If this tutorial is not what you were looking for, you still have any questions, suggestions or concerns - feel free to let us know. Please help us to serve you better!

Your Name

Your Email

Your Message (required)

captcha

Drupal News and Updates

This page will show you the most recent Drupal templates updates and Drupal Community news.

Drupal Templates News and Updates

December 3, 2012. The New Word In Creating Drupal Stores

December 03 2012 | Category: Drupal Updates

The creators of Drupal Commerce decided to bring their favorite CMS to masses. When speaking with one of TemplateHelp’s Drupal developers, he said: “I can’t understand, why users don’t use Drupal, it’s so simple…” Commerce Guys, those who created Drupal Commerce stores, got to be thinking that way.

Read More

May 03, 2012 – Drupal 7.14 released

May 09 2012 | Category: Drupal Updates
(Russian) В этой заметке вы узнаете о проблемах сопутствующих обновлению ядра Drupal 7.14. Read More

Responsive Drupal templates

April 09 2012 | Category: Drupal Updates
Responsive Drupal templates include several layout options - each is optimized for proper screen resolution. Read More

Drupal 6.19 templates

April 26 2011 | Category: Drupal Updates

Drupal templates starting from #30278 are compatible Drupal 6.19

Drupal 6.19 release anouncement is available here. You can also check the release notes to see the updates…

Read More

Drupal 7 templates are available

April 26 2011 | Category: Drupal Updates

Drupal templates starting from #32668 are compatible with Drupal 7

Drupal 7 features:

  • Vastly improved administrative user interface thanks to the D7UX movement
  • Flexible content and custom fields
  • Better visual presentation and theming with Render API
  • Accessibility is greatly improved
  • Image support is now included
  • Automated code testing
  • Improved database support
  • Better distribution support
  • Support for the Semantic Web through
Read More

Drupal 6.17 compatible templates

June 22 2010 | Category: Drupal Updates

Drupal templates starting from #29476 are compatible with Drupal 6.17

Drupal 6.17, a maintenance release fixing issues reported through the bug tracking system, is now available for download. There are no security fixes in this release. Upgrading your existing Drupal 6 sites is recommended. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement.

Highlights …

Read More

Drupal Themes are Now Available!

April 04 2008 | Category: Drupal Updates

After having launched Joomla and Mambo CMS templates last fall we have noticed that even though these two product types are strikingly popular the audience still wants more. Therefore in response to this growing demand for various CMS products we have decided to be so kind and to launch a new CMS designs range which we have chosen to be …

Read More

Drupal News and Updates

What’s new on Drupal.org? - August 2017

19 September 2017, 4:38 pm

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Announcement

TLS 1.0 and 1.1 deprecated

Drupal.org uses the Fastly CDN service for content delivery, and Fastly has depreciated support for TLS 1.1, 1.0, and 3DES on the cert we use for Drupal.org, per the mandate by the PCI Security Standards Council. This change took place on 9 Aug 2017. This means that browsers and API clients using the older TLS 1.1 or 1.0 protocols will no longer be supported. Older versions of curl or wget may be affected as well.

Almost time for DrupalCon Vienna

DrupalCon Vienna

DrupalCon Vienna is almost here! From September 26-29 you can join us for keynotes, sessions, and sprinting. Most of the Drupal Association engineering team will be on site, and we'll be hosting a panel discussion about recent updates to Drupal.org, and our plans for the future.

We hope to see you there!

Drupal.org updates

8.4.0 Alpha/Beta/Release Candidate 1

On August 3rd, Drupal 8.4.0 received its alpha release, followed on the 17th by a beta release, and on September 6th by the first release candidate. Several new stable API modules are now included in core for everything from workflow management to media management. Core maintainers hope to reach a stable release of Drupal 8.4 soon.

Improvements to Project Pages

We made a number of improvements to project pages in August, one of which was to clean up the 'Project information' section and add new iconography to make signals about project quality more clear to site builders.

Project information improvements

In the same vein, we've also improved the download table for contrib projects, by making it more clear which releases are recommended by the maintainer, providing pre-release information for minor versions, and displaying recent test results.

Download table improvements

Metadata about security coverage available to Composer

Developers who build Drupal sites using Composer may miss some of the project quality indicators from project pages on Drupal.org. Because of this, we now include information about whether a project receives security advisory coverage in the Composer 'extra' attribute. By including this information in the composer json for each project, we hope to make it easier for developers using Composer to ensure they are only using modules with security advisory coverage. This information is also accessible for developers who may want to make additional tools for managing composer packages.

Automatic issue credit for committers

Just about the last step in resolving any code-related issue is for a project maintainer to commit the changes. To make sure these maintainers are credited for the work they do to review these code changes, we now automatically add issue credit for committers.

Performance Improvements for Events.Drupal.org

With DrupalCon coming up in September we spent a little bit of time tuning the performance of Events.Drupal.org. We managed to resolve a session management bug that was the root cause of a significant slow down, so now the site is performing much better.

Syncing your DrupalCon schedule to your calendar

A long requested feature for our DrupalCon websites has been the ability to sync a user's personal schedule to a calendar service. In August we released an initial implementation of this feature, and we're working on updating it in September to support ongoing syncing - stay tuned!

Membership CTA on Download and Extend

We've added a call to action for new members on the Drupal.org Download and Extend page, which highlights some great words and faces from the community. Membership contributions are a crucial part of funding Drupal.org and DrupalCon, but much the majority of traffic we receive on Drupal.org is anonymous, and may not reach the areas of the site where we've promoted membership in the past. We're hoping this campaign will help us reach a wider audience.

Membership CTA on the Download page

DrupalCI sponsorship

DrupalCI is one of the most critical services the Drupal Association provides to the project, and also one of the more expensive. We've recently added a very small section to highlight how membership contributions help provide testing for the project - and in the future we hope to highlight sponsors who will step up specifically to subsidize testing for the Drupal project.

Infrastructure

More semantic labels for testing

In August we added more semantic labels for DrupalCI test configuration. This means that project maintainers no longer have to update their testing targets with each new release of Drupal, they can instead test against the 'pre-release' or 'supported' version, etc. More information can be found in the DrupalCI documentation.

Semantic Labels for Testing

Started PCI audit

In August we also began a PCI audit, and developed a plan of action to reduce the Drupal Association's PCI scope. Protecting our community's personal and financial information is critically important, and with a small engineering team, the more we can offload PCI responsibility onto our payment vendors the better. We'll be continuing to work on these changes into the new year.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

The Drupal Association Board of Directors will meet twice during DrupalCon Vienna. They have a board retreat the weekend before the conference and there is  an open board meeting during DrupalCon for the community to attend. Below are details about each meeting.

Board Retreat

During a retreat, the board and the Executive Director meet in an extended executive session to plan and discuss the strategy for the Drupal Association. Normally, the retreat lasts two days and non-board members including staff are invited to participate in presentations and discussions on specific topics.

However for the upcoming retreat in Vienna, we will be exploring a holistic view of the strategy for Drupal and are structuring the retreat differently to accommodate this expanded conversation.

Open Board Meeting

The board will meet again during DrupalCon Vienna on Wednesday, 27 September  from 11:45 - 13:00 in the convention center Business Suite 3-4. This is open to the community and lunch will be served to all who attend. You can also attend remotely via Zoom. See the dial in information below.

The agenda for this meeting includes:

  • Vote to approve last board meeting minutes

  • Executive Update

  • Drupal.org Update

  • DrupalCon Europe Update

  • Community Governance update from the CWG

  • Community Q&A

  • Celebrate departing board members

Those dialing into the meeting can join zoom by registering here: https://zoom.us/webinar/register/1b63252cf48650c9d746f627e8486654

Or join by phone (see link for # by country):

https://zoom.us/zoomconference?m=ZTp9iSy-nW5sqyKJKRfhbTbxDueqU9W   

Webinar ID: 460 900 173

Drupal 8.4.0-rc1 is available for testing

7 September 2017, 12:47 pm

The first release candidate for the upcoming Drupal 8.4.0 release is now available for testing. Drupal 8.4.0 is expected to be released October 4.

