If this tutorial is not what you were looking for, you still have any questions, suggestions or concerns - feel free to let us know. Please help us to serve you better!

Your Name

Your Email

Your Message (required)

captcha

Drupal News and Updates

This page will show you the most recent Drupal templates updates and Drupal Community news.

Drupal Templates News and Updates

December 3, 2012. The New Word In Creating Drupal Stores

December 03 2012 | Category: Drupal Updates

The creators of Drupal Commerce decided to bring their favorite CMS to masses. When speaking with one of TemplateHelp’s Drupal developers, he said: “I can’t understand, why users don’t use Drupal, it’s so simple…” Commerce Guys, those who created Drupal Commerce stores, got to be thinking that way.

Read More

May 03, 2012 – Drupal 7.14 released

May 09 2012 | Category: Drupal Updates

(Russian) В этой заметке вы узнаете о проблемах сопутствующих обновлению ядра Drupal 7.14.

Read More

Responsive Drupal templates

April 09 2012 | Category: Drupal Updates

Responsive Drupal templates include several layout options – each is optimized for proper screen resolution.

Read More

Drupal 6.19 templates

April 26 2011 | Category: Drupal Updates

Drupal templates starting from #30278 are compatible Drupal 6.19

Drupal 6.19 release anouncement is available here. You can also check the release notes to see the updates

Drupal templates starting from #30278 are compatible Drupal 6.19

Drupal 6.19 извещение о релизе доступно здесь. Вы также можете ознакомиться с с релиз нотами чтобы увидеть обновления.…

Read More

Drupal 7 templates are available

April 26 2011 | Category: Drupal Updates

Drupal templates starting from #32668 are compatible with Drupal 7

Drupal 7 features:

  • Vastly improved administrative user interface thanks to the D7UX movement
  • Flexible content and custom fields
  • Better visual presentation and theming with Render API
  • Accessibility is greatly improved
  • Image support is now included
  • Automated code testing
  • Improved database support
  • Better distribution support
  • Support for the Semantic Web through
Read More

Drupal 6.17 compatible templates

June 22 2010 | Category: Drupal Updates

Drupal templates starting from #29476 are compatible with Drupal 6.17

Drupal 6.17, a maintenance release fixing issues reported through the bug tracking system, is now available for download. There are no security fixes in this release. Upgrading your existing Drupal 6 sites is recommended. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement.

Highlights …

Read More

Drupal Themes are Now Available!

April 04 2008 | Category: Drupal Updates

After having launched Joomla and Mambo CMS templates last fall we have noticed that even though these two product types are strikingly popular the audience still wants more. Therefore in response to this growing demand for various CMS products we have decided to be so kind and to launch a new CMS designs range which we have chosen to be …

Read More

Drupal News and Updates

Drupal Security Team update.

18 September 2014, 6:07 pm

Joint Security release with WordPress

In big news, we had our first joint release with WordPress. We collaborated together with the WordPress team on a PHP security issue discovered by a security researcher. We’re thrilled that we had an opportunity to work together with others in the open source CMS community. We shared a few tips and tricks and it was great working with the WordPress team.

Keeping Drupal Secure

In keeping with our mission to showcase security best practices at Drupal’s online home, we’ve upgraded https://security.drupal.org to Drupal 7. This ensures we’re on a supported platform. We also took the opportunity to add some new features that help us enhance our team’s efficiency by automating a number of routine tasks.

As part of our dedication to keeping Drupal users safe, we’ve written and announced the Long Term support (LTS) plan for Drupal 6 (https://www.drupal.org/d6-lts-support). This is an important step as we look forward to the release of Drupal 8. Soon we will be introducing two-factor authentication to Drupal.org, thanks to hard work from security team members Ben Jeavons, Greg Knaddison , Neil Drumm, and Michael Hess. (https://groups.drupal.org/node/439868 and https://drupal.org/node/2239973)

And here’s one last, fun note: Security.Drupal.org issues now show up on the drupal.org dashboard if you add the widget. You can get it clicking on dashboard after logging in and adding the widget.


Securing Drupal E-Commerce

Some Drupal security team members were recently involved in putting together a compliance White paper for keeping track of PCI compliance. Anyone who runs a Drupal site and takes credit cards should read the whitepaper. Here’s a little more information:

Version 3.0 of the PCI compliance standard becomes mandatory on January 1st, 2015 and will be a complete game changer for many Drupal eCommerce sites. This includes triple the number of security controls if your website touches credit card information and more. The community supported Drupal PCI Compliance White Paper (http://drupalpcicompliance.org/) will give you a high level overview of what PCI compliance is, why you need to comply, and (most importantly) how to get started. This paper was written and reviewed by several members of the Drupal security team, including Rick Manelius, Greg Knaddison, Ned McClain, Michael Hess, and Peter Wolanin.

