Free HTML TemplatesFlash TemplatesFree WordPress ThemesFree Drupal ThemesFree e107 ThemesFree Joomla TemplatesFree XOOPS ThemesphpBB StylesFree SMF ThemesMagento ThemesOpenCart ThemesosCommerce TemplatesPrestaShop TemplatesVirtueMart TemplatesZen Cart TemplatesTumblr Themes
Website Templates | Free Website Templates | Webmaster Tools | Coupons | Blog | News | Reviews | Tutorials | Login

Drupal News

Drupal 7.27 and 6.31 released

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues

  • This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.
  • (Drupal 7 only) This release caused a JavaScript error which breaks Ajax requests in very old browsers (for example, Internet Explorer 8 and earlier). A fix is available in this issue and will be included in the next bug fix release of Drupal core. Sites which need the fix sooner can apply the patch from that issue to their Drupal 7.27 sites.
Front page news: 
Drupal version: 

Read more...

Posted April 16, 2014 | 12:59 pm

Drupal.org Response to Heartbleed Security Incident

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Read more...

Posted April 8, 2014 | 3:36 pm

Community Spotlight: Lee Rowlands (larowlan)

Lee RowlandsSince joining Drupal.org in 2007, Lee Rowlands (larowlan) has been an important contributor to the Drupal project. A major core contributor and Drupal 8 advocate, Rowlands has become a well-recognized and celebrated member of the Drupal community.

Rowlands is an important Drupal figure in Australia, and has spoken at DrupalCamp Brisbane 2010, Drupal Downunder Melbourne 2012, DrupalCon Sydney 2013 and Drupal South Wellington 2014. An occasional mentor during Drupal Office Hours in the Australian timezone (GMT+10), Rowlands is also a well-recognized figure in the international Drupal community for his involvement with core and his contributions to a huge variety of projects on Drupal.org.

How did you get involved with Drupal?

Jim Morrison and a naked native american came to me in a dream and told me it was my destiny. Just kidding. I started up my own IT consulting business and I'd built a couple of Drupal 5 sites.

The third site I built needed some tricky mapping functionality. This was in Drupal 5 and the site was for a locally owned fishing tackle franchise. Their point of difference with the big national chain-store was local knowledge. So they had this great idea to create a series of online fishing maps for local regions, each featuring points of interest for that region. Each point of interest had a marker icon based on its type, eg there were boat ramps, fishing spots etc. Each marker had a popup with an image and some text. The kind of thing you can build on your own with Google Maps now, but back then - it was a fairly new concept.

At the time gmap module was the go-to mapping option (Drupal 5) but it didn't support the image/marker/description functionality. So I wrote a patch to allow wiring up a content-type with gmap functionality to do so. And in order to post the patch, I had to sign up for a Drupal.org account. So that was my first comment on Drupal.org, a sizeable patch!

Not long after that I pitched the idea of a website to a local motel that had just had a renovation. At this stage Drupal 6 was out and the go-to ecommerce solution was Ubercart. My pitch included online-reservations so I worked with Will Vincent to round out a hotel-booking solution for Ubercart. That's how I got my CVS access on Drupal.org.

Contributing my code back to Drupal.org opened my consulting business up to the world. Up until that point most of my work had been for local businesses. Once I had a project on Drupal.org I started receiving work offers via my Drupal.org project page, mostly for adding new pieces of functionality.

I continued building sites and I always ensured that I had contract provisions to open-source any generic modules that the project needed. Over time I ended up with more than 30 contrib projects on Drupal.org, all with varying degrees of maintenance. Each of these kept resulting in work referrals and I kept expanding my skillset and client-base.

Then Drupal 7 came out and it felt like I had to start learning all over again. I had a long car-trip coming up so I downloaded the mega 'Upgrading 6.x modules to 7.x' thread from Drupal.org and spent about three hours taking in all the changes. As soon as I had net access, I subscribed to the Drupal core issues RSS feed. At this stage my motivation was just to keep across changes happening in core, but after a while I started seeing issues posted that I realised I could fix/work on. So I started commenting and posting the odd patch.

Not long after an epic thread was posted by @sun in the issue queue titled 'Make core maintainable' (https://drupal.org/node/1255674), basically it was proposing that if we didn't get more hands on deck in core, the only way forward was to start dropping unmaintained modules. I jumped into irc and put my hand up to maintain forum, one of the modules on the chopping block. I had a conversation with @chx who later remarked 'yesterday I saw a guy on IRC who was contemplating on taking the forum module maintainer hat' (http://www.drupal4hu.com/node/303).

So from there I took a more active role in core contribution. Those threads are a great read, even today, as they indicates the level of frustration that core developers were experiencing in the first six months of Drupal 7's release.

What do you do with Drupal these days?

I build sites for some of Australia's largest government, education, media and non-profit organisations with one of Australia's most respected Drupal Agencies, PreviousNext. It's a great team and I get to work on interesting projects.

After all this time I still enjoy working with Drupal. Sometimes people lament Drupal's ease of site-building, likening it to 'golden handcuffs', but that's where contributing to core and contrib help. If you find yourself stuck in a 'click-monkey' rut, contributing code lets you flex your 'code-monkey' muscles.

You’re involved with quite a variety of projects in the Drupal community - can you describe some of the things you do and why you like them?

I particularly like working on Drupal core because it helps me keep abreast of upcoming changes. I don't have a CS education, I have degrees in mathematics and engineering, and I've been quoted before saying I got my CS education in the Drupal issue queues. As a contributor you are incredibly lucky to have your work constructively reviewed by some of the world's best programmers. Every time someone makes a suggestion on your patch, you learn a little more. I've learnt so many programming concepts from reviewing other's code and having my code reviewed by others. Particularly during the Drupal 8 cycle, where we've effectively rewritten Drupal in a new language - PHP 5.3.

What’s the coolest project you’ve worked on?

