drupal Business Survey 2017

Mon, 25 Sep 2017 10:02:13 +0000

The Drupal Business Survey 2017 shows that Drupal has a steady position in the market, and Drupal 8 has secured its role as the most popular version for new Drupal projects. Further, Drupal is often becoming part of a larger set of solutions. The Drupal Business Survey is an annual survey that aims to give insights into the key issues that Drupal agency owners and company leaders worldwide face. The survey is an initiative of Exove, One Shoe and the Drupal Association and has been carried out this year for the second time. It covers topics about Drupal business in general, Drupal projects and talent needs. This article summarizes the most important findings along with commentary and insights from a total of 239 respondents. Drupal is growing steadily The Drupal Business Survey gleaned its data for 2017 from 239 respondents in CEO/COO/CTO/founder role (87%), director role (4.6%) or management role (4.6%), working at Drupal companies with a total of 300 offices spread around the globe. The most popular office location (30.1%) was USA. The second most popular with 12.1% was UK, and after that Germany, Netherlands, India, Canada and France. There were respondents from Africa, Asia, Europe, North America, South America and Oceania. Analysis of the data made immediately clear that Drupal is a healthy business: Drupal project pipeline grows For almost half of the respondents (48.5%) the Drupal project pipeline grew within the last year. For 28.9% it stayed roughly the same, and for 22.6% the pipeline shrank. Size of Drupal projects grows For a majority (52.3%) of the respondents the average size of Drupal project deals grew. For about one third (31.4%) the Drupal deal size stayed roughly the same, and for only 16.3% the size of deals shrank. Drupal’s project win rate stays roughly the same Despite the increasing competition in the CMS market, for many (46.4%) of the companies their Drupal project win rate has stayed on the same level over the last year, and about a third (34.7%) have managed to grow their win rate. For less than a fifth of the companies (18.8%) the win rate had decreased. Drupal’s position as a high-demand service platform is steady, especially for projects in the Charities and Non-Profit sector, which is catered to by two thirds (64.9%) of the respondents. Other popular industries that use Drupal are Government & Public Administration (56.1%) and Healthcare & Medicine (49.4%). There are no major differences in industries served by Drupal companies compared to the 2016 survey results.   Choosing Drupal When choosing the right platform, Drupal clients trust the technical provider’s expertise: Drupal is often chosen by the clients as a result of the provider’s recommendation. In some cases the client’s previous experience or familiarity with Drupal is the definitive factor. Besides Drupal being open-source and free of licensing fees, the definitive reasons for choosing Drupal are that Drupal is a reliable and flexible CMS choice with a strong reputation: Without -most often than not- being able to precisely explain the reasons for which they prefer Drupal, those who do, sense that it is a better solution for their business; we shall imagine that this is due to the image of the CMS, which evokes a more robust, and serious CMS than the others. Can do anything. Secure. Choosing the company When Drupal itself is less the dominating factor for the client, other unique aspects are often key factor for clients choosing a supplier, agency, or partner. The respondents mentioned that trust, commitment, quality, level of service, full service proposition, technical expertise, good reputation, and references were important factors for client decision ma[...]