8.4.x includes new stable modules for storing date and time ranges, display form errors inline and manage workflows. New stable API modules for discovering layout definitions and media management are also included. The media API module is new in core, all other new stable modules were formerly experimental. The release also includes several important fixes for content revision data integrity, orphan file management and configuration data ordering among other things. You can read a detailed list of improvements in the announcements of alpha1 and beta1.

What does this mean to me?

For Drupal 8 site owners

The final bugfix release of 8.3.x has been released. A final security release window for 8.3.x is scheduled for September 20, but 8.3.x will receive no further releases following 8.4.0, and sites should prepare to update from 8.3.x to 8.4.x in order to continue getting bug and security fixes. Use update.php to update your 8.3.x sites to the 8.4.x series, just as you would to update from (e.g.) 8.3.4 to 8.3.5. You can use this release candidate to test the update. (Always back up your data before updating sites, and do not test updates in production.)

For module and theme authors

Drupal 8.4.x is backwards-compatible with 8.3.x. However, it does include internal API changes and API changes to experimental modules, so some minor updates may be required. Review the change records for 8.4.x, and test modules and themes with the release candidate now.

For translators

Some text changes were made since Drupal 8.3.0. Localize.drupal.org automatically offers these new and modified strings for translation. Strings are frozen with the release candidate, so translators can now update translations.

For core developers

All outstanding issues filed against 8.3.x were automatically migrated to 8.4.x. Future bug reports should be targeted against the 8.4.x branch. 8.5.x will remain open for new development during the 8.4.x release candidate phase. For more information, see the release candidate phase announcement.

Your bug reports help make Drupal better!

Release candidates are a chance to identify bugs for the upcoming release, so help us by searching the issue queue for any bugs you find, and filing a new issue if your bug has not been reported yet.

DrupalCon Europe plays an important role in moving Drupal forward. However, with waning attendance and increasing financial losses, it’s time to find a new path forward so it is sustainable and continues to provide unique value. This blog covers the problem of relevance. In other words: how can DrupalCon Europe provide unique value, meeting the needs and wants for the European community. This blog is part of a series that includes:  

  1. The problem we need to solve for financial sustainability

  2. The problem we need to solve to create unique value

  3. Results from a proposal based on community input

  4. A new path forward for DrupalCon Europe.

As mentioned in our last post, DrupalCon is a human experience. It’s truly about bringing people together to strengthen bonds so they can do something amazing together with Drupal. As seen in the DrupalCon Dublin Wrap and DrupalCon Barcelona Wrap presentations, the event mostly attracts builders from digital agencies (developers, project managers, designers, UX) and digital agency owners. However, our community consists of so many more personas including technical decision makers, end-user business decision makers, as well as content strategists and content editors and other marketing related personas. DrupalCon’s current attendees, and those who don’t attend, have unique needs that they want DrupalCon to address. The question we ask is “How can DrupalCon serve this spectrum of needs while also being a sustainable event?” We start by looking at our current attendee base.

In the last post, we showed how attendance is waning at about 14% per year on average. Sponsor support dropped 17% this year. It’s apparent that DrupalCon Europe is not currently providing value that attendees and sponsors are willing to pay for. We understand that the cost to attend is not just buying the ticket, airfare, and lodging. There is also the opportunity cost of missing billable hours with clients and important time with family. To thrive as an event, DrupalCon Europe’s value needs to outweigh all of these costs.

Why is DrupalCon attracting fewer attendees? To find out, we spent a lot of time this year interviewing Drupal event organizers, core developers, sprint mentors, business owners, sponsors, and other engaged community members. We also conducted a survey that 350+ people participated in. This research started in December 2016 and continued through the year. We found that there are several reasons why fewer people attend DrupalCon ranging from lower-cost camps that provide similar content, to gaps in DrupalCon programming, and high attendance costs.

Event Competition

To understand how DrupalCon Europe can provide unique value through programming, we evaluated the competitive landscape for events. We looked at Drupal events (ex: Camps) and other technology events that attract Drupal developers, especially those working on headless solutions and e-commerce.

You can find the competitive analysis here. The TL;DR is that every Drupal event has some, if not a lot, of the same programming as DrupalCon Europe. The other thing that stands out is that DrupalCon Europe's programming does not cater to business decision makers who want to evaluate Drupal for their organization. However, local communities have started this work with the Splash Awards and similarly coordinated activities.

Doing this competitive analysis helped us see where DrupalCon provides unique value, which is listed in the Strengths portion of the SWOT down below. Still, we need to understand what the region needs to move Drupal and the community forward and what potential attendees want and need out of DrupalCon. So we conducted round table interviews of over 40 European community leaders and organizers and conducted a community survey. Thanks to everyone for participating in these conversations. You can find the survey findings here (spoiler: there is a lot of information in there. It is summarized in the sections below)

Findings from Interviews and Survey

Based on everyone’s input, we created a needs assessment and we also created a DrupalCon Europe SWOT analysis. Below are summaries of key questions asked.

Needs Assessment

What Does Drupal Success Look like In Europe in the next 3 to 5 years

The roundtable and survey participants we talked to describe a future where in 3 to 5 years, Drupal 8 will have lower barriers to adoption (modules, usability, UX) and it will grow in market-share, especially in government and enterprise. There was also a shared vision amongst some that Drupal serves the small and mid-sized business market. It will be seen as a leader in each country over competitors like WP and Typo3. There will be enough developers for hire to support that growth. In terms of community, there will be more contributing members, especially from end users, and there will be more people volunteering time to contribute code and run events. The community will be vibrant, healthy, and engaged.

What Europeans want and need for Drupal to thrive

We asked participants what areas need focus to help Drupal achieve their vision of success. Here is a summary of what we learned:

  • Grow talent pool

    • Developers (PHP, Symfony, Javascript) need to get involved to: 1) be hired 2) contribute either by code or time to organize events - basically, the longtime contributors needs backup.
    • Education for developers to learn Drupal and deepen their skill
  • Grow adoption rate

    • not measured by just numbers - because there is no value in going after Squarespace deals. More marketing of Drupal’s power showing big, local case studies.
    • Get Drupal off the island - merge with other tech communities (PHP, JS) to talk about Drupal, organize co-located events, and recruit talent
  • A healthy community (depth of volunteer bench and mental health)

    • Camp support - turnkey websites, templated checklist, and sponsor support.
    • Promote / list country Associations, user groups on D.O

DrupalCon Europe and meeting the needs

Based on this input, it appears that the European community has a good vision for Drupal’s success and what they need to achieve it. We are pleased that DrupalCon Europe already addresses several needs such as:

  • Attracting new developers
  • Teaching developers about Drupal’s contribution culture
  • Getting people off the Drupal island with the PHP and Horizons track, which focuses on other projects and technologies.

We can adjust some programming to address currently unmet needs. For example, there is a need to deepen our community volunteer bench. Perhaps we can use Community Summits to provide mentorship.

However, there are some things DrupalCon Europe may not be able to achieve. For example, there is little support to make DrupalCon a developer event and a business / marketing event. In talking with other OSS projects, we learned that this is common in Europe. The suggestion is to decouple the two needs.

While DrupalCon can be redesigned to better meet needs, it is unclear which stakeholder to prioritize: the Drupal shops / digital agencies who want a marketing event, or the developer community who needs more people to help them build with Drupal and move the project forward. It is also unclear if camps and other Drupal events are better positioned to meet the developer community’s needs better than DrupalCon.

DrupalCon Europe SWOT Analysis

Our survey and roundtable asked other questions like what is special about DrupalCon, where does it not meet your needs, etc. We used that kind of input to create a SWOT analysis for DrupalCon Europe.

SWOT stands for Strengths, Weaknesses, Opportunities and Threats. It helps you organize input so you can consider the best strategy for your business - or in this case, your event.