Its not live anymore unfortunately but I worked on sendmypostcards.com which was a Drupal 6 site with Ubercart where you could create your own postcards and pay to have them printed. You could use your Facebook photo-galleries, Flickr account or upload your own files. The designer/editor was built with jQuery and the site used batch-jobs to generate 300dpi print-ready PDFs. It was a challenging project but it did end up spawning a number of contrib modules including Image Cache External which allows you to generate derivatives of remote images. Unfortunately the site didn't last, but I did get a couple of Christmas cards printed and sent to my office. It was great to have something tangible, I still have them mounted on my office wall.

What changes do you hope will come in Drupal 8?

I'm disappointed we didn't get a layout builder in core but I'm excited by the opportunities for it to develop and mature in the contrib ecosystem. Some of the work done as part of the Scotch Initiative by @sdboyer and @eclipsegc was pretty awesome. @sdboyer stepped me through the 'Princess' branch (the name was a dare) at the stage when it was fairly functional and the possibilities it opened up were pretty awesome. Hopefully that work will be leveraged for what becomes of panels/page manager in Drupal 8.

What is your favorite part about the Drupal community?

Getting to work with insanely intelligent and brilliant people. There are so many awesome people working with and on Drupal every day who are always willing to share their experiences and knowledge.

Tell us a little about your background or things that interest you outside Drupal?

I live in Central Queensland at the Southern tip of Australia's Great Barrier Reef. We have three World Heritage listed destinations all within our reach - the reef, Fraser Island and Mon Repos Turtle Rookery, where you can watch Marine turtles lay their eggs or the hatchlings make their way into the world. The climate is great, the cost of living is low and the people are some of the friendliest in the world. I get to work out of an office with two great Drupal devs who also work for PreviousNext, @nick_schuch and @grom385. Its a great lifestyle, our office is right on the beach.

Outside Drupal I'm passionate about family, with two school aged children and I've been married for 15 years. I'm lucky that Drupal gave me an income while my children were pre-school aged and when they went off to school I was able to turn this into a career.

Drupal version: 

Read more...

Posted March 14, 2014 | 7:45 am

Joining The Day We Fight Back

Free Software is not just about saving money. It's not just about sharing for sharing's sake. Free Software, at its core, is about empowering people. It is about ensuring that everyone has ultimate control over their own electronic lives, because the software that runs their electronic lives is under their control and not someone else's.

How do you know your computer is doing what you tell it to, and not someone else? How do you know your phone is only recording what you tell it to record? How do you know your files are only being read by you? How do you know your refrigerator isn't reporting on your diet to someone else?

The only way to be sure is to have the source code so that you or someone you trust can verify that it is doing only what you tell it to and your electronic tools are not secretly acting for someone else. Free Software is all about ensuring an individual's personal digital sovereignty, free from unwanted or secret invasion from anyone -- other people, corporations, or governments.

The entire point of sharing source code is so that individual people and organizations can ultimately have control over their own equipment, information, and digital lives. In many ways it is about privacy: The security to know that your data is accessible to you, and your computer is used by you, and only you, unless you decide otherwise.

Recent revelations, however, have shown that people's digital sovereignty is under even more attack than before. Both the American and British governments have been found violating the digital privacy of millions of people in their own countries and around the world. That is exactly the sort of attack on individual digital sovereignty that Free Software was created to combat.

As a leading Free Software project, the Drupal Community opposes such privacy invasions. We believe it is our ethical duty to stand with The Day We Fight Back and others who oppose such violations of individual digital sovereignty. We encourage all people, all over the world, to take a stand for digital freedom. If you are in the United States you can use the banner at the bottom of this page to locate and contact your Congressional representatives and tell them to oppose further infringement of individual privacy rights and to force the NSA and similar agencies to obey the law in both letter and spirit.

Read more...

Posted February 10, 2014 | 3:20 pm

Drupal 7.26 and 6.30 released

Update: Drupal 7.27 and Drupal 6.31 are now available.

Drupal 7.26 and Drupal 6.30, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.26 and Drupal 6.30 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.26 is a security release only. For more details, see the 7.26 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.30 is a security release only. For more details, see the 6.30 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.26 and 6.30 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.26 or Drupal 6.30.

Known issues

(Drupal 7 only) On sites with a very large number of unpublished nodes in the database, the Taxonomy module update function introduced in this release may take a very long time to run and consume an excessive amount of memory. A fix is available in this issue and will be included in the next bug fix release of Drupal core. Sites which need the fix sooner can apply the patch from that issue to their Drupal 7.26 sites.

Front page news: 
Drupal version: 

Read more...

Posted January 15, 2014 | 11:59 am

Predictions for 2014

4877. That is where the tradition within the Drupal community of making predictions for the year ahead with regards to our software, our community and broader, the web, started. Node 4877, written at the end of the year 2003. We have come a long way since then.

This year we would like to know what you think the year ahead will bring for Drupal and, as a bonus, we would like to know what was the best prediction you found in the past. Where did we shine when it comes to vision or humor.

See older entries from 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 and 2013. Read them.

And now predict for 2014 and reflect the last decade in this thread.

Read more...

Posted January 14, 2014 | 1:26 am

Drupal 7.25 released

Update: Drupal 7.26 is now available.

Drupal 7.25, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.25 release notes for a full listing.

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.25 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.24 and 7.25 releases can be found by reading the 7.25 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.25 release notes for details on important changes in this release.

Known issues

Changes to Drupal's page caching system in this release caused an incompatibility with the Authcache module (see this issue). The solution is to upgrade to Authcache 7.x-1.7 or higher.

Front page news: 
Drupal version: 

Read more...

Posted January 2, 2014 | 4:48 pm

Drupal Association is hiring CTO

The Drupal Association, with the help of a Search Committee comprised of Board and Advisory Board members, is beginning a search for a Chief Technical Officer (CTO) for Drupal.org (not the Drupal software project). The CTO will fill a critical role for the both the Association and the community, working at the strategic level with the Drupal.org Working Groups to build a roadmap for Drupal.org, create and manage processes critical to the success of the site (including security and disaster recovery), and ensure that Drupal.org roadmaps are met. A CTO role ensures that Drupal.org has the technical and strategic oversight needed to drive improvements and innovations. Specifically we want to ensure that we have the best platform for developers, community involvement, and critical revenue-generating opportunities.