What’s new on Drupal.org? - August 2017

Tue, 19 Sep 2017 16:38:14 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. Announcement TLS 1.0 and 1.1 deprecated Drupal.org uses the Fastly CDN service for content delivery, and Fastly has depreciated support for TLS 1.1, 1.0, and 3DES on the cert we use for Drupal.org, per the mandate by the PCI Security Standards Council. This change took place on 9 Aug 2017. This means that browsers and API clients using the older TLS 1.1 or 1.0 protocols will no longer be supported. Older versions of curl or wget may be affected as well. Almost time for DrupalCon Vienna DrupalCon Vienna is almost here! From September 26-29 you can join us for keynotes, sessions, and sprinting. Most of the Drupal Association engineering team will be on site, and we'll be hosting a panel discussion about recent updates to Drupal.org, and our plans for the future. We hope to see you there! Drupal.org updates 8.4.0 Alpha/Beta/Release Candidate 1 On August 3rd, Drupal 8.4.0 received its alpha release, followed on the 17th by a beta release, and on September 6th by the first release candidate. Several new stable API modules are now included in core for everything from workflow management to media management. Core maintainers hope to reach a stable release of Drupal 8.4 soon. Improvements to Project Pages We made a number of improvements to project pages in August, one of which was to clean up the 'Project information' section and add new iconography to make signals about project quality more clear to site builders. In the same vein, we've also improved the download table for contrib projects, by making it more clear which releases are recommended by the maintainer, providing pre-release information for minor versions, and displaying recent test results. Metadata about security coverage available to Composer Developers who build Drupal sites using Composer may miss some of the project quality indicators from project pages on Drupal.org. Because of this, we now include information about whether a project receives security advisory coverage in the Composer 'extra' attribute. By including this information in the composer json for each project, we hope to make it easier for developers using Composer to ensure they are only using modules with security advisory coverage. This information is also accessible for developers who may want to make additional tools for managing composer packages. Automatic issue credit for committers Just about the last step in resolving any code-related issue is for a project maintainer to commit the changes. To make sure these maintainers are credited for the work they do to review these code changes, we now automatically add issue credit for committers. Performance Improvements for Events.Drupal.org With DrupalCon coming up in September we spent a little bit of time tuning the performance of Events.Drupal.org. We managed to resolve a session management bug that was the root cause of a significant slow down, so now the site is performing much better. Syncing your DrupalCon schedule to your calendar A long requested feature for our DrupalCon websites has been the ability to sync a user's personal schedule to a calendar service. In August we released an initial implementation of this feature, and we're working on updating it in September to support ongoing syncing - stay tuned! Membership CTA on Download and Extend We've added a call to action for new members on the Drupal.org Download and Extend page, which highlights some great words and faces from the community. Membership contributions are a crucial part of funding Drupal.org and DrupalCon, but much the majority of tra[...]



Drupal Association Board Meeting Announcement

Mon, 11 Sep 2017 20:39:50 +0000

The Drupal Association Board of Directors will meet twice during DrupalCon Vienna. They have a board retreat the weekend before the conference and there is  an open board meeting during DrupalCon for the community to attend. Below are details about each meeting.

Board Retreat

During a retreat, the board and the Executive Director meet in an extended executive session to plan and discuss the strategy for the Drupal Association. Normally, the retreat lasts two days and non-board members including staff are invited to participate in presentations and discussions on specific topics.

However for the upcoming retreat in Vienna, we will be exploring a holistic view of the strategy for Drupal and are structuring the retreat differently to accommodate this expanded conversation.

Open Board Meeting

The board will meet again during DrupalCon Vienna on Wednesday, 27 September  from 11:45 - 13:00 in the convention center Business Suite 3-4. This is open to the community and lunch will be served to all who attend. You can also attend remotely via Zoom. See the dial in information below.

The agenda for this meeting includes:

  • Vote to approve last board meeting minutes

  • Executive Update

  • Drupal.org Update

  • DrupalCon Europe Update

  • Community Governance update from the CWG

  • Community Q&A

  • Celebrate departing board members

Those dialing into the meeting can join zoom by registering here: https://zoom.us/webinar/register/1b63252cf48650c9d746f627e8486654

Or join by phone (see link for # by country):

https://zoom.us/zoomconference?m=ZTp9iSy-nW5sqyKJKRfhbTbxDueqU9W   

Webinar ID: 460 900 173




Drupal 8.4.0-rc1 is available for testing

Thu, 07 Sep 2017 12:47:04 +0000

The first release candidate for the upcoming Drupal 8.4.0 release is now available for testing. Drupal 8.4.0 is expected to be released October 4.