Simplifying Security

We’ve redesigned our Security Advisory system to make evaluating and analyzing security threats easier and more intuitive. This came about after several core contributors informed us that they wanted a better way to address security threats. We sent out a survey through Twitter to learn more about how people write and read the Security Advisories. Based on the responses we put together a new Security Advisory system that takes much of the guesswork out of the process of evaluating threats. We’ve added and reordered elements on the Security Advisory’s criticality scale and added explanations to help people understand where a security problem is on the spectrum of potential threats.

Our Growing Team

We’ve brought a number of new members onto the security team. Please help us give a very warm welcome to our newest security team members:

Alex Pott (alexpott) - IRC nick: alexpott, Organization: Chapter Three
Cash Williams (cashwilliams) - IRC nick: CashWilliams, Organization: Acquia
Dan Smith (galooph) - IRC nick: galooph, Organization: Code Enigma
David Snopek (dsnopek) - IRC nick: dsnopek, Organization: MVPcreator
Rick Manelius (rickmanelius) - IRC nick: rickmanelius, Organization: NewMedia!

We’re always looking for more qualified people who place a high priority on security. If you’d like to join the security team: https://security.drupal.org/join

Drupal version: 

This week, we added a feature to projects on Drupal.org to help highlight the contributions made by supporting organizations. Maintainers of distributions, modules, and themes can give credit to organizations that have materially contributed to projects on Drupal.org using the new “Supporting Organizations” field.

Supporting organizations field

How do you use this field? When an organization funds the development of a project or when a company takes on maintainership of a key module in the community, the maintainers of that project can add a reference to one or more of them on the project node. Maintainers may chose to give this credit to any organization that contributes significant code or support to a project.

We noticed that many projects would manually follow this pattern in the project description, but wanted to take it a step further. Not only will this provide a link to the organization, it will also show up on the organization’s marketplace page.

Projects supported field on organization display

This is just the first step, we are also looking for community feedback and help in providing credit to companies, organizations and customers that contribute to the development of Drupal. Implementing this step will be a key way to show how organizations are giving code and support to Drupal Core. Look for it in the coming months.

Dries has written an excellent post on how we might give credit to organizations and another on the value of hiring a core contributor to help push Drupal forward that were a basis for much of this work.

If you are a project maintainer, take a moment to give some credit to the organizations that have helped build the Drupal ecosystem.

Front page news: 

Almost half a year ago, with the help of the Drupal.org Content Working Group and lawyers, the Drupal Association started working on a Drupal.org Terms of Service (ToS) and Privacy Policy. After a number of drafts and rewrites, we are now ready to introduce both documents to Drupal.org users.

Why do we need a ToS?

Drupal.org has grown organically for many years. Currently the site has thousands of active users that generate lots of content every day. Our current Terms of Service are limited to a short line on the account creation form:

“Please note: All user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered.”

This line is an insufficient ToS for a website of our size. In fact, Drupal.org is probably the only website of this size which operates without a published Terms of Service. This situation is uncomfortable, and even dangerous, for both Drupal community and the Drupal Association, which is legally responsible for Drupal.org and its contents.

In the absence of a ToS, a lot of rules—“do’s and don’ts”—regarding the website are just “common knowledge” of users who have a long memory and accounts created in the early days of Drupal.org. This might result in new users making mistakes and misbehaving only because they do not know what the unwritten rules are. Website moderators often lack guidance on how to react in specific situations, because those policies are not written anywhere. Some policies, such as organization accounts policy or account deletion policy still need to be defined. Lastly, absence of clearly defined Terms of Service and Privacy Policy could lead to legal disputes regarding the site.

What’s next?

The new Drupal.org Terms of Service and Privacy Policy are published now for the community review. We'll continue refining them based on community feedback and announce the 'official' implementation day additionally. On that day all existing users will have to accept these ToS and Privacy Policy to continue using the website. All new users starting on that day will have to accept the ToS and Privacy Policy upon account creation.

Click to review Drupal.org Terms of Service

Click to review Drupal.org Privacy Policy

In the future, we will make sure to keep ToS and Privacy Policy up-to-date and update them every time policies or functionality of the website changes. We will proactively notify users of all modifications to both documents.

Thanks

We’d like to say thanks to the Drupal.org Content Working Group members and community members who already reviewed proposed documents and provided us with their valuable feedback.


UPDATE: Edits to the original drafts were made on 21st of August, 2014, based on feedback in comments to this post.

UPDATE #2 (03.09.2014): We are postponing ToS/PP official launch and will come back with an updated draft shortly.