Here is the DrupalCon Europe SWOT:

  • Strengths:

    • DrupalCon Europe demonstrates the power of Drupal because it is the largest Drupal event. It creates a “Disneyland feeling” that re-energizes excitement for Drupal.
    • It breaks down barriers and fosters greater knowledge sharing across international borders.
    • Because it attracts people from different countries and is the largest Drupal event, it provides the best opportunity to expand your network and learn new thinking.
    • DrupalCon is professionally produced, which improves how Drupal is perceived
    • Dries and other well-known Drupal members are there
    • Offers diverse content (it’s for project managers as well as developers)
    • DevOps and hosting sponsors (e.g. Fastly) feel they connect with the right audience
  • Weakness:

    • Cost is too high (strong agreement on this)
    • Content is not advanced enough. We want to hear about other languages (PHP, Symfony, JS)
    • “I can hear the same speakers at camps, which are cheaper and closer to home”
    • Digital shops who sponsor say there is no ROI. They can’t give more in terms of sponsorship because they put their money into sending staff, which has a hard cost and opportunity cost
  • Opportunity: [note: this section reflects contrasting community opinions]

    • Re-imagine the event to focus on a new audience

      • Attract new developers. Don’t serve the existing advanced developers because they can go to DevDays.
      • Attract and move developers from newcomer to beginner to intermediate only
      • Attract [prospective] end users and then attract Drupal agency sponsors again.
      • Create vertical-specific programming with emphasis on public sector to attract [prospective] end users
      • Don’t focus on business. Just make it even better, bigger for the community
      • Make the event bigger than Drupal. Co-locate with or include more content about PHP, Symfony, Javascript,
    • Make the main goal to attract new developers (including PHP, JS) by only going to three locations: UK, Benelux, Germany
    • Expand programming to talk more about things bigger than Drupal like JavaScript, PHP
    • Bring back the old community feel. Go back to the old days when it was more intimate and run by the community.
    • Shift resources by not doing a DrupalCon and support the camps. [But watch out for community burnout and help when camps get more attendees.]
    • Find a sustainable model for supporting European camps that can also support other regions like Asia Pacific and Latin America.
  • Threats

    • Camps, DevDays compete with DrupalCon head on with same speakers and sprints, yet provide an intimate, localized experience. Sponsorships are more affordable and sponsors can possibly get business at a camp where they can’t at DrupalCon Europe.
    • DrupalCamp London provides a regional event since it attracts attendees from all over [Western] Europe.
    • Other Technology events. Advanced developers want to go to a PHP, JavaScript conference
    • Drupal 8 is not growing and the D7 SMB market is moving to WIX and not D8, especially in certain countries.
    • Some can’t attend because of family commitments
    • Event timing conflicts with when I need to focus on business. Just returning from long summer break and it’s the end of Q3.

Looking at the SWOT, it is good to see consensus about DrupalCon’s strengths and weaknesses. That helps us know what to lean into and what to avoid as we look for solutions. What is concerning is “where do we take DrupalCon?” when looking at the opportunities. The community feedback reflects a wide spectrum of needs that DrupalCon could serve, yet it is quite unclear which ones to prioritize. Also, there was strong consensus that we lower ticket prices. Unfortunately, to lower ticket prices we need to hone our focus, rather than expand it to meet all of the expressed needs.

Summary

Overall, findings showed that there are many needs and opportunities for DrupalCon Europe to tackle. We cannot do all of them and it’s unclear which one is the top priority for the region.

Europe is many countries with many cultures. And Drupal is very flexible both in terms of how you use it technically, and also what personal or professional dream you want to pursue with it. It’s only natural that our research findings showed that the European region has multiple and differing visions for DrupalCon.

In the end, the question remains: where do we focus DrupalCon’s programming to strike at the highest priority needs of the European community and how do we do that in a sustainable way? The next blog in this series shows how we tried to answer it with community members.

DrupalCon Europe plays an important role in moving Drupal forward by uniting community members across countries for knowledge sharing, networking, and celebrating. Plus, the event is one of the largest events focused on contribution back to the project. However, with waning attendance and financial losses, it’s time to find a new path forward so it is financially sustainable and provides value to the European community. This blog covers the financial problem we need to solve and it is part of a series that includes:  

  1. The problem we need to solve for financial sustainability

  2. The problem we need to solve to create unique value

  3. Results from a proposal based on community input

  4. A new path forward for DrupalCon Europe

The Financial Problem:

DrupalCon is a human experience. We certainly want to focus on the people in the community: what they want to achieve and what that looks like through an improved experience. However, financially the event needs to at least break even for us to continue providing this special experience. That is why we are starting this conversation by framing DrupalCon Europe’s financial problems.

We know that financially-focused blogs can be downright boring and not everyone feels comfortable reading financial statements. So this post provides several kinds of reports to illustrate the problem and we do our best to spell out where the challenges lay. Feel free to leave questions in the comments and we will answer them.

Last year, the Drupal Association contracted with a new financial planner, Summit CPA. They provide a lot more resources and financial insight than we have had in the past. One of the biggest things we learned last September was that DrupalCon Europe loses money. In the past, we did not include staff costs as part of the event cost, so we operated under the understanding that DrupalCon Europe was breaking even at a minimum. Our DrupalCon team spends 50% of their time on this event. Marketing spends close to 50%, the sponsor sales team spends 30%, engineering spends about 15%, and finance spends about 20%. For DrupalCon Europe, the staff costs add up to $220,000 per event.

It wasn’t wrong to not include staff costs in the DrupalCon budget. It just didn’t give the true picture of how this particular program was performing. As we started our financial turnaround last year, we realized that we need each of our programs to be self-sustaining going forward. Except, DrupalCon Europe is not self-sustaining. That puts pressure on the viability of other programs like Drupal.org, which needs to be properly funded to support everyone in the community.

Understanding Financials Through Comparison

One of the best ways to understand a situation is through comparison, so let’s look at DrupalCon Europe versus DrupalCon North America, which consistently operates at a profit due to several factors. We provide several reports below to help you see the comparison and the post walks you through those comparisons.

You will notice that all financials are in U.S dollars (USD). Since the European community works with different currencies, we felt it was less confusing and less prone to error if we kept our reports in USD.

DrupalCon Reports

DrupalCon North America has a net income percentage of up to 38% and makes up 45% of Drupal Association’s annual revenue. Meanwhile, DrupalCon Europe operates at a loss. For example, DrupalCon Dublin lost $176,000 and had a net income percentage of -18%. DrupalCon Vienna is forecasted to lose over $200,000 even with the programming reductions that we made earlier in the year.

DrupalCon North America Weather Report

DrupalCon Europe Weather Report

DrupalCon Europe Financial Challenges

In short, DrupalCon Europe income is lower than DrupalCon North America due to fewer attendees and less sponsor support. However, expense per attendee is higher in Europe. Below is a summary of the main differences that make DrupalCon Europe unsustainable. We invite you to review the Profit & Loss statements and other financial reports so you can have more clarity around these points and possibly find ones we missed.

Greater Expenses than DrupalCon North America

One of the biggest cost difference is related to the convention center. Both DrupalCon Europe and North America are held in this kind of venue due to the attendance size. While DrupalCon Europe has less attendees than the North American event, it is still large enough to require us to be in a convention center.

We looked at moving the event to a hotel, but wifi and catering costs make this option more expensive. Also, hotel-based conferences require a large room block reservation that the Drupal Association would have to financially guarantee, which is a big risk. The European event attendees tend to opt for other lodging options like AirBnB. It’s unlikely we can sell enough hotel rooms to meet the guarantee and will end up paying a large penalty.

By comparing DrupalCon Dublin expenses with DrupalCon Baltimore expenses, you can see that the expense 5710: Facility and Furnishing is $328,000 in Dublin and $129,000 for Baltimore. This is the main expense putting strain on DrupalCon Europe’s sustainability.

It’s also more expensive to send staff and our contracted production team from the United States to Europe for a marathon of an event (up to 10 days).