8.4.x includes new stable modules for storing date and time ranges, display form errors inline and manage workflows. New stable API modules for discovering layout definitions and media management are also included. The media API module is new in core, all other new stable modules were formerly experimental. The release also includes several important fixes for content revision data integrity, orphan file management and configuration data ordering among other things. You can read a detailed list of improvements in the announcements of alpha1 and beta1.

What does this mean to me?

For Drupal 8 site owners

The final bugfix release of 8.3.x has been released. A final security release window for 8.3.x is scheduled for September 20, but 8.3.x will receive no further releases following 8.4.0, and sites should prepare to update from 8.3.x to 8.4.x in order to continue getting bug and security fixes. Use update.php to update your 8.3.x sites to the 8.4.x series, just as you would to update from (e.g.) 8.3.4 to 8.3.5. You can use this release candidate to test the update. (Always back up your data before updating sites, and do not test updates in production.)

For module and theme authors

Drupal 8.4.x is backwards-compatible with 8.3.x. However, it does include internal API changes and API changes to experimental modules, so some minor updates may be required. Review the change records for 8.4.x, and test modules and themes with the release candidate now.

For translators

Some text changes were made since Drupal 8.3.0. Localize.drupal.org automatically offers these new and modified strings for translation. Strings are frozen with the release candidate, so translators can now update translations.

For core developers

All outstanding issues filed against 8.3.x were automatically migrated to 8.4.x. Future bug reports should be targeted against the 8.4.x branch. 8.5.x will remain open for new development during the 8.4.x release candidate phase. For more information, see the release candidate phase announcement.

Your bug reports help make Drupal better!

Release candidates are a chance to identify bugs for the upcoming release, so help us by searching the issue queue for any bugs you find, and filing a new issue if your bug has not been reported yet.




Kickstarting the Drupal Community Spotlight

Thu, 31 Aug 2017 15:23:21 +0000

Let's face it, it's been a crappy year in many ways. Internally and externally there are pressures that have made all of us think "what's the point?"

Instead of a world where we build and move forward together there is conflict, uncertainty, and so many why moments. From the macro to the micro, communities and ecosystems are struggling. The ideals of open source software often feel exploited, and the feeling of wonderment and discovery as we build together has been cast aside to something that feels very much like... well, work.

Drupal has not been immune. Like I need to tell you that.

For those of us that are optimists, and change makers, and idealists, and believers, nothing hits home the impact of our work than stories about how we use this code called Drupal to create impact. I think the world needs a little of that right now.

So, we have a team, we have energy and we are ready to shine the crap out of the brilliance of the people behind, in front, and to the side of Drupal.

I for one am looking forward to us injecting so much positivity into this community that even the chronic eye rollers won’t be able to help but give a slight smile.

(image)

A highlight of DrupalCon: the live code commit! Photo by Michael Cannon

The first thing we are working on is getting a way to start collecting stories. We might use a form. Or we might build an entire website. Just coz we can. So how about y’all give me a *whoop* *whoop* and start thinking about helping the Drupal Spotlight Committee unlock stories of Drupal impact from across the globe. It’s going to be fun.




Help us Celebrate Community Heroes. Join the Community Spotlight Committee

Thu, 17 Aug 2017 14:23:39 +0000

TL:DR; Our community is full of amazing people. Let’s celebrate them. Join the Community Spotlight committee to review community-nominated heroes so we can recognize and celebrate those who have contributed to Drupal in special ways.

+++++++++++++

Drupal is a single expression of collaboration amongst thousands of people from around the world who are passionate, smart, and caring. They donate countless hours, moving the project forward by contributing code, mentoring new contributors, writing documentation, organizing camps, sharing knowledge, and so much more. These selfless acts are Drupal’s lifeblood and deserve being celebrated and appreciated.