Drupal 7.31 and 6.33 released

6 August 2014, 5:35 pm

Drupal 7.31 and Drupal 6.33, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.31 and Drupal 6.33 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.31 is a security release only. For more details, see the 7.31 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.33 is a security release only. For more details, see the 6.33 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.31 and 6.33 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.31 or Drupal 6.33.

Update notes

See the 7.31 and 6.33 release notes for details on important changes in this release.

Known issues

None.

Front page news: 
Drupal version: 

Drupal 7.30 released

24 July 2014, 10:12 pm

Update: Drupal 7.31 is now available.

Drupal 7.30, a maintenance release with several bug fixes (no security fixes), including a fix for regressions introduced in Drupal 7.29, is now available for download. See the Drupal 7.30 release notes for a full listing.

Upgrading your existing Drupal 7 sites is recommended. There are no new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.30 is a bug fix only release. The full list of changes between the 7.29 and 7.30 releases can be found by reading the 7.30 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.30 release notes for details on important changes in this release.

Known issues

None.

Front page news: 
Drupal version: 

Drupal 7.29 and 6.32 released

16 July 2014, 8:37 pm

Update: Drupal 7.30 and Drupal 6.33 are now available.

Drupal 7.29 and Drupal 6.32, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.29 and Drupal 6.32 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.29 is a security release only. For more details, see the 7.29 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.32 is a security release only. For more details, see the 6.32 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.29 and 6.32 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.29 or Drupal 6.32.

Known issues

(Drupal 7 only) This release introduced a serious regression, the biggest effect of which is to cause files or images attached to taxonomy terms to be deleted when the taxonomy term is edited and resaved. See the release notes for more details. The solution is to upgrade to Drupal 7.30 or higher.

Front page news: 
Drupal version: 

On February 13, 2008, Drupal 6 was released. The policy of the community is to support only the current and previous stable versions. (When Drupal 6 was released, Drupal 4.7.x was marked unsupported. When Drupal 7 came out, Drupal 5.x was marked unsupported.) This policy was created to prevent core and module maintainers from having to maintain more than 2 active major versions of Drupal.

With the coming Drupal 8 release, this policy has been questioned. We want to ensure that sites that wish to move from Drupal 6 to Drupal 8 have a supported window within which to do so. The Drupal core team, key module maintainers, and representatives of the Drupal security team met at Drupalcon Austin to discuss this as an in-person follow up to the previous discussion at https://drupal.org/node/2136029.

Drupal 6 core and modules will transition to unsupported status three months after Drupal 8 is released. "Unsupported status" means the community will not be providing support or patches in the same way we do now. Continuing to support Drupal 6 would be difficult for many reasons, including a lack of automated test coverage, the requirement for rigorous manual release testing, the slow-down it introduces in the release of security fixes for the vast majority of Drupal users (on version 7+), and the general shift of volunteers in the community moving their attention onto Drupal 8 development.

This gives Drupal 6 users a few options:

1) Upgrade to Drupal 7 any time between now and 3 months after Drupal 8.0.0 is released. Drupal 7 releases undergo almost 40,000 automated tests, and Drupal 7 will be fully supported at least until Drupal 9 comes out. Given the past history, the release of Drupal 9 is likely to be around 2018.

2) Upgrade to Drupal 8 after it is released, but before Drupal 6 is not supported anymore. Fortunately, Migrate support for Drupal 6 to Drupal 8 is already in core, and there is Migrate UI, a contributed module. While not all contributed modules will be ready at the time Drupal 8 is released, Drupal 8's migration path handles most of the critical site data via its CCK to Entities/Fields in Core migrations.

3) Find an organization that will provide extended support for Drupal 6. The Drupal Security Team will provide a method for companies and/or individuals to work together in the private security issue queue to continue developing updates, and will provide a reasonable amount of time for companies to provide patches to Drupal 6 security issues that also affect Drupal 7 or Drupal 8. The security team will coordinate access to issues for companies wishing to provide extended support for Drupal 6. However, the team will not explicitly review or test the patches (some team members may do this on their own). All code created by these vendors, would be released to the community.

Organizations and individuals interested in providing this level of support for their customers
AND who have the technical knowledge to maintain a Drupal core release should go to the security team Drupal 6 long term support page.

Both the Security Team and Drupal core leadership feel that a 3-month window after Drupal 8's release before eclipsing community support for Drupal 6 is a workable compromise between leaving Drupal 6 sites on an unsupported version the second Drupal 8 comes out, and acknowledging that our community's volunteer resources are limited and have shifted focus. We hope that organizations that rely on Drupal 6 will step up to help maintain it after community support winds down, and/or help their clients update to D8.