Less Financial Support than DrupalCon North America

The challenge of funding an expensive, professional event like DrupalCon Europe comes down to two things: smaller attendance and less sponsor support. Here is a breakdown of how these two revenue items differ from DrupalCon North America.

Attendees

Smaller attendance with higher expenses make the event unsustainable. DrupalCon Europe attracts about 1,700 - 1,800 attendees compared to DrupalCon North America, which has over 3,000 attendees. This means there is less ticket revenue to cover costs. And DrupalCon Europe attendance is decreasing each year by about 14% a year on average (if you average in Vienna's forecasted attendance), making it harder to cover costs in the future.

Another attendee difference is that DrupalCon North America attracts end users who are either leveling up their skills or evaluating Drupal or looking for a service provider. Having end users at DrupalCon attracts Drupal shop / digital agency sponsors who get new business by connecting from this audience. Meanwhile, DrupalCon Europe primarily attracts builders (developers, project managers, designers) from Drupal shops / digital agencies. There are very few end users attending DrupalCon Europe. This impacts sponsor revenue as many Drupal shops / digital agencies do not want to sponsor an event where they are much less likely to get a business opportunity.

Sponsors

DrupalCon North America has about $850,000 in sponsor revenue while DrupalCon Europe has $300,000. There are a few reasons for this difference.

A big portion of DrupalCon North America’s sponsor revenue comes from North American Drupal shops / digital agencies. As mentioned, they sponsor because they can connect with the end user attendees who give them business opportunities. They also sponsor because the event is held in a country where they conduct business.

In Europe, and as mentioned above, Drupal shops / digital agencies are much less likely to get a qualified lead because it is primarily a developer event. Additionally, the Drupal shops / digital agencies in Europe support sales in their specific countries. As DrupalCon Europe moves around, sponsors find that the event is in a country where they don’t do business and therefore don’t want to sponsor.

As for the shops/ agencies who do sponsor, they do so to support the community. It’s simply getting harder for them to invest in the event as they chose to put those funds into marketing or operations. It is important to note that hosting and software companies do find value in supporting DrupalCon since they target the developer audience.

A Study of Ticket Sales Profitability

Another way to see how the income and expense challenges make DrupalCon Europe unsustainable is to look at what the sale of a ticket covers and how much is left over to go towards paying expenses.

Here is a report that shows profitability of the early bird and the regular rate ticket for DrupalCon Dublin and DrupalCon Baltimore. It shows that the profitability is:

DrupalCon Dublin

Early Bird Rate

DrupalCon Baltimore

Early Bird Rate

Ticket Profitability before sponsor income

              -$238.05

                       -$0.36

Sponsor income per attendee

                $188.86

                     $244.15

Total Ticket Profitability

                -$49.19

                     $243.79

DrupalCon Dublin

Regular Rate

DrupalCon Baltimore

Regular Rate

Ticket Profitability before sponsor income

              -$133.87

                     $170.39

Sponsor income per attendee

                $188.86

                     $244.15

Total Ticket Profitability

                  $54.99

                     $343.79

As you can see, we lose money for each DrupalCon Europe early bird ticket we sell. You may ask, why would we ever price a ticket that loses money? It’s a good question. When we priced this we did not include staff costs in the overall event costs. We were operating under the understanding that the ticket was making money. We can see now that when we include the staff costs to the overall event costs, this ticket type loses money.

You can also see that not only does the Dublin regular rate earn $300 less profit per ticket compared to Baltimore, that profitability needs to compensate for the losses accrued by the Dublin early bird ticket sales.

Looking more closely at the report, you can also see that having less DrupalCon Europe sponsor support puts the ticket sales profitability at an even greater disadvantage. 

Clearly, DrupalCon Europe has a financial structural issue to solve for.

Blockers to Financial Solutions

There are a few ways to solve the financial problem. Ticket prices could be increased, we could grow attendance to improve the profitability, we could stay in the same venue each year, or we could cap attendance and have a smaller DrupalCon to control costs. We looked at these options and found the following blockers to each solution.

  • Increase ticket prices.

    • We surveyed the European community and found that there was a strong resistance to increasing ticket prices even if more value was delivered. Many see this event as a community event that should be affordable or free. Many believe they pay through their code and non code contribution and don’t want to pay more in ticket costs. Many also told us they want the ticket price to be greatly reduced.

  • Grow ticket sales revenue by expanding who the event serves

    • Attract more “builders”. Both DrupalCon Europe and North America attract a “builder persona” who work at a digital agency or Drupal Shop (developer, project manager, designer, UX). However, North America attracts builders from end users as well whereas DrupalCon Europe does not. It has been challenging to grow the end user / builder attendee at DrupalCon Europe. Part of the challenge is that when an end user adopts Drupal, the Association does not know. There is no closed-loop system that tells the Drupal Association who is using the software. We have to rely on Drupal shops / digital agencies to provide this information or be our marketing channel. In Europe, several agencies said they don’t want their end user attending so they stay positioned as “the trusted source on how to Drupal”.

    • Attract “evaluators”. In North America, the event has a commercial element, attracting decision makers who want to meet with sponsors and learn more about Drupal. This not only grows ticket sales, but it also encourages the high level of sponsor support in North America. However, DrupalCon Europe attendees strongly request that we don’t include a marketing or commercial focus at DrupalCon Europe, keeping it a purely developer event.

  • Hold a smaller event to control costs.

    • We researched this over the past few months. Looking at a 1,000 - 1,200 person event, venue options that can meet our event needs are still too expensive. And after testing the smaller event concept, we found that many community members were dissatisfied with this direction.

    • For DrupalCon Vienna, we controlled costs by making the program smaller by reducing the Monday trainings and summits. We also eliminated other elements like the DrupalCon t-shirt. Despite these changes, we are still operating at a loss due to decreasing attendance. Many expressed they understood why we needed to make these changes, but were unhappy with them. We are grateful to the Drupal Austrian community for bridging this gap and hosting summits and trainings on the Monday before Drupalcon Vienna.

Staff Capacity

This part is a bit sensitive because I’m talking about staff. They gave permission to have these details shared with you.

Last year, when the Drupal Association reduced its staff to bring our expenses in line with our revenue, we eliminated work to match the smaller team capacity. After living with that reality for a year, we can see that we did not do a good job with DrupalCon.

The DrupalCon staff consists of Rachel Friesen, Director of Events, and Amanda, Gonser, Program Manager. Rachel is an operational wizard, who is committed to excellence, and cares deeply about delivering a special experience that meets our community’s needs. Rachel has incredibly streamlined the way we produce DrupalCon from site selections, budgeting, space planning, vendor management, sponsor support, marketing oversight, and so much more. She moves an army of people ranging from the board, staff, vendors, sponsors, and community members through a process that ensures that everything gets done on time with the best possible planning. I am always impressed how Rachel goes the extra mile (er, kilometer), to hear and address everyone’s needs and ideas. It is truly a balancing act.

Many of you likely know Amanda from the DrupalCon emails or you are one of the hundreds of volunteers who work with her. Amanda is high energy, bubbly, focused, and moves hundreds of people through a process that allows everyone to contribute in their special way; track chairs who pick sessions, trainers, local volunteers who create the local experience, a troupe of event photographers, room monitors, social media volunteers, and more. As with all people management, Amanda not only gives volunteers a structure to follow, but she invests time with them to foster relationships. We can not produce DrupalCon without our amazing and generous volunteers and they deserve a meaningful experience.

While producing DrupalCon, many people want to try new things like add a new program to DrupalCon five months before the event or create a new sponsor package. There are certainly great ideas that can level up the experience. Unfortunately, Rachel and Amanda simply do not have the capacity to entertain many new ideas. That’s frustrating for both of them because they want community members to realize their ideas. It’s equally frustrating to the community members. In the end it can create a lose-lose situation.