It’s clear from a recent #drupalthanks twitter-fest that our community is eager to show their appreciation for each other. That is why, the Drupal Association, with the help of Lyndsey Jackson,  is re-launching Community Spotlight, a program that highlights community-nominated heroes who have contributed to the project in a special way. This program went on hold last year when the Drupal Association downsized, making the organization more sustainable. Lyndsey offered to bring the program back by forming a committee who will select nominees to be highlighted on Drupal.org and through Drupal Association communication channels.

The Drupal Association is thankful for Lyndsey’s passion for celebrating the community and for making time to bring Community Highlights back. Lyndsey has a great vision for the program. In her own words, she says: "We want the Community Spotlight to represent a shared story or an experience that will resonate and connect with where the community and the project is at that point in time. We want to highlight the depth of experience that exists, and the evolving potential through emerging leaders and new energy"

Will you join the Community Spotlight Committee?

Lyndsey is creating a Community Spotlight committee to drive this important program forward. It will consist of 3-5 people with diverse backgrounds. They will review the community-nomination forms and pick who we will celebrate. They will also help convert the nomination form into a blog post, which the Drupal Association will promote.  The monthly time commitment would be about 2-4 hours. This group also has the autonomy to evolve the program. I’m sure there are many ways we can improve how we celebrate our community.

To join this committee, please complete this form




Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004

Wed, 16 Aug 2017 16:38:37 +0000

Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities. Download Drupal 8.3.7 Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release. Advisory ID: DRUPAL-SA-CORE-2017-004 Project: Drupal core Version: 8.x Date: 2017-Aug-16 Security risk: 15/25 ( Critical) AC:None/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Multiple vulnerabilities Description Views - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6923 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them. REST API can bypass comment approval - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6924 When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments. Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - Drupal 8 - CVE-2017-6925 There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity. Versions affected Drupal core 8.x versions prior to 8.3.7 Solution Install the latest version: If you use Drupal 8.x, upgrade to Drupal core 8.3.7 Drupal 7 core is not affected, however, Drupal 7 Views is: see Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068 Also see the Drupal core project page. Reported by Views - Access Bypass Maxim Podorov REST API can bypass comment approval - Access Bypass Arshad Entity access bypass for entities that do not have UUIDs or protected revisions - Access Bypass Miles Worthington Fixed by Views - Access Bypass Klaus Purer Daniel Wehner Michael Hess of the Drupal Security Team Len Swaneveld Wim Leers REST API can bypass comment approval - Access Bypass Daniel Wehner Arshad Lee Rowlands of the Drupal Security Team Wim Leers Sascha Grossenbacher Entity access bypass for entities that do not have UUIDs or protected revisions - Access Bypass Andrei Mateescu Peter Wolanin of the Drupal Security Team Matthew Donadio xjm of the Drupal Security Team Sascha Grossenbacher Contact and More Information The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact. Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site. Follow the Drupal Security Team on Twit[...]