Drupal version: 

For this month’s community spotlight, we wanted to showcase three stellar Drupalistas who went above and beyond at the Dev Days Szeged sprints. Emanuel Greucean (gremy), Maurits Dekkers (Mauzeh), and Ernő Zsemlye (zserno) all made big contributions to the project at Dev Days Szeged. Here’s a little bit about each.

Emanuel Greucean (gremy)

How did you get involved with Drupal?

Picture of Emanuel GreuceanI got involved with Drupal right after college, in 2009. I went to a job interview, showed the employers my enthusiasm about web development and my very not impressive profile, one of which was a Joomla website, and they accepted me. At this job, I got initiated in the art of web development and got a solid education in Drupal. At my first day on the job, I was given the Drupal Developer’s “Bible” (Pro Drupal Development, 2nd edition), and was told that I had to know it by heart.

What do you think open source represents?

For me, open source represents the opportunity to have access to awesome products for free. It also represents the opportunity to join a community of passionate developers and to learn a lot, and also to pass on your knowledge. If you are a contributor, it’s also an opportunity to leave a mark, and a joy to know that your work is being used by millions of people.

Why did you choose to work in Szeged on beta blocking, and what is your fondest memory from Szeged?

One reason for working on beta blockers in Szeged was the desire to get Drupal 8 as close as possible to being released, because I really want to start using it in Production.

One of my fondest memories from Szeged might be the moment when I actually finished the last missing "Change Record” issue, and with this Drupal 8 change records were up to date for the first time in three years. Also I really appreciate all the help I received from people I had never met before. They initiated me into contributing to the community.

Are you working on any fun projects at the moment?

Yes. I am currently collaborating with Kalamuna, a Drupal shop from San Francisco's East Bay Area. They are really great colleagues, and I have the opportunity to work on great projects with them. One of the projects I am most excited about is Kalabox, and I have to say that I am really enthusiastic about its future.

Maurits Dekkers (Mauzeh)

How did you get involved with Drupal?

Picture of Maurits DekkersI got involved with Drupal through a client about three years ago. They were using Drupal mainly for its ability to allow site builders to create their own fieldable data structures. Until then I had mostly worked with Zend Framework and Symfony, and I never even knew there was an open source system that could do this! Or course, now I know that there is so much more about Drupal that is awesome, and I cannot imagine a web development life without it!

What do you think open source represents?

For me, open source represents people (!) who provide their time, effort, and financial resources on something that provides only indirect value. An open source developer spends their free time working on a feature not knowing whether it will actually make it into the final product (unless they are the project lead...). For some this might be an unrewarding way of working because there appear to be few direct, short-term, rewards. So if you contribute something to open source software, you must do it for reasons unrelated to direct income or revenue. Therefore, the passion that people have for the product comes from a much deeper belief.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

Despite working with open source software on a daily basis, and lurking around in the issue queues, I never had the guts to really get involved. I realized that getting to know the people behind the nicknames would certainly help because I could just walk over and ask something. So when I saw the announcement for Szeged, I jumped in straight away. And I'm really glad I did. I most remember the people I was working with and having beers with at night, with Cathy (YesCT) being just amazing to get people up to speed. Her passion for the community is really remarkable. I wanted to learn more about how the Entity API works in Drupal 8, and was directed to tstoeckler and plach, from whom I learned very much very quickly.

Are you working on any fun projects at the moment?

I'm currently working as a freelancer for a few Drupal site building shops. Since I just started as a freelancer in November last year, I'm working quite a lot to make sure I have some financial room to contribute some more to D8.

Ernő Zsemlye (zserno)

How did you get involved with Drupal?

Picture of Ernő ZsemlyeIt all started during my 4th year at the university. I needed a few more credits for the upcoming semester and stumbled upon a new elective course titled "Open Source Content Management Systems" held by a guy called Kristof Van Tomme. I had absolutely no idea about the topic but it sounded pretty cool so I applied. The first lecture was about open source in general and a brief introduction to the Drupal world. At the end of the lecture, Kristof mentioned that he was looking for interns for his new company. I applied the next day and I am sure that was the best move in my career to date. :)

What do you think open source represents?

I could compare it to traveling. Once you experience what traveling to new places feels like, you suddenly start to feel as if you had been looking at the world through a small and dirty window. Then you also realize how small you are in this life. This is so true for open source.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

I wanted to work on something that would give me the opportunity to dive deep into Drupal 8 and learn as much as possible about the new system. I was assigned to an Entity API beta blocker. After having spent my first 3 days on getting my head around all the new things in D8, I got stuck. The next day Berdir pinged me on IRC that he wanted to discuss the next steps with me in person. We talked for about 5 minutes but that was enough to put me back on track with the issue and also gave me great inspiration that I could talk to a real rockstar in person.

Are you working on any fun projects at the moment?