The CTO is the first of several hires we will make over the course of the next few months to significantly increase our ability to improve the experience of Drupal.org for our many constituents. These hires will include more development and devops bandwidth, among other things. In short, this is a really exciting time to work on Drupal.org!

We're asking for your help to find the right person for this role. We're looking for someone with strong product management skills, a community player who can work with our broad base of remarkable volunteers, and the experience to guide and manage our development, infrastructure and operations teams. Please review and share the Drupal Association CTO Job Description.

We've also included a little more context below if you want to learn more. And, if you have any questions, please feel free to contact Holly Ross.

Why a CTO? Isn’t that a bit much for our needs?

Our focus at the Association in 2013 has been re-aligning Association resources to bring more support and funding to our community’s most important asset: Drupal.org. During the last 9 months, we've begun diversifying our revenue streams so that we can scale our income and provide more funding for Drupal.org projects. We launched Working Groups to manage the strategic direction and policy setting we need to make good decisions for the site. Most recently, we hired a Technology Manager for the Association so that our limited technical staff can focus more fully on Drupal.org.

In 2014, we are planning for an even more dramatic shift, bringing on engineering and infrastructure staff to pay off years of technical debt and begin to move the site forward with new developer tools, better site performance, and strong security practices. We’re incredibly excited to help the community move Drupal.org forward and really meet community needs. We see the CTO role as essential to making this happen. It sets us up to proactively address Drupal.org needs at a strategic level - forecasting necessary changes before they become critical problems.

Isn’t this the role of the Working Groups?

Yes - the Working Group charters put them in charge of direction-setting and strategy for the sites. We anticipate that the CTO will work closely with the Working Groups to coordinate their work and ensure that those decisions are translated into a cohesive roadmap. Additionally, the Working Groups are not designed to implement the roadmap. The CTO will oversee the team that does that - either in-house, using 3rd party tools, through contractors, with volunteers, or a combination of these options.

Are you going to hire from within the community?

We are certainly going to look within the community. We will also look outside the Drupal community. The committee seeks a candidate who brings a breadth of experience and knowledge regarding open source community sites.

Is this a technical role or a business role?

We expect that the right candidate will have equal parts technical chops and business savvy. We are not expecting the CTO to write production code, but the CTO will have to know how to do that so that they can manage it well. Additionally, the CTO will need to understand business problems and how technology can be strategically deployed to meet those needs.

Where will the position be based?

Ideally, in Portland, OR, at the Drupal Association headquarters. We know however, that this is likely unrealistic as a hard and fast constraint, and will encourage applicants from around the globe.

Read more...

Posted December 29, 2013 | 11:46 am

Drupal 6 to stop supporting PHP 4 on March 1st 2014

Drupal 6.0 was released almost 6 years ago in February 2008. The Drupal community is committed to release Drupal 6 bugfixes until Drupal 8.0 is released and with recent changes provide security fixes much longer.

The hosting and development landscape was very different in 2008 though. PHP has gone a long way since we released Drupal 6. While Drupal 6 is still supported on PHP 4.x, the PHP developer community itself end-of-lifed PHP 4 just half a year after Drupal 6.0 came out. According to public statistics and data available to us about Drupal 6 sites, we estimate that there is a very small number of Drupal sites which may still run on PHP 4. We also don't believe it is in our best interest to support Drupal 6 on a possibly insecure but definitely unsupported base system, so we discussed and decided to drop support for PHP 4 on March 1st 2014.

If you are running a Drupal 6 site on PHP 4.x, we suggest you look at your hosting situation as it is likely there are other outdated (and possibly insecure) components involved in your environment as well. For the secure operations of your site, we suggest you look at other hosting options. We suggest to look for hosting with at least PHP 5.2.4 (same as Drupal 7's oldest supported PHP version).

While we don't plan to deliberately introduce PHP 5 constructs in Drupal 6, this change also lets contributed module developers to use PHP 5 more easily in their code.

Front page news: 
Drupal version: 

Read more...

Posted December 18, 2013 | 9:01 am

Michael Hess new Security Team Lead

Back in November of 2011, I appointed Greg Knaddison to lead the Drupal Security Team, for a term of two years. In that time, Greg has done a tremendous job helping the Security Team scale. November 2013 ends the term that Greg and I agreed to, Greg is now stepping down as team lead.

I'm pleased to share that Michael Hess (mlhess on Drupal.org) has accepted my invitation to become the new Security Team lead. For those who don't know Michael, he is an adjunct lecturer and a Solution Architect Lead at the University of Michigan. He teaches courses on content management platforms, particularly focusing on Drupal, oversees the functionality of several campus websites, and serves in a consulting and development role for other departments within the University of Michigan. He has been a member of the Drupal Security Team for 3 years and a member of the infrastructure team for 2 year.

As the Drupal Security Team lead, Michael will be the point person for the team. He'll be responsible for coordinating the Security Team's activities and for making decisions when consensus doesn't arise. Michael wants to move the team into more of an advisory and preemptive role, rather than a response function. In addition, he wants to continue to scale the security team (e.g. by working on building better and more automated tools, providing better metrics, etc).

Please join me in thanking Greg for all the great work he has done over the past two years, and in welcoming Michael as the new team lead!

Front page news: 

Read more...

Posted December 10, 2013 | 7:16 am

Drupal 7.24 and 6.29 released

Update: Drupal 7.25 and Drupal 6.30 are now available.

Drupal 7.24 and Drupal 6.29, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.24 and Drupal 6.29 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.24 is a security release only. For more details, see the 7.24 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.29 is a security release only. For more details, see the 6.29 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.24 and 6.29 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.24 or Drupal 6.29.

Update notes

See the 7.24 and 6.29 release notes for manual update steps and other details on important changes in this release.

Known issues

For a while after the release, sites running certain versions of Drupal core may have seen an erroneous message from the Update Status or Update Manager module recommending that they update to Drupal 6.27 or Drupal 7.19, rather than the actual latest security release. This appears to be an issue related to the drupal.org Drupal 7 upgrade which has since been fixed; see this issue for further details.