Over the year, we noticed that Rachel’s and Amanda’s calendar is booked every hour throughout each day. When we talk, they have little time as they run from one meeting to the next. It’s a frenetic pace. We moved to Jira this year and their burndown charts show that they can not complete everything they need to do within a sprint. This pace and high levels of stress are causing health issues.  

Amanda did a capacity study. It showed that she is scheduled to do over 69 weeks of work in a year (and that doesn’t include sick or vacation time). Just a reminder, a year has 52 weeks. Rachel is in a very similar situation. We looked at which work we could eliminate, but at this point there is nothing. Naturally, the situation is untenable and must be addressed immediately.

Given how small our team is, the only way to address this is by adding another staff member or contractor. This means expenses will further increase for DrupalCon Europe. We can go this route, but in the end what this tells me is that we do not have the right operational model to support two DrupalCon per year - let alone the ability to scale back up to three per year.

I want to pause and thank Rachel and Amanda for pushing through this challenging time. Please join me in thanking them. I also want to thank the other Drupal Association staff for going above and beyond to make DrupalCon a special experience. You support Rachel and Amanda in so many ways to deliver a great event for the Drupal community.

Additionally, it can not be said enough how special our volunteers are. They contribute their time and talent while already having full lives that include jobs, family, friends, and other interests. Volunteers could choose to do many other things with their free time, yet they chose to create DrupalCon for all of us. Thank you.

Summary

Phew! That was a longgg DrupalCon financial overview. Thanks for hanging in there. I hope sharing all that data and insight helps answer some of the questions we’ve seen in past blog comments and on Twitter this past year.

As you can see, solving DrupalCon Europe’s sustainability is critical, not only so this event can exist into the future, but so it doesn’t put strain on the sustainability of Drupal.org, which is clearly imperative for the project’s viability. We need to answer the question “how do we balance creating a valuable event with the financial realities of event production and the realities of staff capacity?”

But before we get into solutions, let’s look at what the community wants DrupalCon to achieve.

Our next blog in this series will be about the other problem to solve: How can DrupalCon Europe provide unique value?

Let's face it, it's been a crappy year in many ways. Internally and externally there are pressures that have made all of us think "what's the point?"

Instead of a world where we build and move forward together there is conflict, uncertainty, and so many why moments. From the macro to the micro, communities and ecosystems are struggling. The ideals of open source software often feel exploited, and the feeling of wonderment and discovery as we build together has been cast aside to something that feels very much like... well, work.

Drupal has not been immune. Like I need to tell you that.

For those of us that are optimists, and change makers, and idealists, and believers, nothing hits home the impact of our work than stories about how we use this code called Drupal to create impact. I think the world needs a little of that right now.

So, we have a team, we have energy and we are ready to shine the crap out of the brilliance of the people behind, in front, and to the side of Drupal.

I for one am looking forward to us injecting so much positivity into this community that even the chronic eye rollers won’t be able to help but give a slight smile.

Drupal sprint commit at DrupalCon Baltimore 2017

A highlight of DrupalCon: the live code commit! Photo by Michael Cannon

The first thing we are working on is getting a way to start collecting stories. We might use a form. Or we might build an entire website. Just coz we can. So how about y’all give me a *whoop* *whoop* and start thinking about helping the Drupal Spotlight Committee unlock stories of Drupal impact from across the globe. It’s going to be fun.

The Drupal Association is honored to be the stewards of DrupalCon - a program created by the community for the community. It serves many goals ranging from uniting, growing, and strengthening the community to leveling up Drupal skills to accelerating contribution.

This year the Drupal Association has been focusing on DrupalCon Europe, so we can better serve the European community. While we certainly hear good things about the event from attendees, we also hear many comments like “it is too much of a US event” or “content isn’t appealing enough” or ”it is too expensive” or “there isn’t enough business value for sponsors” or “it’s not rock and roll enough”.

We see this play out in the attendance numbers, which decreased 14% on average each year since DrupalCon Amsterdam in 2014. Sponsor revenue decreased as well. And thanks to a more accurate financial reporting approach launched last year, we can see that DrupalCon Europe lost between $100,000 to about $200,000 per event for the last several events. 

This isn’t a sign of Drupal’s health. It is simply a sign that this event is not meeting the community’s needs. We can tell because European Drupal events grew in number, attendance, and type over the last few years. The community clearly wants a different kind of experience.

Drupal Association staff like Amanda Gonser, Program Manager, and Rachel Friesen, Director of Events, come to work each day simply to serve the community and create a DrupalCon experience that delights and helps people feel empowered to move Drupal forward. It pains us knowing that DrupalCon is not hitting the mark for the European community. And, it also pains us that we aren’t able to host DrupalCon in other regions like Asia or South America because they’re not possible with our current operational model for hosting events.

For staff, producing  a special DrupalCon experience is more than a job, it’s a personal mission. So, we are putting a lot of care into figuring out how to make DrupalCon Europe better.

To come up with an event concept that is sustainable and loved (or provides unique value in business speak), we met with many European community members over a period of 10 months and even put out a community survey to gather input. Together, we worked through a process to find a better path forward.

It’s time to open this discovery process up to the greater community so you can understand at a deeper level the problems we are trying to solve and the process we’re using to solve them. Then, we want to discuss the options that we have identified so we can find the best path forward for DrupalCon Europe. I know that together, we can create a sustainable event that strikes at the needs of the European community.

To share the information we’ve gathered and to foster discussion, I am launching a blog series. Starting with this post, it will cover the following topics:

  1. The problem we need to solve for financial sustainability

  2. The problem we need to solve to create unique value

  3. Results from a proposal based on community input

  4. A new path forward for DrupalCon Europe

I encourage discussion in the comment section during the blog series and I will host BOFs at DrupalCon Vienna so we can talk through a path forward. We encourage members to read this blog series so you have as much background information as possible to help inform these discussions.

Thank you for caring about this important community event and giving input into what it looks like in the future.

TL:DR; Our community is full of amazing people. Let’s celebrate them. Join the Community Spotlight committee to review community-nominated heroes so we can recognize and celebrate those who have contributed to Drupal in special ways.

+++++++++++++

Drupal is a single expression of collaboration amongst thousands of people from around the world who are passionate, smart, and caring. They donate countless hours, moving the project forward by contributing code, mentoring new contributors, writing documentation, organizing camps, sharing knowledge, and so much more. These selfless acts are Drupal’s lifeblood and deserve being celebrated and appreciated.

It’s clear from a recent #drupalthanks twitter-fest that our community is eager to show their appreciation for each other. That is why, the Drupal Association, with the help of Lyndsey Jackson,  is re-launching Community Spotlight, a program that highlights community-nominated heroes who have contributed to the project in a special way. This program went on hold last year when the Drupal Association downsized, making the organization more sustainable. Lyndsey offered to bring the program back by forming a committee who will select nominees to be highlighted on Drupal.org and through Drupal Association communication channels.

The Drupal Association is thankful for Lyndsey’s passion for celebrating the community and for making time to bring Community Highlights back. Lyndsey has a great vision for the program. In her own words, she says: "We want the Community Spotlight to represent a shared story or an experience that will resonate and connect with where the community and the project is at that point in time. We want to highlight the depth of experience that exists, and the evolving potential through emerging leaders and new energy"

Will you join the Community Spotlight Committee?

Lyndsey is creating a Community Spotlight committee to drive this important program forward. It will consist of 3-5 people with diverse backgrounds. They will review the community-nomination forms and pick who we will celebrate. They will also help convert the nomination form into a blog post, which the Drupal Association will promote.  The monthly time commitment would be about 2-4 hours. This group also has the autonomy to evolve the program. I’m sure there are many ways we can improve how we celebrate our community.

To join this committee, please complete this form

Drupal 8.3.7 is a maintenance release which contain fixes for security vulnerabilities.

Updating your existing Drupal 8 sites is strongly recommended (see instructions for Drupal 8). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.7 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

Description

Views - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6923

When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view.

It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.

REST API can bypass comment approval - Access Bypass - Moderately Critical - Drupal 8 - CVE-2017-6924

When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments.