I am working at the Central European University as a web developer. We are a small team of four people who maintain virtually any web presence of the whole university: main institutional site with heavy traffic, custom websites for each departments, research groups, alumni campaigns, student groups, etc. It is a constant challenge to use our limited resources to address all arising needs successfully. So we are continuously looking for new ways to create reusable solutions across all these websites. And this is lots of fun. For example I just finished building a custom installation profile based on the fantastic Panopoly distribution so firing up a new website became ridiculously easy.

---

Gremy, mauzeh, and zserno were just a few of a huge number of rock stars who worked hard and made great contributions at Szeged. Thank you so much to everyone who turned out for the sprints! The next major sprint event will be at DrupalCon Austin. Our community organizers (led by YesCT) have worked hard to make sure we'll have seven days of sprints that culminate in a huge sprint on Friday, June 6. We hope to see you there.

Drupal version: 

Drupal 7.28 released

8 May 2014, 4:19 am

Update: Drupal 7.29 is now available.

Drupal 7.28, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.28 release notes for a full listing.

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.28 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.27 and 7.28 releases can be found by reading the 7.28 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.28 release notes for details on important changes in this release.

Known issues

Changes made to the Update Manager module in this release may lead to performance slowdowns in certain cases (including on rare page loads for site visitors, if the site is using the automated cron feature). See the release notes for more information.

Front page news: 
Drupal version: 

Drupal 7.27 and 6.31 released

16 April 2014, 7:59 pm

Update: Drupal 7.28 and Drupal 6.32 are now available.

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues

  • This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.
  • (Drupal 7 only) This release caused a JavaScript error which breaks Ajax requests in very old browsers (for example, Internet Explorer 8 and earlier); see this issue for details. The solution is to upgrade to Drupal 7.28.
  • (Drupal 7 only) This release caused the Multiple Forms module to stop working correctly (see issue). The solution is to upgrade to Multiple Forms 7.x-1.1 or higher.
Front page news: 
Drupal version: 

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Lee RowlandsSince joining Drupal.org in 2007, Lee Rowlands (larowlan) has been an important contributor to the Drupal project. A major core contributor and Drupal 8 advocate, Rowlands has become a well-recognized and celebrated member of the Drupal community.

Rowlands is an important Drupal figure in Australia, and has spoken at DrupalCamp Brisbane 2010, Drupal Downunder Melbourne 2012, DrupalCon Sydney 2013 and Drupal South Wellington 2014. An occasional mentor during Drupal Office Hours in the Australian timezone (GMT+10), Rowlands is also a well-recognized figure in the international Drupal community for his involvement with core and his contributions to a huge variety of projects on Drupal.org.

How did you get involved with Drupal?

Jim Morrison and a naked native american came to me in a dream and told me it was my destiny. Just kidding. I started up my own IT consulting business and I'd built a couple of Drupal 5 sites.

The third site I built needed some tricky mapping functionality. This was in Drupal 5 and the site was for a locally owned fishing tackle franchise. Their point of difference with the big national chain-store was local knowledge. So they had this great idea to create a series of online fishing maps for local regions, each featuring points of interest for that region. Each point of interest had a marker icon based on its type, eg there were boat ramps, fishing spots etc. Each marker had a popup with an image and some text. The kind of thing you can build on your own with Google Maps now, but back then - it was a fairly new concept.

At the time gmap module was the go-to mapping option (Drupal 5) but it didn't support the image/marker/description functionality. So I wrote a patch to allow wiring up a content-type with gmap functionality to do so. And in order to post the patch, I had to sign up for a Drupal.org account. So that was my first comment on Drupal.org, a sizeable patch!

Not long after that I pitched the idea of a website to a local motel that had just had a renovation. At this stage Drupal 6 was out and the go-to ecommerce solution was Ubercart. My pitch included online-reservations so I worked with Will Vincent to round out a hotel-booking solution for Ubercart. That's how I got my CVS access on Drupal.org.

Contributing my code back to Drupal.org opened my consulting business up to the world. Up until that point most of my work had been for local businesses. Once I had a project on Drupal.org I started receiving work offers via my Drupal.org project page, mostly for adding new pieces of functionality.

I continued building sites and I always ensured that I had contract provisions to open-source any generic modules that the project needed. Over time I ended up with more than 30 contrib projects on Drupal.org, all with varying degrees of maintenance. Each of these kept resulting in work referrals and I kept expanding my skillset and client-base.

Then Drupal 7 came out and it felt like I had to start learning all over again. I had a long car-trip coming up so I downloaded the mega 'Upgrading 6.x modules to 7.x' thread from Drupal.org and spent about three hours taking in all the changes. As soon as I had net access, I subscribed to the Drupal core issues RSS feed. At this stage my motivation was just to keep across changes happening in core, but after a while I started seeing issues posted that I realised I could fix/work on. So I started commenting and posting the odd patch.