Front page news: 
Drupal version: 

Read more...

Posted November 20, 2013 | 1:00 pm

Drupal.org D7 upgrade live!

If you are reading this announcement right now, then we did it! Drupal.org runs on Drupal 7! This was a big and complicated project, which took longer than we expected. But we are finally done!

What changed?

Our goal was a straight port to Drupal 7 without major changes to functionality or layout, but with greatly improved code under the hood. However some things did change, please see Drupal.org D7 F.A.Q. for details. Overall Drupal 7 gives us more flexibility to implement new features and there will be a boost in performance for some of the pages.

NOTE: issues are still being indexed, listings and searches will show incomplete results till the indexing is done.

What’s next?

There probably will be some bugs. If you encounter something unusual, please check the Drupal.org D7 F.A.Q. first. It may be that the change was intentional. If you are sure that you found a bug, please use the D7 upgrade QA queue to report them.

* * *

The only thing we really want to say now is.. let’s party THANK YOU!

Thank you to all of you for being patient with us during this long project. We know it took longer than anticipated and there were some bumps along the way. Our only goal throughout the project was to make Drupal.org better for all of you.

Thank you to all our fantastic contributors. There are so many of them, we even have a special page. Thank you:

Andrei Mateescu / amateescu
Joel Moore / banghouse
Rudy Grigar / basic
Brandon Bergren / bdragon
Tom Behets / betz
Bojhan Somers / Bojhan
Chi / Chi
Ian Carrico / ChinggizKhan
Nell Hardcastle / chizu
Karoly Negyesi / chx
Bill O'Conner /csevb10
Dave Reid / davereid
David Strauss / David Strauss
Meghan Palagyi / dead_arm
Dave Fletcher / dfletcher
Derek Wright / dww
Melissa Anderson / eliza411
Frank Baele / frankbaele
Greg Lund-Chaix / gchaix
Greg Knaddison / greggles
Dylan Tack / grendzy
Jose Marquez / hackwater
Michael Halstead / halstead
Herman van Rink / helmo
Chad Phillips / hunmonk
Jason Savino / jasonsavino
Jonathan Hedstrom / jhedstrom
Jennifer Hodgdon / jhodgdon
Jeremy Thorson / jthorson
KS Sundarajan / ksbalajisundar
Lewis Nyman / lewisnyman
Mark Pavlitski / markpavlitski
Marco Villegas / marvil07
Michael Prasuhn / mikey_p
Mitchell Tannenbaum / mitchell
Nick Veenhof / nick_vh
Narayan Newton / nnewton
Theodore Biadala / nod_
Pradeep Kumar / pradeeprkara
Peter Wolanin / pwolanin
Robert Ristroph / rgristroph
Chris Ruppel / rupl
Sam Boyer / sdboyer
Joel Farris / Senpai
Sam Richard / snugug
Venkata Suresh / sachin2honi
Howard Tyson / tizzo
Tyler Ward / twardnw
Angela Byron / webchick
Steve Edwards / wonder95
Roy Scholten / yoroy

Thank you to the Drupal Association Supporting Partners, who gave us the funding required to make the upgrade happen.

We couldn’t have done this without you!

/ drumm & tvn

Front page news: 

Read more...

Posted November 1, 2013 | 4:40 am

Drupal.org downtime: 31st of October 2013, 15:00 UTC (08:00am PDT)

The Drupal.org D7 upgrade launch is confirmed. Today is Monday, 28th of October, we have 0 launch blocking issues and performance tests are looking fine. Therefore, we are going to launch on Thursday, October 31st, 2013.

What will the launch process be like?

Drupal.org will be down for approximately 24 hours during deployment. It will be replaced by a static page with a download link for the latest Drupal release available. Sub-sites will stay online, but with user logins disabled. Both updates.drupal.org and ftp.drupal.org will stay online. drush make / dl will work fine, update status module as well.

We will start deployment around 15:00 UTC on October 31st. We expect the site to be back up by 15:00 UTC on November 1st.

We realize this will be a significant inconvenience for users who rely on Drupal.org, and will try to minimize downtime as much as possible.

What if there are problems? Do you have a backup plan?

Yes, we do. If we encounter significant problems during migration, we will roll back to the Drupal 6 version of Drupal.org and restore with a backup made right before migration started.

How can I find out what’s going on during deployment?

Twitter accounts to follow are @drupal_org and @drupal_infra . IRC channels: #drupal and #drupal-contribute.

What changes will I experience when the site comes back online?

You can find information about the changes in functionality or UI in the Drupal.org D7 F.A.Q. Most pages on the site won’t change as far as layout or functionality. Our goal for this project was a straight port from Drupal 6 to Drupal 7. The only place where you will see significant UI changes is the issue page. This blog post explains what is changing on the issue page and why in detail. In general Drupal 7 gives us more flexibility to implement new features and there will be a boost in performance for some of the pages.

Why aren’t we waiting and upgrading to Drupal 8 once it releases?

The Drupal 7 upgrade began in March 2012. The upgrade took longer than we anticipated due to a variety of reasons that include the scale and complexity of Drupal.org and resource contstraints. We decided to push ahead and complete the Drupal 7 upgrade so Drupal.org can be on the latest release of Drupal, and so we can use the learnings in future upgrades.

Read more...

Posted October 28, 2013 | 12:28 pm

Drupal 8 UX research studies: how you can help improve Drupal?

UPDATE: We've finished running studies for this initial period. Analysis and findings now published.

Usability studies are one of the best ways to keep improving Drupal 8. We want to speak with people who create or edit content on the web to take part in a UX research study to help improve Drupal 8.

This study will help us learn how content creators move between admin and non-admin interfaces. Editing content is a key part of working with Drupal, so understanding this interaction is essential.