What’s new on Drupal.org? - July 2017

Thu, 03 Aug 2017 19:41:07 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. Drupal.org updates Better Distribution packaging Distributions are a cornerstone of Drupal, giving site-builders a head start by packaging together proven modules and themes from contrib to build a Drupal site to purpose. In July we spent some time improving the functionality for packaging distributions on Drupal.org, by updating Drupal.org's packaging system to use Drush 8. This resolves several issues: Distributions may now use features from version 8 of Drush. Package manifest details are now properly displayed for all distributions. Distributions no longer need to nest contrib projects. We hope that these changes will help distribution maintainers reCAPTCHA One of the key tools we use to prevent spam on Drupal.org is Mollom, which will reach end of life next year. To replace it, we've implemented reCAPTCHA on Drupal.org, and updated our privacy policy accordingly. We have not yet disabled Mollom, because Mollom is a content analysis tool in addition to a captcha tool. Because reCAPTCHA does not duplicate that content analysis functionality we'll be monitoring spam attack patterns on Drupal.org to see whether reCAPTCHA will be a sufficient as a standalone replacement. Easier addition of new documentation guides and pages It's hard to believe that the new documentation system has been in use for almost a year. We've made a number of improvements after the initial release to improve usability for both contributors and maintainers of documentation, and to encourage project maintainers to migrate their docs. One piece of feedback we've heard several times is that the 'add content' links the sidebar of a documentation guide were too difficult to find. To make it easier for documentation contributors to add new sub-guides and pages, we've added a new page link to the 'Edit' menu of documentation guides. Webmasters and documentation moderators can administer all docs Finding maintainers for the over 12,000 pages of documentation on Drupal.org continues to be a challenge, and so we've given all users with the Webmaster and Documentation Moderator role the ability to administer any documentation guide. This will expand the pool of users who can help to manage documentation and manage documentation maintainers. Good documentation for a project with Drupal's scale is a community-driven effort and we're incredibly thankful for all the volunteers who contribute. Any confirmed user may claim unmaintained documentation guides We also now allow any unmaintained guide to be claimed by any confirmed user—automatically adding them as the maintainer for that guide. This should make it much easier for new contributors to take up the mantle of maintaining sections of documentation on Drupal.org. Learn more about maintaining documentation by reading our content guidelines. For evaluators Updated industry page call to action The Drupal.org industry pages are a new experiment for the Drupal Association this year, with a goal of reaching out to Drupal evaluators in specific markets. The success stories we showcase on these pages demonstrate the power of Drupal in these industries, but we also want these pages to be an opportunity to connect evaluators with experts who can help them achieve their goals with Drupal. To enhance our efforts to connect Drupal evaluators to experts in their industry - we've added an additional call to action at the t[...]



What’s new on Drupal.org? - June 2017

Tue, 18 Jul 2017 15:46:17 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. Drupal.org updates Healthcare industry page launched One of our major goals this year is to highlight the power of Drupal in key industries. The Drupal.org industry pages highlight the story of building a custom-tailored solution for each industry using third-party integrations, expert hosting, or even purpose built distributions for the industry. Each page also highlights case studies which show demonstrated success stories using Drupal in each industry. In June we've launched our latest industry page, highlighting the Healthcare industry. Semantic Labels for Development Branches With a six month release cycle for Drupal core, the environment that project maintainers should test their code against will change fairly frequently. To make it easier for maintainers to keep up to date with testing - we've introduced semantic labels for the core branches. Maintainers can now configure tests against Default — the current development branch of Drupal, Stable — the most recent release of core, and Supported — the current patch/bug-fix branch. These semantic labels should make it easier for project maintainers to manage testing. We hope to expand on this with a few more labels, and may even extend these semantic labels to the version field that issues are filed against in the future. UTF8MB4 support As mentioned in last month's update, we've updated the Drupal.org and the sub-sites to support the UTF8MB4 extended character set. While the changes for the sub-sites were deployed in May, we finished up by adding support to Drupal.org itself in June. Among other things, this means that Drupal.org will no longer throw errors if emoji are used in content. 😄 Updating our membership CRM Drupal Association Membership is managed using the CiviCRM platform - and in June we spent a bit of time updating to the latest version and troubleshooting some issues around receipting and renewals. Members can check their current membership status on the membership page. If you're not yet a member or you need to renew, check out our membership certificate offer. Performance improvements To increase performance on Drupal.org we've updated to the latest version of the Advanced Aggregator module (special thanks to u/mikeytown2). The latest updated includes aggregation of font from the Google fonts api, which should make a material difference in Drupal.org page render times. Better spam moderation tools A recent surge of spam attacks targeting Drupal.org has lead us to take another pass at updating our spam moderation tools. Spammers continue with a never ending escalation of tactics, and so we are constantly evolving our tools for managing spam. We've implemented some rate limiting protections as well as some new moderation views that will make it easier for us to bulk moderate spam. We'll be continuing with some of this work into July so that we can keep Drupal.org's home free from spam and productive. Infrastructure Infrastructure partner selected In March we kicked off an RFP process to find a Managed Infrastructure Services vendor to partner with us to help maintain and improve the Drupal.org infrastructure. In June we reached a decision and have selected Tag1 Consulting as our partner. We're now working with Tag1 to audit our current infrastructure, policies, as well as monitoring and alerting systems as we kick off this[...]