This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.

Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - Drupal 8 - CVE-2017-6925

There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.

Versions affected

  • Drupal core 8.x versions prior to 8.3.7

Solution

Install the latest version:

Drupal 7 core is not affected, however, Drupal 7 Views is: see Views - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-068

Also see the Drupal core project page.

Reported by

Views - Access Bypass

REST API can bypass comment approval - Access Bypass

Entity access bypass for entities that do not have UUIDs or protected revisions - Access Bypass

Fixed by

Views - Access Bypass

REST API can bypass comment approval - Access Bypass

Entity access bypass for entities that do not have UUIDs or protected revisions - Access Bypass

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Drupal.org updates

Better Distribution packaging

Drupal.org Drush upgraded

Distributions are a cornerstone of Drupal, giving site-builders a head start by packaging together proven modules and themes from contrib to build a Drupal site to purpose. In July we spent some time improving the functionality for packaging distributions on Drupal.org, by updating Drupal.org's packaging system to use Drush 8. This resolves several issues:

We hope that these changes will help distribution maintainers

reCAPTCHA

reCAPTCHA

One of the key tools we use to prevent spam on Drupal.org is Mollom, which will reach end of life next year. To replace it, we've implemented reCAPTCHA on Drupal.org, and updated our privacy policy accordingly. We have not yet disabled Mollom, because Mollom is a content analysis tool in addition to a captcha tool. Because reCAPTCHA does not duplicate that content analysis functionality we'll be monitoring spam attack patterns on Drupal.org to see whether reCAPTCHA will be a sufficient as a standalone replacement.

Easier addition of new documentation guides and pages

Adding new guides and pages from the menu

It's hard to believe that the new documentation system has been in use for almost a year. We've made a number of improvements after the initial release to improve usability for both contributors and maintainers of documentation, and to encourage project maintainers to migrate their docs. One piece of feedback we've heard several times is that the 'add content' links the sidebar of a documentation guide were too difficult to find. To make it easier for documentation contributors to add new sub-guides and pages, we've added a new page link to the 'Edit' menu of documentation guides.

Webmasters and documentation moderators can administer all docs

Finding maintainers for the over 12,000 pages of documentation on Drupal.org continues to be a challenge, and so we've given all users with the Webmaster and Documentation Moderator role the ability to administer any documentation guide. This will expand the pool of users who can help to manage documentation and manage documentation maintainers. Good documentation for a project with Drupal's scale is a community-driven effort and we're incredibly thankful for all the volunteers who contribute.

Any confirmed user may claim unmaintained documentation guides

We also now allow any unmaintained guide to be claimed by any confirmed user—automatically adding them as the maintainer for that guide. This should make it much easier for new contributors to take up the mantle of maintaining sections of documentation on Drupal.org.

Learn more about maintaining documentation by reading our content guidelines.

For evaluators

Updated industry page call to action

Drupal for Healthcare

The Drupal.org industry pages are a new experiment for the Drupal Association this year, with a goal of reaching out to Drupal evaluators in specific markets. The success stories we showcase on these pages demonstrate the power of Drupal in these industries, but we also want these pages to be an opportunity to connect evaluators with experts who can help them achieve their goals with Drupal. To enhance our efforts to connect Drupal evaluators to experts in their industry - we've added an additional call to action at the top of the industry page to encourage evaluators to connect with experts.

Front page case study promotion for supporting partners and top contributors

In July we laid the groundwork for promoting a second row of case studies on the Drupal.org home page. The second row will feature case studies from supporting partners and top Drupal contributors. These will not replace the existing row of case studies that are featured through the community process, but will supplement these case studies with additional stories from organizations that support the Drupal project through monetary and issue contribution. Watch for these new stories in the coming months.

Digital tote for Vienna

DrupalCon Vienna

For DrupalCon Vienna we're implementing a new digital tote bag to deliver benefits to DrupalCon attendees provided by our event sponsors. This digital totebag will feature content for attendees from our Diamond, Platinum, and Gold sponsors.

Speaking of DrupalCon Vienna - prices are about to go up by €50 + VAT - so make sure to register before early bird ends on Friday.

Infrastructure

Audit of monitoring and backups

One of the first steps our new infrastructure partner is undertaking is an audit of our monitoring and backup regime, to ensure that we are well-prepared for disaster recovery and mitigation. While our internal team (with the help of dedicated volunteers) has maintained these existing systems, the current system is something of a patchwork of several tools, and we're hopefully that we can consolidate our tools and process and make them more robust and efficient.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

  • Deeson - Renewing Premium Supporting Partner
  • Bits Creative Agency - *NEW* Classic Supporting Partner
  • Tag1 - *NEW* Signature Supporting Partner
  • Pantheon - Renewing Premium Hosting Supporting Partner

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

Drupal.org updates

Healthcare Industry Page

Healthcare industry page launched

One of our major goals this year is to highlight the power of Drupal in key industries. The Drupal.org industry pages highlight the story of building a custom-tailored solution for each industry using third-party integrations, expert hosting, or even purpose built distributions for the industry. Each page also highlights case studies which show demonstrated success stories using Drupal in each industry. In June we've launched our latest industry page, highlighting the Healthcare industry.

Semantic Labels for Development Branches

Semantic labels for core

With a six month release cycle for Drupal core, the environment that project maintainers should test their code against will change fairly frequently. To make it easier for maintainers to keep up to date with testing - we've introduced semantic labels for the core branches. Maintainers can now configure tests against Default — the current development branch of Drupal, Stable — the most recent release of core, and Supported — the current patch/bug-fix branch.

These semantic labels should make it easier for project maintainers to manage testing. We hope to expand on this with a few more labels, and may even extend these semantic labels to the version field that issues are filed against in the future.

UTF8MB4 support

As mentioned in last month's update, we've updated the Drupal.org and the sub-sites to support the UTF8MB4 extended character set. While the changes for the sub-sites were deployed in May, we finished up by adding support to Drupal.org itself in June. Among other things, this means that Drupal.org will no longer throw errors if emoji are used in content. 😄

Updating our membership CRM

Drupal Association Membership is managed using the CiviCRM platform - and in June we spent a bit of time updating to the latest version and troubleshooting some issues around receipting and renewals. Members can check their current membership status on the membership page. If you're not yet a member or you need to renew, check out our membership certificate offer.

Performance improvements

To increase performance on Drupal.org we've updated to the latest version of the Advanced Aggregator module (special thanks to u/mikeytown2). The latest updated includes aggregation of font from the Google fonts api, which should make a material difference in Drupal.org page render times.

Better spam moderation tools

A recent surge of spam attacks targeting Drupal.org has lead us to take another pass at updating our spam moderation tools. Spammers continue with a never ending escalation of tactics, and so we are constantly evolving our tools for managing spam. We've implemented some rate limiting protections as well as some new moderation views that will make it easier for us to bulk moderate spam. We'll be continuing with some of this work into July so that we can keep Drupal.org's home free from spam and productive.

Infrastructure

Infrastructure partner selected

In March we kicked off an RFP process to find a Managed Infrastructure Services vendor to partner with us to help maintain and improve the Drupal.org infrastructure. In June we reached a decision and have selected Tag1 Consulting as our partner. We're now working with Tag1 to audit our current infrastructure, policies, as well as monitoring and alerting systems as we kick off this relationship. Tag1 brings a tremendous amount of experience in Drupal infrastructure management as well as making Drupal performant at scale - and we're grateful to have them on board. With a partner on board to help us manage our infrastructure our internal team will focus on features and issues that support our mission.
———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

I recently shared the community needs and potential strategies for evolving community governance, which resulted from the Community Discussions we held in person and online throughout April and May. You can find the webinar recording and written transcript, as well as the meeting minutes from all Community Discussions, at https://www.drupal.org/community/discussions.

Many community members who participated in these discussions agreed that the next step to take in this process is to hold a Community Governance Summit. However, we are not yet clear on where and when this event should take place, who should participate, and several other important details. I worked with community members to develop this survey so we can answer those questions.