Sign up for Drupal 8 usability study

There are a few ways you can help:

  1. You can help us recruit participants by retweeting the tweet below, post on your own social networks, and emailing friends to send people directly to the Drupal 8 usability study sign up form.
    tweet announcing study sign up
  2. You can sign yourself up as a participant.
  3. We also need people to help us observe, take notes and debrief after sessions (it’s a chance to get hands-on experience in UX research).
  4. If you have experience moderating usability studies, you can moderate some sessions too!

And, with a pool of willing participants, we'll have people we can reach out to for future studies.

If you’re interested in helping out on other Drupal User Experience issues, join us in IRC in #drupal-usability (particularly Mondays at 4:00PM Eastern Time) or follow along with issues posted in https://groups.drupal.org/usability.

Front page news: 
Drupal version: 

Read more...

Posted October 20, 2013 | 5:23 pm

Drupal.org Drupal 7 upgrade going live, prospective launch date and downtime

After a month-long Community QA, we are getting ready to deploy Drupal.org D7 upgrade. During the last couple of weeks we were limiting the number of ‘to-do before launch’ issues to those that are absolutely essential. Currently our launch blocker list consists of the 12 open issues.

We took a look at the upcoming Drupal events to find a quiet week, which won’t interfere with major camps and sprints, and..

Launch date

If by Monday, 28 of October, launch blocker issue is down to 0, we plan to deploy the Drupal.org D7 upgrade on Thursday, 31 of October.

If by Monday, 28 of October, the launch blocker issue count is higher than 0, we will have to postpone deployment for a few weeks.

What will the launch look like?

Drupal.org will be down for approximately 24 hours during deployment. It will be replaced by a static page with a download link for the latest Drupal release available. Sub-sites will stay online, but with user logins disabled. We realize this will be a significant inconvenience for users who rely on Drupal.org, and will try to bring it up as soon as possible.

We will start deployment around 15:00 UTC on October 31st. We expect the site to be back up by 15:00 UTC on November 1st.

Update: both updates.drupal.org and ftp.drupal.org will stay online. drush make / dl will work fine, update status module as well.

What if there are problems? Do you have a back up plan?

Yes, we do. If we encounter significant problems during migration, we will roll back to the Drupal 6 version of Drupal.org and restore backup made right before migration started.

How can I find out what’s going on during deployment?

Twitter accounts to follow are @drupal_org and @drupal_infra. IRC channels: #drupal and #drupal-contribute.

What changes will I see when the site comes back online?

Most pages on the site won’t change. Our goal for this project was straight port from Drupal 6 to Drupal 7. The only place where you will see significant UI changes is the issue page. Some time ago we wrote up this blog post, which explains what is changing and why in detail. We will also publish an F.A.Q. right before launch, which will list all changes you might encounter on the website.

How can I help?

To ensure we are able to launch on time, you can help us by bringing launch blockers count to 0.

Here are the issues:

Drupal Core
#1289336: Calling node_view for the same node with multiple view modes on the same page does not correctly attach fields
#2001308: Node preview removes file values from node edit form for non-displayed items

Search API
#2110315: Specialized filter for users and terms
#1832356: Figure out how to dereference option lists with Search API

Project*
#2044475: D7: restore search page integration, or remove dead code
#2097927: Remove 'Update this issue' link next to main comment form when issue updaters are used to the new green button
#1991726: Move "Follow" button back to the sidebar

Other
#2090757: User timezone on git7site doesn't match the value on production

Read more...

Posted October 16, 2013 | 1:53 pm

1 Million Users on Drupal.org!

If you have been on Drupal.org today, you may have noticed something interesting near the bottom of the page. At some point during the past 24 hours, the millionth user joined Drupal.org!

Drupal.org screenshot

It is tempting to overlook those statistics at the bottom of the page because our eyes tend to skip over what they see repeatedly. But it’s worth taking a moment to think about it. 228 countries. 181 languages. And counting.

As Dries pointed out in his keynote at Prague, more than 1,600 people have contributed to Drupal 8. That's nearly double the number of contributors for Drupal 7!

The Drupal community is truly global and it's always growing, always moving forward, 24 hours a day, 365 days a year.

Here's to the next 1 million!

Read more...

Posted October 11, 2013 | 12:34 pm

At-Large Board Elections Announced

Congratulations to Mortendk and Matthew Saunders, our newly elected Directors at Large, representing the community on the board of the Drupal Association. Please join me in thanking all the candidates who put themselves forward to stand for election.

This was our third community election for the rebooted Drupal Association. We've learned a lot along the way and made some minor adjustments as we went, but it´s always good to reflect in the process, and perhaps reassess how we go about this in the future. We're excited to welcome Matthew to the board and have Morten continue on for another year.

In late 2011 we had a series of discussions on groups.drupal.org about how we should elect community representatives to the board. You can review those discussions online.

This year we've heard and share the community´s disappointment about the lack of diversity amongst the candidates and welcome everyone's ideas on how to ensure we reach out wider next time. If you know great people who would be willing to serve on the board, please help us and encourage them to nominate themselves next year.

We also need to encourage more people to vote. This year 668 people cast their vote. That is 0.36% of eligible voters, which compares with last year when 0.55% of eligible voters cast a vote.  Voting was open for 6 days, as opposed to 2 weeks last year. So that may well be a factor in the lower turn-out. Nonetheless we should explore the reasons, and find ways to engage more of our community in this process in the future. We´ll be opening discussion on the elections on groups.drupal.org and invite all those interested to share their thoughts.

Finally, I'd really like to thank Tatiana, Neil and Holly for taking on the work of running the elections, and outgoing community board member Pedro Cambra not only for wrangling the election software, but for being so great to work with over the past year.

Read more...

Posted October 7, 2013 | 12:41 am

Drupal.org D7 Upgrade: Ready for Community QA!

It’s time! After almost a year and a half of work we are at the finish line. D7 Drupal.org is open for community QA. We invite you all to login to the site, look around, do some of the things you usually do on Drupal.org and report any bugs or problems you encounter. Community QA will last for at least 3 weeks. The launch date will be sometime after DrupalCon Prague and will depend on how many bugs you find. :)

Before You Start

For this upgrade project our goal was a straight port to Drupal 7. No major regressions, no major new features. And indeed nearly all sections and pages on D7 Drupal.org will look the same as they do now on Drupal 6. There is only one page which will change significantly - the issue page. Awhile ago we wrote a detailed explanation of the changes and why they had to happen. Please be sure to review the post before going to the QA site.

