Syndicate content
Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
Updated: 13 min 40 sec ago

Happy 20th Birthday, Drupal

Fri, 01/15/2021 - 01:46

Today, on Drupal's 20th birthday, we are kicking off celebrations that will last throughout 2021. Together, let’s celebrate 20 years of Drupal and our Community - the inspired makers that keep Drupal innovative. 

As part of this 20-year milestone, we celebrate our community of more than 100,000 contributors who made Drupal what it is today,” says Heather Rocker, executive director of the Drupal Association. “Success at this scale is possible because the Drupal community exemplifies the values of open source and proves that innovation is sustained by healthy communities.”

To kick things off, we have a few ways for you to get involved:

  • Promote the official Press Release of Drupal's 20th birthday to your local tech media
  • Submit your Drupal birthday celebration to Community Events 
  • Post a selfie of your celebration on Celebrate Drupal
  • Submit Drupal milestones to the 20 Years of Drupal History timeline
  • Share your excitement and what you’re doing to celebrate on social media - and be sure to add the hashtag #CelebrateDrupal
  • Participate in our 'Drupal Doodle' event - where we're looking for celebratory banners to feature on Drupal.org
  • Propose content for DrupalCon North America 2021 that showcase the ambitious digital experiences you’ve created with Drupal
  • Register for DrupalCon

With so much to celebrate, today's activities are only the beginning. Keep an eye on this blog, the @drupalassoc on Twitter, and Drupal Association on Linked In for more activities throughout 2021. 

Categories: Drupal

Siteimprove & FFW Enhanced Drupal Module

Thu, 01/14/2021 - 00:44
Completed Drupal site or project URL: https://siteimprove.com/en/core-platform/integrations/cms-plugin/drupal/The Siteimprove & FFW Enhanced Drupal Module

Working in partnership with the Drupal architecture and integration expertise of FFW, Siteimprove has launched an enhanced Drupal module. The new module offers a simplified experience leveraging their website optimization insights right into the Drupal content editing environment.

Categories: Drupal

Drupal Steward's First Activation Report

Mon, 12/07/2020 - 22:54

On November 18th, 2020, the Drupal security team released security advisory SA-CORE-2020-012, a critical remote code execution vulnerability being patched in Drupal 7, 8, and 9. If you haven't read up on this issue, or the contrib advisories from the same day, I suggest you pause here and go take a look (and of course update your site(s)).

As always, the Drupal Security Team demonstrated their commitment and professionalism in helping all of us keep our Drupal sites more secure. But this post is not just to praise the security team, but also to report back on our first trial activation of the Drupal Steward program with a real security vulnerability.

As a reminder, the Drupal Steward program is operated jointly by the Drupal Association and the Drupal Security team, to offer protection for highly critical and mass exploitable vulnerabilities in the form of a web application firewall. This protection is offered directly by the Drupal Association to end-users, and also through our Founding Platform Partners: Acquia and Pantheon.

Drupal Steward doesn't change the site owner's responsibility to update their site. It does, however, provide a greater safety window and more flexibility for their team when scheduling the update.

In coordination with the Drupal Security Team, as well as our partners, we decided to use SA-CORE-2020-012 as our first live case for implementing this protection. This core issue was neither 'highly-critical' nor 'mass-exploitable' as the program is generally designed to protect, but because it was still a critical issue, it made a good test case.

We made a deliberate choice not to pre-advertise the protection for this first activation, because we wanted to thoroughly vet the process from end-to-end, before telling Steward customers to breathe easy when scheduling their update.

For future activations we will include a section in the PSA or SA published on Drupal.org, marked by the Drupal Steward logo, which indicates whether an upcoming security release will have this Drupal Steward coverage - giving all Drupal Steward customers the warning they need so they can responsibly schedule their site updates.

We're very pleased to say that this first program activation went very smoothly. Our coordination with Founding Partners, and our implementation of the firewall rules for the community tier went quickly and easily - and despite the short turn-around time, we were able to have protection coordinated in time for the disclosure of the issue.

What about SA-CORE-2020-013?

If you follow Drupal security issues closely, you'll know that another Drupal security release occurred only about a week later. SA-CORE-2020-013 was released to mitigate a vulnerability in a third-party dependency of Drupal. This issue was not eligible for Drupal Steward coverage because it was a zero-day, that is, the vulnerability was already public and so there was no time to implement a preventative mitigation strategy.

Ready to sign up?

You can learn more about Drupal Steward here and you can ask questions or set up a consultation here. Cost is usage-based, and we've tried to subsidize the cost as much as possible for our community site owners. For most small to medium-sized sites, coverage costs less than $200/year. Proceeds are allocated to support Drupal Association and Drupal Security Team programs. 

Categories: Drupal