Not long after an epic thread was posted by @sun in the issue queue titled 'Make core maintainable' (https://drupal.org/node/1255674), basically it was proposing that if we didn't get more hands on deck in core, the only way forward was to start dropping unmaintained modules. I jumped into irc and put my hand up to maintain forum, one of the modules on the chopping block. I had a conversation with @chx who later remarked 'yesterday I saw a guy on IRC who was contemplating on taking the forum module maintainer hat' (http://www.drupal4hu.com/node/303).

So from there I took a more active role in core contribution. Those threads are a great read, even today, as they indicates the level of frustration that core developers were experiencing in the first six months of Drupal 7's release.

What do you do with Drupal these days?

I build sites for some of Australia's largest government, education, media and non-profit organisations with one of Australia's most respected Drupal Agencies, PreviousNext. It's a great team and I get to work on interesting projects.

After all this time I still enjoy working with Drupal. Sometimes people lament Drupal's ease of site-building, likening it to 'golden handcuffs', but that's where contributing to core and contrib help. If you find yourself stuck in a 'click-monkey' rut, contributing code lets you flex your 'code-monkey' muscles.

You’re involved with quite a variety of projects in the Drupal community - can you describe some of the things you do and why you like them?

I particularly like working on Drupal core because it helps me keep abreast of upcoming changes. I don't have a CS education, I have degrees in mathematics and engineering, and I've been quoted before saying I got my CS education in the Drupal issue queues. As a contributor you are incredibly lucky to have your work constructively reviewed by some of the world's best programmers. Every time someone makes a suggestion on your patch, you learn a little more. I've learnt so many programming concepts from reviewing other's code and having my code reviewed by others. Particularly during the Drupal 8 cycle, where we've effectively rewritten Drupal in a new language - PHP 5.3.

What’s the coolest project you’ve worked on?

Its not live anymore unfortunately but I worked on sendmypostcards.com which was a Drupal 6 site with Ubercart where you could create your own postcards and pay to have them printed. You could use your Facebook photo-galleries, Flickr account or upload your own files. The designer/editor was built with jQuery and the site used batch-jobs to generate 300dpi print-ready PDFs. It was a challenging project but it did end up spawning a number of contrib modules including Image Cache External which allows you to generate derivatives of remote images. Unfortunately the site didn't last, but I did get a couple of Christmas cards printed and sent to my office. It was great to have something tangible, I still have them mounted on my office wall.

What changes do you hope will come in Drupal 8?

I'm disappointed we didn't get a layout builder in core but I'm excited by the opportunities for it to develop and mature in the contrib ecosystem. Some of the work done as part of the Scotch Initiative by @sdboyer and @eclipsegc was pretty awesome. @sdboyer stepped me through the 'Princess' branch (the name was a dare) at the stage when it was fairly functional and the possibilities it opened up were pretty awesome. Hopefully that work will be leveraged for what becomes of panels/page manager in Drupal 8.

What is your favorite part about the Drupal community?

Getting to work with insanely intelligent and brilliant people. There are so many awesome people working with and on Drupal every day who are always willing to share their experiences and knowledge.

Tell us a little about your background or things that interest you outside Drupal?

I live in Central Queensland at the Southern tip of Australia's Great Barrier Reef. We have three World Heritage listed destinations all within our reach - the reef, Fraser Island and Mon Repos Turtle Rookery, where you can watch Marine turtles lay their eggs or the hatchlings make their way into the world. The climate is great, the cost of living is low and the people are some of the friendliest in the world. I get to work out of an office with two great Drupal devs who also work for PreviousNext, @nick_schuch and @grom385. Its a great lifestyle, our office is right on the beach.

Outside Drupal I'm passionate about family, with two school aged children and I've been married for 15 years. I'm lucky that Drupal gave me an income while my children were pre-school aged and when they went off to school I was able to turn this into a career.

Drupal version: 

Joining The Day We Fight Back

10 February 2014, 11:20 pm

Free Software is not just about saving money. It's not just about sharing for sharing's sake. Free Software, at its core, is about empowering people. It is about ensuring that everyone has ultimate control over their own electronic lives, because the software that runs their electronic lives is under their control and not someone else's.

How do you know your computer is doing what you tell it to, and not someone else? How do you know your phone is only recording what you tell it to record? How do you know your files are only being read by you? How do you know your refrigerator isn't reporting on your diet to someone else?

The only way to be sure is to have the source code so that you or someone you trust can verify that it is doing only what you tell it to and your electronic tools are not secretly acting for someone else. Free Software is all about ensuring an individual's personal digital sovereignty, free from unwanted or secret invasion from anyone -- other people, corporations, or governments.