Note that patch testing on the QA site may be somewhat delayed relative to production, but with patience, should be fully functional.

Ready to Do Some QA?

Great! We’ve set up a dedicated issue queue for the process. You’ll find instructions on the project page: https://drupal.org/project/d7qa.

We’ve also set up an #drupal-d7qa IRC channel on Freenode, a place for QA participants to talk to each other and the development team.

Any Video Tutorial Available?

Good question. In preparation for the community QA Melissa Anderson and Neil Drumm held a QA orientation session, where they talked about our QA server, and where and how to report issues. They also briefly showed the new Drupal.org issue pages. The recording is available below:

Now go and check out D7 Drupal.org! We do hope you’ll like it.

Read more...

Posted September 13, 2013 | 7:53 am

Update: Git service interruption on drupal.org

Update: Pushes to contributed modules and sandboxes are once again possible, thanks to the work of Sam Boyer and Damien Tournoud. Go forth and contribute!

We are experiencing technical problems with repositories hosted on the Drupal.org git server.

The Drupal.org infrastructure team has been informed and is working to resolve the issue.

Anonymous cloning and pulling from the repositories is still possible. Short service interruptions may occur while the team is working on the problem.

Our apologies for disrupting your work.

Read more...

Posted August 28, 2013 | 1:29 am

Seeking community input on short-term Drupal.org roadmap

Cross-post from https://association.drupal.org/node/18358

Greetings from the Drupal.org Software Working Group! We are a governance group that has been chartered in order to define the overall strategy and roadmap for *.Drupal.org's features and functionality.

The Drupal Association Board is having their quarterly retreat at DrupalCon Prague in just a few short weeks, at which point they'll be reviewing draft 2014 budget for the year, which will include an amount set aside for Drupal.org improvements. We want to ensure that the community has input on what this budget is spent on, but unfortunately the previous data we have on what the community wants is almost two years old. And, because of the tight timeline, we need to do this quickly.

Therefore, the Drupal.org Software Working Group is seeking input from the community to help us determine two to three significant improvements for Drupal.org to be started on by Drupal Association staff at the beginning of 2014 (yes, Drupal.org D7 upgrade will be finished this year!). If you'd like to provide your input on the Drupal.org roadmap for the first part of 2014, please visit the 2014 Drupal.org feature brainstorming group. You can review and "vote up" other peoples' proposals, or propose your own ideas. We'll be leaving the call for ideas open until 00:00 GMT on September 2, 2013.

We will then look at the results gathered, consider our constraints (budget, development, other necessary maintenance work, volunteer momentum) and make the best possible choice we can for the next projects. At this time, we are likely to avoid any projects that would block the forward movement of others. That doesn’t mean you shouldn’t include them. Please do. Just know that we have some work to do before the next epic undertaking. Also note that these votes will almost certainly not correspond directly to the initial priorities that we publish. There will be very practical reasons why some of the top-ranked ideas won’t be a part of this batch. We will explain the reasoning behind our choices, but we probably won’t be able to explain the reasoning for every choice we do NOT make.

We acknowledge this interim process to be severely sub-optimal. The timeline is too short, the tools are awkward, we won't get enough feedback from a broad enough representation of the community, and we acknowledge that different stakeholders will have equally important, competing, or even conflicting priorities. One of our highest priorities as a Working Group is to develop efficient and inclusive process for collecting, prioritizing, and implementing Drupal.org improvements, a process which will allow us to get the widest community feedback possible and make informed decisions. That takes time, however, and we cannot afford to put improvements on hold until it’s worked out.

We will be re-engaging the community in 2014 with more robust process to gather more ideas about how Drupal.org can better serve its varied audiences. We’d love to have you think hard about small-scope ideas with wide-ranging impact in this go-round, but we also want to know the truth about where it hurts.

Express the needs, risks, and benefits of your ideas as clearly as you can, we’ll look at the entire picture to figure the best way we can move forward, and we'll share the results with you in a few weeks.

Thank you for your participation in making Drupal.org awesome!

Drupal.org Software Working Group

Drupal version: 

Read more...

Posted August 25, 2013 | 1:20 am

Drupal 7.23 released

Update: Drupal 7.24 is now available.

Drupal 7.23, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.23 release notes for a full listing.

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.23 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.22 and 7.23 releases can be found by reading the 7.23 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.23 release notes for details on important changes in this release.

Known issues

None.

Front page news: 
Drupal version: 

Read more...

Posted August 7, 2013 | 7:20 pm

Important Security Update: Reset Your Drupal.org Password

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we've reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

  1. Go to https://drupal.org/user/password
  2. Enter your username or email address.
  3. Check your email and follow the link to enter a new password.
    • It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.

See below recommendations on additional measure that you can take to protect your personal information.

What happened?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

The suspicious files may have exposed profile information like username, email address, hashed password, and country. In addition to resetting your password on Drupal.org, we are also recommending a number of measures (below) for further protection of your information, including, among others, changing or resetting passwords on other sites where you may use similar passwords.

What are we doing about it?

We take security very seriously on Drupal.org. As attacks on high-profile sites (regardless of the software they are running) are common, we strive to continuously improve the security of all Drupal.org sites.

To that end, we have taken the following steps to secure the Drupal.org infrastructure:

  • Staff at the OSU Open Source Lab (where Drupal.org is hosted) and the Drupal.org infrastructure teams rebuilt production, staging, and development webheads and GRSEC secure kernels were added to most servers
  • We are scanning and have not found any additional malicious or dangerous files and we are making scanning a routine job in our process
  • There are many subsites on Drupal.org including older sites for specific events. We created static archives of those sites.

We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report.

If you find that any reason to believe that your information has been accessed by someone other than yourself, please contact the Drupal Association immediately by sending an email to password@association.drupal.org. We regret this occurred and want to assure you we are working hard to improve security.

Thank you,
Holly Ross
Drupal Association Executive Director

FAQ

What happened?

The Drupal.org Security Team and Infrastructure Team has identified unauthorized access to user information on Drupal.org and groups.drupal.org, which occured via third-party software installed on the Drupal.org server infrastructure.

What information of mine was exposed?

The information includes username, email address, hashed passwords, and country for some users. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

Was my credit card information exposed?

We do not store credit card information on our site and have uncovered no evidence that card numbers may have been intercepted. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

Were projects or hosted drupal.org code altered?

We have no evidence to suggest that an unauthorized user modified Drupal core or any contributed projects or packages on Drupal.org. Software distributed on Drupal.org is open source and bundled from publicly accessible repositories with log histories and access controls.

Does this affect my own Drupal site?

This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally. However, we recommend that you follow best practices and follow any security notices from Drupal.org or third party integrations to keep your site safe. Resources include the following sites:

How did the access happen?

Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate.

What has been done to prevent this type of unauthorized access in the future?

There have been several infrastructure and application changes including:

  • Open Source Lab, the group that hosts the servers for Drupal and infrastructure teams rebuilt production, staging, and development webheads
  • GRSEC secure kernels were added to most servers
  • An anti-virus scanner was run over file servers, and run routinely to detect malicious files being uploaded to the Drupal.org servers.
  • We hardened our Apache web server configurations
  • We made static archives of any site that has been end-of-lifed and will not be updated in the future
  • Sites that were no longer going to receive feature or content updates were converted to static copies to minimize maintenance.
  • We removed old passwords on sub-sites and non-production installations

Do you have any information about the identity of the person or group who did this?

At this point there is no information to share.

What is the security team doing to investigate the unauthorized access?

We have a forensics team made up of both Drupal Association staff and trusted community volunteers who are security experts investigating.

How is my Drupal.org password protected?

Passwords on Drupal.org are stored in a hashed format. Currently, passwords are both hashed and salted using multiple rounds of hashing (based on PHPass). Passwords on some subsites were not salted.

Who maintains the Drupal.org site?

The Drupal Association is responsible for maintaining the site, with the assistance of many trusted Drupal community volunteers.

How can I delete my profile rather than create a new password?

Please email password@association.drupal.org with the request.

What else can I do to protect myself?

First, we recommend as a precaution that you change or reset passwords on other sites where you may use similar passwords, even though all passwords on Drupal.org are salted and hashed. Some older passwords on some subsites were not salted. To make your password more secure:

  • Do not use passwords that are simple words or phrases
  • Never use the same password on multiple sites or services
  • Use different types of characters in your password (uppercase letters, lowercase letters, numbers, and symbols).

Second, be cautious if you receive e-mails asking for your personal information and be on the lookout for unwanted spam. It is not our practice to request personal information by e-mail. Also, beware of emails that threaten to close your account if you do not take the "immediate action" of providing personal information.

Although we do not store credit card information, as a precaution we recommend you closely monitor your financial accounts if you made a transaction on association.drupal.org or if you use a password with your fianancial institution that is similar to your Drupal.org password. If you see unauthorized activity (in the U.S.), we also suggest that you submit a complaint with the Federal Trade Commission ("FTC") by calling 1-877-ID-THEFT (1-877-438-4338).

Based on the results of the investigation into this incident, we may update the FAQs and may recommend additional measures for protecting your personal information.

Front page news: 

Read more...

Posted May 29, 2013 | 1:26 pm

Community Spotlight: Scott Reynen

Scott Reynen has done some fun things in the Drupal community. Some notable examples:

  • Coordinated many meetups in Denver ensuring they happen, with interesting topics, and tasty pizza options
  • Helped to organize several Drupalcamps in Colorado (which will be June 29th/30 in 2013)
  • Presents on various topics at Drupalcamps
  • Helps as one of the 3 site maintainers for groups.drupal.org
  • Is an active Project Application queue reviewer heavily interested in new-contributor-onboarding and project quality
  • Takes care of abandoned projects and ownership requests in the Webmasters queue
  • And does a pretty darn good job as the maintainer for modules like @font-your-face.

How did you get involved with Drupal?

About 4 years ago, I took a job as a developer with Aten Design Group, where we do mostly Drupal projects. At the time, I was pretty skeptical of content management systems, after frustrating experiences with both WordPress and Joomla. But I quickly grew to appreciate Drupal’s modular architecture.

What do you do with Drupal these days?

Most of my Drupal time is spent building websites for clients. I’m fortunate to be able to work on projects I really care about, like the International Center for Transitional Justice, the National Center for Women & Information Technology, and the United Nations Development Programme. Apart from client work, I use Drupal as a platform to explore new ideas. With a wide variety of code and a huge active community, Drupal serves as a great incubator.

You’re involved with the Drupal community locally and internationally - can you describe some of the things you do and why you like them?

I co-maintain Drupal Groups (groups.drupal.org), deal with abandoned projects on Drupal.org, do some work on project review applications, help organize the local Denver Drupal meetup, actively mentor a few people, and contribute some modules. I think I like all of this because I feel like I’m actively building the future, either through directly improving the web, or by enabling other people to improve the web.

What got you started in the project application review process?

I didn’t go through the application review process to get my own Git (previously CVS) access, and didn’t realize the process existed for a long time. So I think some feeling of debt played a part in my getting involved. But I also believe the future of Drupal depends on people who aren’t yet involved, and the application process, if not handled well, can very easily be a point where we turn away this next generation of contributors.

What are some of your favorite moments from that process?

It’s always nice to get thanks from new contributors for my feedback, or to discover a cool new module before it even has a release. But I think my favorite moment was when klausi arrived. Before that, I felt like I had to stay actively involved or the whole process might fall apart. When klausi started doing a superhuman number of reviews, I could comfortably step away from the queue for a short (or even long) period of time and avoid both catastrophe and burnout.

Read a previous Community Spotlight about Klaus Purer (klausi).

Are there any cool projects you’ve learned about through that process?