Take the Survey on the Community Governance Summit

Tue, 18 Jul 2017 13:28:39 +0000

I recently shared the community needs and potential strategies for evolving community governance, which resulted from the Community Discussions we held in person and online throughout April and May. You can find the webinar recording and written transcript, as well as the meeting minutes from all Community Discussions, at https://www.drupal.org/community/discussions.

Many community members who participated in these discussions agreed that the next step to take in this process is to hold a Community Governance Summit. However, we are not yet clear on where and when this event should take place, who should participate, and several other important details. I worked with community members to develop this survey so we can answer those questions.

Please take 5 minutes to take this community survey and tell us your thoughts about the Community Governance Summit. This survey will remain open until 11:59pm EDT on July 28, 2017. We will analyze the findings and report back on what we learned in a follow-up blog post by Friday, August 4.

Thank you for your time and participation.




Drupal Association Board Meeting Summary - 28 June, 2017

Sat, 15 Jul 2017 19:09:18 +0000

On 28 June, 2017, the Drupal Association Board held the second of four annual public meetings. It was a full meeting where staff provided operational updates and gained some strategic direction from board members on how to proceed in various areas. Some highlights included:

  • Summary of DrupalCon Baltimore’s performance and impact.

  • Progress on securing future DrupalCon locations.

  • Discussion on how to unblock community outreach efforts by making appropriate changes to the Drupal.org privacy policy

  • An update on the Drupal.org infrastructure RFP that was recently awarded to Tag1.

Whitney Hess also attended the board meeting to give an update on the Community Discussion work and invited the community to attend her webinar that shared her findings and next steps. You can learn more and watch the recorded webinar here.

Also, Jamie Nau, our “virtual CFO” from Summit CPA attended the meeting to review April 2017 financial statements, which showed that DrupalCon Baltimore exceeded expectations, positioning the Drupal Association for a healthier year, financially. This is encouraging news as we work through our financial turnaround, which started a year ago.

In an effort to be more transparent about board activities, the board chose to use this public forum to vote to approve the January through April 2017 financial statements. April 2017 financial statements showed that April was a successful month primarily due to DrupalCon Baltimore's strong financial performance. 

You can find the meeting minutes and board materials here

We were pleased to have community members attend and invite you to attend our next board meeting on 27 September, 2017 at noon CEST. It is located in the DrupalCon Vienna convention center and can also be attended via zoom.  




How you can help during our membership campaign

Tue, 11 Jul 2017 20:47:41 +0000

Join in the fun during the Drupal Association membership campaign happening now through August 4. We're providing personalized certificates of membership to individual and organization members who join or renew during the campaign and we need your help spreading the word. The campaign has two goals: help us deliver 500 certificates and raise $18,250 during July 10-August 4. By sharing and encouraging Drupal users and people in the community to join us, you'll help us meet these goals. If we are told by 5 or more members that you referred them to us during this campaign, we'll thank you on social media. Grab words and graphics from this post and share away. If you are a member who would like your own certificate let us know and we'll send one your way. Post your selfie or hang your certificate on the wall. Thanks for sharing! Social Share why you are a member. Share Tweet Graphics Use these with https://www.drupal.org/association/campaign/certificate-2017 300 x 250px 440 x 220px (good for Twitter) 300 x 140px Thank you for supporting the Drupal Association and for being part of our community.File attachments:  mem_campaign_2017_q3_300x140.jpg mem_campaign_2017_q3_300x250.jpg mem_campaign_2017_q3_twitter_1.jpg[...]



Now Available: The Community Discussions Webinar Recording

Thu, 06 Jul 2017 23:09:10 +0000

Last week, we shared the high-level findings from our recent Community Discussions. Today, Whitney Hess hosted a webinar to explain those findings in depth, along with proposals from the community on how to evolve community governance.