The entire point of sharing source code is so that individual people and organizations can ultimately have control over their own equipment, information, and digital lives. In many ways it is about privacy: The security to know that your data is accessible to you, and your computer is used by you, and only you, unless you decide otherwise.

Recent revelations, however, have shown that people's digital sovereignty is under even more attack than before. Both the American and British governments have been found violating the digital privacy of millions of people in their own countries and around the world. That is exactly the sort of attack on individual digital sovereignty that Free Software was created to combat.

As a leading Free Software project, the Drupal Community opposes such privacy invasions. We believe it is our ethical duty to stand with The Day We Fight Back and others who oppose such violations of individual digital sovereignty. We encourage all people, all over the world, to take a stand for digital freedom. If you are in the United States you can use the banner at the bottom of this page to locate and contact your Congressional representatives and tell them to oppose further infringement of individual privacy rights and to force the NSA and similar agencies to obey the law in both letter and spirit.

Drupal 7.26 and 6.30 released

15 January 2014, 7:59 pm

Update: Drupal 7.27 and Drupal 6.31 are now available.

Drupal 7.26 and Drupal 6.30, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.26 and Drupal 6.30 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.26 is a security release only. For more details, see the 7.26 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.30 is a security release only. For more details, see the 6.30 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.26 and 6.30 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.26 or Drupal 6.30.

Known issues

(Drupal 7 only) On sites with a very large number of unpublished nodes in the database, the Taxonomy module update function introduced in this release may take a very long time to run and consume an excessive amount of memory; see this issue. The solution is to upgrade directly to Drupal 7.28 instead.

Front page news: 
Drupal version: 

Predictions for 2014

14 January 2014, 9:26 am

4877. That is where the tradition within the Drupal community of making predictions for the year ahead with regards to our software, our community and broader, the web, started. Node 4877, written at the end of the year 2003. We have come a long way since then.

This year we would like to know what you think the year ahead will bring for Drupal and, as a bonus, we would like to know what was the best prediction you found in the past. Where did we shine when it comes to vision or humor.

See older entries from 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 and 2013. Read them.

And now predict for 2014 and reflect the last decade in this thread.

Drupal 7.25 released

3 January 2014, 12:48 am

Update: Drupal 7.26 is now available.

Drupal 7.25, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.25 release notes for a full listing.

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.25 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.24 and 7.25 releases can be found by reading the 7.25 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.25 release notes for details on important changes in this release.

Known issues

Changes to Drupal's page caching system in this release caused an incompatibility with the Authcache module (see this issue). The solution is to upgrade to Authcache 7.x-1.7 or higher.

Front page news: 
Drupal version: 

Drupal Association is hiring CTO

29 December 2013, 7:46 pm

The Drupal Association, with the help of a Search Committee comprised of Board and Advisory Board members, is beginning a search for a Chief Technical Officer (CTO) for Drupal.org (not the Drupal software project). The CTO will fill a critical role for the both the Association and the community, working at the strategic level with the Drupal.org Working Groups to build a roadmap for Drupal.org, create and manage processes critical to the success of the site (including security and disaster recovery), and ensure that Drupal.org roadmaps are met. A CTO role ensures that Drupal.org has the technical and strategic oversight needed to drive improvements and innovations. Specifically we want to ensure that we have the best platform for developers, community involvement, and critical revenue-generating opportunities.

The CTO is the first of several hires we will make over the course of the next few months to significantly increase our ability to improve the experience of Drupal.org for our many constituents. These hires will include more development and devops bandwidth, among other things. In short, this is a really exciting time to work on Drupal.org!

We're asking for your help to find the right person for this role. We're looking for someone with strong product management skills, a community player who can work with our broad base of remarkable volunteers, and the experience to guide and manage our development, infrastructure and operations teams. Please review and share the Drupal Association CTO Job Description.

We've also included a little more context below if you want to learn more. And, if you have any questions, please feel free to contact Holly Ross.

Why a CTO? Isn’t that a bit much for our needs?

Our focus at the Association in 2013 has been re-aligning Association resources to bring more support and funding to our community’s most important asset: Drupal.org. During the last 9 months, we've begun diversifying our revenue streams so that we can scale our income and provide more funding for Drupal.org projects. We launched Working Groups to manage the strategic direction and policy setting we need to make good decisions for the site. Most recently, we hired a Technology Manager for the Association so that our limited technical staff can focus more fully on Drupal.org.