Commerce Registration is, I think, a great example of why the review process is important to the wider community. After some quick minor bug fixes in the review process, that project was approved and is now part of the Conference Organizing Distribution, used in every DrupalCon site. And the maintainer has gone on to contribute several other modules, a few to Drupal Commons that will be part of the next version of the Drupal Groups site. A more frustrating project review could have easily meant the Drupal community losing all of this.

What changes do you hope will come in the project review process?

Mostly I think we just need more people with the right mindset. Right now, the “needs review” backlog is gradually disappearing, largely thanks to a lot of new reviewers. I think we just need to keep more of these reviewers involved and make sure they know, as jthorson recently wrote, “the role of reviewers in this process is that of a 'mentor', not 'traffic cop'”.

What is your favorite part about the Drupal community?

It’s rare to hear someone say “I don’t care” in the Drupal community. There’s plenty of work that goes off the rails on passionate debate over what color to paint the bike shed, and that can grow tedious. But our bike sheds are the best-painted on the web (12 coats!), because people really care. I like that.

Tell us a little about your background or things that interest you outside Drupal?

When I was young, I hit myself in the forehead with a boomerang. I wasn’t entirely unfamiliar with the concept, but I’d never had one actually come back. This one did, just as I was turning to see where it had landed. Stitches weren't great back then, so I still have a scar. I still have problems with tools doing what I say rather than what I expect.

Read more...

Posted April 29, 2013 | 1:26 pm

Drupal 7.22 released

Update: Drupal 7.23 is now available.

Drupal 7.22, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.22 release notes for a full listing.

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.22 is a bug fix only release. The full list of changes between the 7.21 and 7.22 releases can be found by reading the 7.22 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.22 release notes for details on important changes in this release.

Known issues

#1962780: 500 Internal server error on Apache 1.x servers after updating to Drupal 7.22: Sites running on 1.x versions of the Apache web server may experience errors after updating to Drupal 7.22. (Although Apache 1.x was deprecated by the Apache project several years ago and switching to Apache 2.x is highly recommended, Drupal 7 normally does still run on it.) A patch to fix the problem is available in the above issue, and it has been committed to the 7.x development version so it will be included in the next bug fix release.

Front page news: 
Drupal version: 

Read more...

Posted April 3, 2013 | 3:16 pm

Drupal 7.21 released

Update: Drupal 7.22 is now available.

Drupal 7.21, a maintenance release which fixes incompatibilities introduced in the Drupal 7.20 security release, is now available for download. See the Drupal 7.21 release notes for further information.

Upgrading your existing Drupal 7 sites is strongly recommended, especially if you encountered problems with Drupal 7.20. There are no new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core; however, sites which were unable to upgrade to Drupal 7.20 (or upgraded but made modifications to disable the security fixes included within it) should upgrade to Drupal 7.21 to obtain additional security protection. See the Drupal 7.21 release notes for further information.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.21 is a bug fix only release. The full list of changes between the 7.20 and 7.21 releases can be found by reading the 7.21 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.21 release notes for details on important changes in this release.

Known issues

None.

Front page news: 
Drupal version: 

Read more...

Posted March 6, 2013 | 4:24 pm

Drupal 7.20 released

Update: Drupal 7.21 is now available.

Drupal 7.20, a maintenance release which contains fixes for security vulnerabilities, is now available for download. See the Drupal 7.20 release notes for further information.

Upgrading your existing Drupal 7 sites is strongly recommended. There are no new features or non-security-related bug fixes in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.20 is a security release only. For more details, see the 7.20 release notes.

A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.20 was released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problems, please upgrade to Drupal 7.20.

Known issues

Due to the nature of the security fix, some sites will require extra testing and care when deploying this release of Drupal core, and several contributed modules require code changes in order to continue working correctly. See the release notes for more information.

Front page news: 
Drupal version: 

Read more...

Posted February 20, 2013 | 12:55 pm

Drupal 7.19 and 6.28 released

Update: Drupal 7.20 and Drupal 6.29 are now available.

Drupal 7.19 and Drupal 6.28, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.19 and Drupal 6.28 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.19 is a security release only. For more details, see the 7.19 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.28 is a security release only. For more details, see the 6.28 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.19 and 6.28 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.19 or Drupal 6.28.

Known issues

None.

Front page news: 
Drupal version: 

Read more...

Posted January 16, 2013 | 2:17 pm

Predictions for 2013

Ever since node 4877 in 2003 we have a “prediction” post up on Drupal.org, where Drupal coders and users can share their vision on what will happen the year ahead with their beloved tool. Ever? Well, we skipped 2012, so we can not look back to the predictions you made last year on this site.

But that should not stop you from making some predictions for 2013. And you are welcome to do so in the comments below. Will parts of Drupal end up in another CMS or framework? Will "WSCCI first” be the slogan or will the consolidation in the CMS landscape and the trend to leave our small island make new bridges towards other PHP projects or even make a new Pangaea, beyond PHP and the web? Will Drupal be the answer in Jeopardy on the question “what is the best CMS?”. Time will tell.

Or you.. In the comments below

Read more...

Posted January 5, 2013 | 1:31 pm

Drupal 7.18 and 6.27 released

Update: Drupal 7.19 and Drupal 6.28 are now available.

Drupal 7.18 and Drupal 6.27, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.18 and Drupal 6.27 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.18 is a security release only. For more details, see the 7.18 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.27 is a security release only. For more details, see the 6.27 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.18 and 6.27 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.18 or Drupal 6.27.

Known issues

None.

Front page news: 
Drupal version: 

Read more...

Posted December 19, 2012 | 10:39 am

Drupal.org Downtime: December 13th 5PM PST (01:00 UTC)

We will be having a very short downtime at 5PM PST (01:00 UTC) this Thursday December 13th. The outage should be no more than 2-3 minutes while we reboot a switch. Thank you.

Front page news: 

Read more...

Posted December 12, 2012 | 10:18 am
About | Contact | FAQ | Privacy Policy | Terms of Use

© 2006-2014 überbytes LLC