Please take 5 minutes to take this community survey and tell us your thoughts about the Community Governance Summit. This survey will remain open until 11:59pm EDT on July 28, 2017. We will analyze the findings and report back on what we learned in a follow-up blog post by Friday, August 4.

Thank you for your time and participation.

On 28 June, 2017, the Drupal Association Board held the second of four annual public meetings. It was a full meeting where staff provided operational updates and gained some strategic direction from board members on how to proceed in various areas. Some highlights included:

  • Summary of DrupalCon Baltimore’s performance and impact.

  • Progress on securing future DrupalCon locations.

  • Discussion on how to unblock community outreach efforts by making appropriate changes to the Drupal.org privacy policy

  • An update on the Drupal.org infrastructure RFP that was recently awarded to Tag1.

Whitney Hess also attended the board meeting to give an update on the Community Discussion work and invited the community to attend her webinar that shared her findings and next steps. You can learn more and watch the recorded webinar here.

Also, Jamie Nau, our “virtual CFO” from Summit CPA attended the meeting to review April 2017 financial statements, which showed that DrupalCon Baltimore exceeded expectations, positioning the Drupal Association for a healthier year, financially. This is encouraging news as we work through our financial turnaround, which started a year ago.

In an effort to be more transparent about board activities, the board chose to use this public forum to vote to approve the January through April 2017 financial statements. April 2017 financial statements showed that April was a successful month primarily due to DrupalCon Baltimore's strong financial performance. 

You can find the meeting minutes and board materials here

We were pleased to have community members attend and invite you to attend our next board meeting on 27 September, 2017 at noon CEST. It is located in the DrupalCon Vienna convention center and can also be attended via zoom.  

Join in the fun during the Drupal Association membership campaign happening now through August 4. We're providing personalized certificates of membership to individual and organization members who join or renew during the campaign and we need your help spreading the word.

The campaign has two goals: help us deliver 500 certificates and raise $18,250 during July 10-August 4. By sharing and encouraging Drupal users and people in the community to join us, you'll help us meet these goals. If we are told by 5 or more members that you referred them to us during this campaign, we'll thank you on social media.

Grab words and graphics from this post and share away. If you are a member who would like your own certificate let us know and we'll send one your way. Post your selfie or hang your certificate on the wall. Thanks for sharing!

Social

Share why you are a member.

Facebook logoShare

Twitter logoTweet

Graphics

Use these with https://www.drupal.org/association/campaign/certificate-2017

Become a member. Join before August 4 and get your certificate drupal.org/join
300 x 250px

Join before August 4. Get a member certificate.
440 x 220px (good for Twitter)

Join the Drupal Association by August 4 to get your membership certificate
300 x 140px

Thank you for supporting the Drupal Association and for being part of our community.

Last week, we shared the high-level findings from our recent Community Discussions. Today, Whitney Hess hosted a webinar to explain those findings in depth, along with proposals from the community on how to evolve community governance.

We encourage you to watch the video and post your questions in the comment section here. If you have comments but wish to remain private, Whitney asks you to email her directly at [email protected].

You can find the transcript here.

Over the last few years, many of us have seen the need to evolve community governance. Up until now, we had to focus on other priorities, but now is the time to address our needs for community governance especially in light of recent community events.

Our project has matured greatly and participation has expanded from developers and site builders to also include more content editors, designers, and marketing managers who work not only as freelancers or at Drupal shops, but also for large digital agencies or system integrators. We want all community members to be included in these community discussions so the redefined community governance serves everyone. This is an exciting time to create an even healthier future for our ever-growing community.

The Drupal Association is committed to staying in a support role as the community determines how to best evolve community governance to support everyone’s needs. We started helping by hosting Community Discussions that were mediated by Whitney Hess. There were 7 sessions at DrupalCon Baltimore and 7 virtual sessions between April and May. You can find the meeting minutes here.

The Community Discussions surfaced several common needs and identified several strategies for addressing those needs.

The most commonly shared needs of the community are (in order of frequency):

  • Awareness

  • Participation

  • Transparency

  • Clarity

  • Contribution

  • Healing

  • Trust

  • Understanding

  • Communication

  • Connection

  • Empowerment

  • Process

  • Progress

Strategies to address those needs ranged from clarifying the responsibilities and boundaries of the leadership roles throughout the Drupal project, determining how and where to communicate community decisions, improving processes for community management, and providing easier access to documentation about leadership roles and clearly communicating what is expected of Drupal community members.

In terms of next steps, the participants were in agreement that we need to come together in a Governance Summit to start architecting improvements to today’s governance structure. However, the community did not define the best way to hold this meeting. It is still unclear when and where it should be, and who should participate and facilitate. We will send out a community survey next to get input from you to answer these questions.

Attend The Webinar

We invite to you attend a webinar on July 6 at 11 am ET / 1600 BST / 8:30 pm IST hosted by Whitney Hess. Whitney will review the findings from our Community Discussions in more detail. We will record the video and share it with you afterwards, along with a written transcript.

Dial in details are below:

Video:

   https://zoom.us/j/589988397

Or Telephone:

   Dial: +1 646 558 8656 (US Toll) or +1 408 638 0968 (US Toll)

   Meeting ID: 589 988 397

   International numbers available:    

   https://zoom.us/zoomconference?m=KQN5xFuem0PrbwaqFQC3HJyEWuwQ7QHT

Thank you for your patience and participation as we tackle these big questions and move forward together as a stronger community.

Surrounding Drupal is a thriving global business ecosystem and thanks to collaboration with One Shoe and Exove, we’ve created an annual survey that gives insight into its health, focus, and needs. Businesses benefit by learning from their peers and seeing Drupal’s business trends. This survey also helps the Drupal Association find new ways to help support this community. Analysis of the 2016 edition of the survey can be found here.

We encourage all business leaders to take this year’s Drupal Business Survey.  

The survey aims to provide a picture of the current Drupal Business landscape, including the health of Drupal companies, obstacles and enablers for Drupal’s business success and D8 adoption.

Participation is completely anonymous and takes fewer than 10 minutes. The first results will be presented at the Drupal CEO Dinner at DrupalCon Vienna on Wednesday, September 27th, 2017. Analysis and insights will officially be published on Drupal.org and in Drupal Watchdog Magazine.

Participate!

You can participate anytime now until July 19th, 2017.

The survey can be accessed here.

Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.

Updating your existing Drupal 8 and 7 sites is strongly recommended (see instructions for Drupal 8 and for Drupal 7). This release fixes security issues only; there are no new features nor non-security-related bug fixes in this release. See the 8.3.4 release notes and the 7.56 release notes for details on important changes and known issues affecting this release. Read on for details of the security vulnerabilities that were fixed in this release.

  • Advisory ID: DRUPAL-SA-CORE-2017-003
  • Project: Drupal core
  • Version: 7.x, 8.x
  • Date: 2017-June-21
  • Multiple vulnerabilities

Description

PECL YAML parser unsafe object handling - Critical - Drupal 8 - CVE-2017-6920

PECL YAML parser does not handle PHP objects safely during certain operations within Drupal core. This could lead to remote code execution.

File REST resource does not properly validate - Less Critical - Drupal 8 - CVE-2017-6921

The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users - Moderately Critical - Drupal 7 and Drupal 8 - CVE-2017-6922

Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.

The security team has also received reports that this vulnerability is being exploited for spam purposes, similar to the scenario discussed in PSA-2016-003 for the public file system.

Versions affected

  • Drupal core 7.x versions prior to 7.56
  • Drupal core 8.x versions prior to 8.3.4

Solution

Install the latest version:

Also see the Drupal core project page.

Reported by

PECL YAML parser unsafe object handling

File REST resource does not properly validate

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

Fixed by

PECL YAML parser unsafe object handling

File REST resource does not properly validate

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 

Read our Roadmap to understand how this work falls into priorities set by the Drupal Association with direction and collaboration from the Board and community.

After returning from DrupalCon Baltimore at the end of April, we spent May regrouping and focusing on spring cleaning tasks. It's important for any technical team to spend time on stability and maintenance, and we used May to find improvements in these areas and look for some other efficiencies.

Drupal.org updates

🎉 UTF8MB4 Support

Support for the UTF8MB4 character set has been a long outstanding issue for Drupal.org and the sub-sites. This expanded character set supports supplementary characters outside of the basic unicode multilingual character plane, including symbols and emoji.

Previously the use of any of these characters on Drupal.org would result in an error. This extended support has been rolled out to Drupal.org and all of the sub-sites except Groups, our legacy Drupal 6 site on LTS.

Protecting Localize.Drupal.org from Spam

After a spike in spam form submissions was reported (thanks Gábor!) we enabled form protection on Localize.drupal.org. Hopefully this will keep our many translation volunteers focused on the hard work of localizing Drupal, instead of on spam fighting. The techniques that spammers use to bypass protections continue to escalate, so we'll be continuing to evaluate new ways to fight spam as time goes on.

Infrastructure

Stability and Maintenance

We spent a portion of our time in May focused on some basic infrastructure issues. One of the Drupal.org production webnodes experienced a filesystem and networking issue and had to be removed from the rotation. We performed some forensics to identify the cause of the issue, and then rebuilt the virtual machine and put it back into rotation.

We also spent some time updating the remote access configuration with our data center, to make remote troubleshooting easier and more efficient for our internal team.

Finally, we performed an audit and inventory of our owned hardware. This helped us to identify underutilized resources that we could re-purpose, and will help us more quickly on-board our new managed infrastructure services partner at the conclusion of our RFP process.

Infrastructure RFP

The deadline for responses to our Managed Infrastructure Services RFP was Monday May 8th. Once we'd received proposals from all participating vendors, we began our process to review those proposals internally and schedule interviews with the vendors. As we move into June this RFP process is wrapping up, and we will be announcing the results of the RFP soon.

DrupalCI

DrupalCI logo

General Updates

One of the primary features of DrupalCI is that it allows developers to test against a variety of environments. To make sure that we're more easily able to keep up with the latest PHP patch releases (e.g: 7.0.x/7.1.x/5.6.x), the PHP environment containers are now rebuilt nightly.

Coding standards test results were added in April, and to make it easier for developers to see where the code standards issues appear within the code base, we're now linking the standards results to CGIT.

More efficient test result saving

Since we began parsing DrupalCI test results onto Drupal.org we pretty rapidly reached more than 100,000,000 database rows of test results, taking up more than 100G of database space. To make offering this service more sustainable, we've implemented changes to how we store test result data. Instead of storing complete results for each test, we now only store the diff between the current test and the last test. This has resulted in a dramatic reduction in the amount of space consumed.

Re-purposing owned hardware for bots

DrupalCI is also the most expensive single service that the Drupal Association provides to the community. In addition to the labor costs involved in building and maintaining the system, the amazon spot instance costs average between $2000-$4000 each month. After spending some time doing an owned hardware inventory audit, we've realized that we can repurpose some of our existing hardware as VM hosts for additional testbots. These testbots will not be as fast as the AWS instances, so we'll be reserving them for use with the nightly test builds, however we hope that even this change will represent a significant savings. Work on this continues into June.

———

As always, we’d like to say thanks to all the volunteers who work with us, and to the Drupal Association Supporters, who made it possible for us to work on these projects. In particular we want to thank:

If you would like to support our work as an individual or an organization, consider becoming a member of the Drupal Association.

Follow us on Twitter for regular updates: @drupal_org, @drupal_infra

Growing community in Moldova

20 June 2017, 3:03 pm

This guest blog post is from Drupal Moldova's Association (not affiliated with Drupal Association). Get a glimpse of what is happening in Moldova's community and how you can get involved.

Drupal Moldova Association’s mission is to promote Drupal CMS and Open Source technologies in Moldova, and to grow and sustain the local community by organising Events, Camps, Schools, Drupal meetups and various Drupal and Open Source related trainings, and by establishing partnerships with Companies, the Government, and NGO’s.

Come and share your expertise in Moldova at our events! We're looking for international speakers to speak about Drupal and open source.

Among DMA’s (short for Drupal Moldova Association) numerous commitments, the following are of special importance:

  • to gather the community around Drupal and Open Source technologies;

  • to train students and professionals who want to learn and work with Drupal;

  • to organise events to keep the community engaged and motivated to improve, learn, and share experience;

  • to make sure Drupal is accessible to everyone by offering scholarships to those who can't afford our programs;

  • to elaborate a well defined program that helps students learn Drupal, acquire enough knowledge to get accepted for internships by IT companies, and be able to build Drupal powered websites;  

  • to assist new IT companies in establishing a local office, promote themselves, collaborate with other companies, and connect with the local Drupal community by giving them the opportunity to support our projects.

Over the last 5 years, we have been dedicated to achieving our goals! DMA have organized over 20 projects and events, including Drupal Global Training Days, Drupal Schools, and the regional DrupalCamp -- Moldcamp. Our projects have gathered over 700 local and international participants and speakers, and more than 15 International Companies that have supported us during these years (FFW, Adyax, IP Group, Intellix, Endava and many others).

Moldova is rich in great developers and people driven to take initiative and to grow and place the country on the world map. We are aiming to go beyond our limits and have a bigger impact in the year (‘17-’18), therefore we have created a yearly plan that contains projects similar to those we have done in the past years, as well as new and exciting ones:

  • Drupal School (3 step program), starting with Drupal School 8 plus PHP (step 1):  Drupal School is an educational program - split into 2 months, 25 courses of different levels (Beginner, Intermediate, Advanced).Drupal School aims to introduce people to Drupal 8 and PHP, and help them become Drupal professionals;

School of Drupal 8 group photo from Facebook

  • Moldcamp 2017: Sep - Oct 2017. A regional DrupalCamp that gathers around 150 Drupal professionals, enthusiasts, beginners and any-Drupal-related-folk in one place for knowledge-sharing, presentations, networking, etc. We will announce the event soon and allow speaker registration. Please follow us and don’t miss out on the opportunity;

Mold Camp speaker at blackboard

Mold Camp attendees at table

  • Drupal Global Training Day: Dec 1-2. A one-day workshop that has the purpose of introducing people to Drupal, both code and community.

Global Training Day presenter

  • Drupal Meetups: These are organized each month and they allow our community to be active and share knowledge.

  • Tech Pizza: - Jun, Aug, Oct, Dec. A bi-monthly event, where the ICT community can gather in a casual and an informal environment around a pizza and  soda and discuss the latest IT trends and news. The core of this event is a speaker / invitee from abroad with a domain of expertise;

  • Moldova Open Source Conference: March 2018. It is a regional conference for over 200 participants that aims to gather all the Open Source Communities (Wordpress, Laravel, Ruby on Rails, JavaScript, etc.) under one roof, where they will attend sessions that enhance the expertise of existing experts in various Open Source technologies and allow them to mix their technologies into new ideas.

The proposed program “Drupal and Open Source in Moldova 2017 - 2018” is made possible through the support of USAID and the Swedish Government. Thanks to these organizations we can focus on the quality of our projects make sure they happen as planned. Also, we have a very important partnership with Tekwill / Tekwill Academy, which helps us even more in our quests.

School of Drupal 8 + PHP promotional page

We start with School of Drupal 8 plus PHP program, which will be held on 19th of June 2017. So far we have 3 sponsors--IPGroup, Adyax and Intellix--and two trainers.

We, The DMA, believe in pushing the limits! Our long term goal is to build and maintain big an active Open Source community by attracting more local and International participants to our Projects and Events, and continuously improve our sessions. This will make our presence felt in the global Drupal and Open Source communities and markets. Find us on Twitter @drupalmoldova, or on our Facebook page. If you are interested in speaking in Moldova, contact us at [email protected].