We encourage you to watch the video and post your questions in the comment section here. If you have comments but wish to remain private, Whitney asks you to email her directly at whitney@whitneyhess.com.

You can find the transcript here.




Community Discussions Findings and Webinar

Wed, 28 Jun 2017 15:46:51 +0000

Over the last few years, many of us have seen the need to evolve community governance. Up until now, we had to focus on other priorities, but now is the time to address our needs for community governance especially in light of recent community events. Our project has matured greatly and participation has expanded from developers and site builders to also include more content editors, designers, and marketing managers who work not only as freelancers or at Drupal shops, but also for large digital agencies or system integrators. We want all community members to be included in these community discussions so the redefined community governance serves everyone. This is an exciting time to create an even healthier future for our ever-growing community. The Drupal Association is committed to staying in a support role as the community determines how to best evolve community governance to support everyone’s needs. We started helping by hosting Community Discussions that were mediated by Whitney Hess. There were 7 sessions at DrupalCon Baltimore and 7 virtual sessions between April and May. You can find the meeting minutes here. The Community Discussions surfaced several common needs and identified several strategies for addressing those needs. The most commonly shared needs of the community are (in order of frequency): Awareness Participation Transparency Clarity Contribution Healing Trust Understanding Communication Connection Empowerment Process Progress Strategies to address those needs ranged from clarifying the responsibilities and boundaries of the leadership roles throughout the Drupal project, determining how and where to communicate community decisions, improving processes for community management, and providing easier access to documentation about leadership roles and clearly communicating what is expected of Drupal community members. In terms of next steps, the participants were in agreement that we need to come together in a Governance Summit to start architecting improvements to today’s governance structure. However, the community did not define the best way to hold this meeting. It is still unclear when and where it should be, and who should participate and facilitate. We will send out a community survey next to get input from you to answer these questions. Attend The Webinar We invite to you attend a webinar on July 6 at 11 am ET / 1600 BST / 8:30 pm IST hosted by Whitney Hess. Whitney will review the findings from our Community Discussions in more detail. We will record the video and share it with you afterwards, along with a written transcript. Dial in details are below: Video:    https://zoom.us/j/589988397 Or Telephone:    Dial: +1 646 558 8656 (US Toll) or +1 408 638 0968 (US Toll)    Meeting ID: 589 988 397    International numbers available:        https://zoom.us/zoomconference?m=KQN5xFuem0PrbwaqFQC3HJyEWuwQ7QHT Thank you for your patience and participation as we tackle these big questions and move forward together as a stronger community.[...]



Calling all Drupal Agency Leaders: Participate in the 2017 Drupal Business Survey

Mon, 26 Jun 2017 14:06:29 +0000

Surrounding Drupal is a thriving global business ecosystem and thanks to collaboration with One Shoe and Exove, we’ve created an annual survey that gives insight into its health, focus, and needs. Businesses benefit by learning from their peers and seeing Drupal’s business trends. This survey also helps the Drupal Association find new ways to help support this community. Analysis of the 2016 edition of the survey can be found here.

We encourage all business leaders to take this year’s Drupal Business Survey.  

The survey aims to provide a picture of the current Drupal Business landscape, including the health of Drupal companies, obstacles and enablers for Drupal’s business success and D8 adoption.

Participation is completely anonymous and takes fewer than 10 minutes. The first results will be presented at the Drupal CEO Dinner at DrupalCon Vienna on Wednesday, September 27th, 2017. Analysis and insights will officially be published on Drupal.org and in Drupal Watchdog Magazine.

Participate!

You can participate anytime now until July 19th, 2017.

The survey can be accessed here.




Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-003

Wed, 21 Jun 2017 17:44:54 +0000

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities. Download Drupal 8.3.4 Download Drupal 7.56 Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release. Advisory ID: DRUPAL-SA-CORE-2017-003 Project: Drupal core Version: 7.x, 8.x Date: 2017-June-21 Multiple vulnerabilities Description PECL YAML parser unsafe object handling - Critical - Drupal 8 - CVE-2017-6920 PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution. File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921 The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource. Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922 Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system. Versions affected Drupal core 7.x versions prior to 7.56 Drupal core 8.x versions prior to 8.3.4 Solution Install the latest version: If you use Drupal 7.x, upgrade to Drupal core 7.56 If you use Drupal 8.x, upgrade to Drupal core 8.3.4 Also see the Drupal core project page. Reported by PECL YAML parser unsafe object handling Heine Deelstra of the Drupal Security team File REST resource does not properly validate Samuel Mortenson Files uploaded by anonymous users into a private file system can be accessed by other anonymous users Greg Knaddison of the Drupal Security team Mori Sugimoto of the Drupal Security team iancawthorne Fixed by PECL YAML parser unsafe object handling xjm of the Drupal Security team Alex Pott of the Drupal Security team Peter Wolanin of the Drupal Security team File REST resource does not properly validate Samuel Mortenson Wim Leers Alex Pott of the Drupal Security team xjm of the Drupal Security team Sascha Grossenbacher Files uploaded by anonymous users into a private file system can be accessed by other anonymous users David R[...]



What’s new on Drupal.org? - May 2017

Tue, 20 Jun 2017 19:37:54 +0000

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community. After returning from DrupalCon Baltimore at the end of April, we spent May regrouping and focusing on spring cleaning tasks. It's important for any technical team to spend time on stability and maintenance, and we used May to find improvements in these areas and look for some other efficiencies. Drupal.org updates 🎉 UTF8MB4 Support Support for the UTF8MB4 character set has been a long outstanding issue for Drupal.org and the sub-sites. This expanded character set supports supplementary characters outside of the basic unicode multilingual character plane, including symbols and emoji. Previously the use of any of these characters on Drupal.org would result in an error. This extended support has been rolled out to Drupal.org and all of the sub-sites except Groups, our legacy Drupal 6 site on LTS. Protecting Localize.Drupal.org from Spam After a spike in spam form submissions was reported (thanks Gábor!) we enabled form protection on Localize.drupal.org. Hopefully this will keep our many translation volunteers focused on the hard work of localizing Drupal, instead of on spam fighting. The techniques that spammers use to bypass protections continue to escalate, so we'll be continuing to evaluate new ways to fight spam as time goes on. Infrastructure Stability and Maintenance We spent a portion of our time in May focused on some basic infrastructure issues. One of the Drupal.org production webnodes experienced a filesystem and networking issue and had to be removed from the rotation. We performed some forensics to identify the cause of the issue, and then rebuilt the virtual machine and put it back into rotation. We also spent some time updating the remote access configuration with our data center, to make remote troubleshooting easier and more efficient for our internal team. Finally, we performed an audit and inventory of our owned hardware. This helped us to identify underutilized resources that we could re-purpose, and will help us more quickly on-board our new managed infrastructure services partner at the conclusion of our RFP process. Infrastructure RFP The deadline for responses to our Managed Infrastructure Services RFP was Monday May 8th. Once we'd received proposals from all participating vendors, we began our process to review those proposals internally and schedule interviews with the vendors. As we move into June this RFP process is wrapping up, and we will be announcing the results of the RFP soon. DrupalCI General Updates One of the primary features of DrupalCI is that it allows developers to test against a variety of environments. To make sure that we're more easily able to keep up with the latest PHP patch releases (e.g: 7.0.x/7.1.x/5.6.x), the PHP environment containers are now rebuilt nightly. Coding standards test results were added in April, and to make it easier for developers to see where the code standards issues appear within the code base, we're now linking the standards results to CGIT. More efficient test result saving Since we began parsing DrupalCI test results onto Drupal.org we pretty rapidly reached more than 100,000,000 database rows of test results, tak[...]