In 2014, we are planning for an even more dramatic shift, bringing on engineering and infrastructure staff to pay off years of technical debt and begin to move the site forward with new developer tools, better site performance, and strong security practices. We’re incredibly excited to help the community move Drupal.org forward and really meet community needs. We see the CTO role as essential to making this happen. It sets us up to proactively address Drupal.org needs at a strategic level - forecasting necessary changes before they become critical problems.

Isn’t this the role of the Working Groups?

Yes - the Working Group charters put them in charge of direction-setting and strategy for the sites. We anticipate that the CTO will work closely with the Working Groups to coordinate their work and ensure that those decisions are translated into a cohesive roadmap. Additionally, the Working Groups are not designed to implement the roadmap. The CTO will oversee the team that does that - either in-house, using 3rd party tools, through contractors, with volunteers, or a combination of these options.

Are you going to hire from within the community?

We are certainly going to look within the community. We will also look outside the Drupal community. The committee seeks a candidate who brings a breadth of experience and knowledge regarding open source community sites.

Is this a technical role or a business role?

We expect that the right candidate will have equal parts technical chops and business savvy. We are not expecting the CTO to write production code, but the CTO will have to know how to do that so that they can manage it well. Additionally, the CTO will need to understand business problems and how technology can be strategically deployed to meet those needs.

Where will the position be based?

Ideally, in Portland, OR, at the Drupal Association headquarters. We know however, that this is likely unrealistic as a hard and fast constraint, and will encourage applicants from around the globe.

Drupal 6.0 was released almost 6 years ago in February 2008. The Drupal community is committed to release Drupal 6 bugfixes until Drupal 8.0 is released and with recent changes provide security fixes much longer.

The hosting and development landscape was very different in 2008 though. PHP has gone a long way since we released Drupal 6. While Drupal 6 is still supported on PHP 4.x, the PHP developer community itself end-of-lifed PHP 4 just half a year after Drupal 6.0 came out. According to public statistics and data available to us about Drupal 6 sites, we estimate that there is a very small number of Drupal sites which may still run on PHP 4. We also don't believe it is in our best interest to support Drupal 6 on a possibly insecure but definitely unsupported base system, so we discussed and decided to drop support for PHP 4 on March 1st 2014.

If you are running a Drupal 6 site on PHP 4.x, we suggest you look at your hosting situation as it is likely there are other outdated (and possibly insecure) components involved in your environment as well. For the secure operations of your site, we suggest you look at other hosting options. We suggest to look for hosting with at least PHP 5.2.4 (same as Drupal 7's oldest supported PHP version).

While we don't plan to deliberately introduce PHP 5 constructs in Drupal 6, this change also lets contributed module developers to use PHP 5 more easily in their code.

Front page news: 
Drupal version: 

Michael Hess new Security Team Lead

10 December 2013, 3:16 pm

Back in November of 2011, I appointed Greg Knaddison to lead the Drupal Security Team, for a term of two years. In that time, Greg has done a tremendous job helping the Security Team scale. November 2013 ends the term that Greg and I agreed to, Greg is now stepping down as team lead.

I'm pleased to share that Michael Hess (mlhess on Drupal.org) has accepted my invitation to become the new Security Team lead. For those who don't know Michael, he is an adjunct lecturer and a Solution Architect Lead at the University of Michigan. He teaches courses on content management platforms, particularly focusing on Drupal, oversees the functionality of several campus websites, and serves in a consulting and development role for other departments within the University of Michigan. He has been a member of the Drupal Security Team for 3 years and a member of the infrastructure team for 2 year.

As the Drupal Security Team lead, Michael will be the point person for the team. He'll be responsible for coordinating the Security Team's activities and for making decisions when consensus doesn't arise. Michael wants to move the team into more of an advisory and preemptive role, rather than a response function. In addition, he wants to continue to scale the security team (e.g. by working on building better and more automated tools, providing better metrics, etc).

Please join me in thanking Greg for all the great work he has done over the past two years, and in welcoming Michael as the new team lead!

Front page news: 

Drupal 7.24 and 6.29 released

20 November 2013, 9:00 pm

Update: Drupal 7.25 and Drupal 6.30 are now available.

Drupal 7.24 and Drupal 6.29, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.24 and Drupal 6.29 release notes for further information.

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.24 is a security release only. For more details, see the 7.24 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.29 is a security release only. For more details, see the 6.29 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.24 and 6.29 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.24 or Drupal 6.29.

Update notes

See the 7.24 and 6.29 release notes for manual update steps and other details on important changes in this release.

Known issues

For a while after the release, sites running certain versions of Drupal core may have seen an erroneous message from the Update Status or Update Manager module recommending that they update to Drupal 6.27 or Drupal 7.19, rather than the actual latest security release. This appears to be an issue related to the drupal.org Drupal 7 upgrade which has since been fixed; see this issue for further details.

Front page news: 
Drupal version: