On April 15th, a change to a Drupal.org website permission inadvertently allowed a small segment of users to view a report listing the email addresses of recently logged in users. No passwords were involved. The problem was mitigated within 13 hours of being introduced and within 3 hours of being reported. The problem was completely resolved within 24 hours of introduction. The number of affected email addresses is relatively small – fewer than 500. Those users are being contacted directly if their email was affected. Users with maintainer access or the community role and above were not affected by this incident.
The users with permission to see this report were limited to community members that have shown frequent contribution to Drupal.org. The possible exposure time was also limited to between April 15, 2015 20:53 UTC to April 16, 2015 9:00 UTC. There were approximately 44 IP addresses that accessed the information during that time. These users are mostly administrators of Drupal.org and the community members who first reported the incident.
Even though the exposure of email addresses was limited as described above, we recommend all users to be cautious of any email that asks you for personal information.
We want to thank the community members who moved quickly to alert the Drupal Security and Drupal.org infrastructure teams about the problem.Front page news: Drupal NewsDrupal version: Drupal 7.x
When you look at the greatest technological advances of the past several decades, it's clear that software has taken the lead. While hardware continues to improve, get smaller and do more with less, it's software that has enabled feature-rich operating systems that can exist on an interface barely larger than your hand. Hardware has maintained a more or less consistent form. It's no wonder then that many corporations are still painfully in the dark ages when it comes to the increase in the BYOD ecosystem. As the new Apple Watch and other smart watches begin to hit the scene, it's going to become increasingly difficult for network engineers to keep company networks secure. Even The Federal Trade Commission has warned about the threats posed by these small, connected devices stating that the data they collect should be limited for security reasons.
When new hardware does come onto the scene, it's widely talked about and speculated upon. Google Glass has failed to catch on so far, but the Apple Watch is likely to spur growth in the smartwatch industry and encourage other manufacturers to create their own versions. Google's Android Wear selection has already entered the market with good success. However, the Apple Watch is likely to be the most popular new piece of hardware introduced in 2015. A boon for Apple, and a virtual nightmare for IT administrators.
In times of war, you may be asked what you can do for your country. In modern times, your country may be asking you to do your part by updating your WordPress plugins.
The United States' Federal Bureau of Investigation (FBI), through the Internet Crime Complaint Center (IC3), issued a public service announcement last week recommending website administrators to update their Wordpress sites. More specifically, the bureau wants you to update your third-party WordPress plugins.
The first initiative on the Drupal.org 2015 roadmap is ‘Better account creation and login’. One of the listed goals for that initiative is “Build a user engagement path which will guide users from fresh empty accounts to active contributors, identifying and preventing spammers from moving further.” This is something Drupal Association team has been focusing on in the last few weeks.
The first change we rolled out a few days ago was a ‘new’ indicator on comments from users whose Drupal.org accounts are fewer than 90 days old. The indicator is displayed on their profile page as well. We hope this will help make conversations in the issue queues and forum comments more welcoming, as people will be able to easily see that someone is new, and probably doesn’t know yet a lot about the way community works.
Today we are taking another step towards making Drupal.org more welcoming environment for new users. But first, a bit of background.New users and spam
It is not a surprise for anyone that a big number of user accounts registering on the site are spam accounts. To fight that and prevent spam content from appearing on Drupal.org, we have a number of different tools in place. Of course, we don’t want these tools to affect all active, honest users of the site, and make their daily experience more difficult. To separate users we are sure about from those we aren’t sure about yet, we have a special ‘confirmed’ user role.
All new users start without such a role. Their content submissions are checked by Honeypot and Mollom, their profiles are not visible to anonymous visitors of the site, and the types of content they may create are limited. Once a user receives a ‘confirmed’ role, his or her submissions will not be checked by spam fighting tools anymore; their profile page will be visible to everyone, and they will be able to create more different types of content on the site.
This system works pretty well, and our main goal is to ensure that valid new users get the ‘confirmed’ role as quickly as possible, to improve their experience and enable them to fully participate on the site.
The best way to identify someone as not a spammer is have another human look at the content they post and confirm they are not spammers. Previously, we had a very limited number of people who could do that-- about 50. Because of that, it usually took quite some time for new user to get the role. This was especially noticeable during sprints.
Today we’d like to open a process of granting a ‘confirmed’ role to the thousands of active users on the site.‘Community’ user role
Today, we are introducing a new ‘Community’ role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org. Users who have this role will be able to ‘confirm’ new users on the site. They will see a small button on comments and user profile of any user who has not yet been confirmed. If you are one of the users with ‘Community’ role, look out for this new Confirm button, and when you see one next to a user - take another look at what the person posted. If their content looks valid, just click ‘confirm’. By doing so, you will empower new users to fully participate on Drupal.org and improve their daily experience on the site.
With expect to have at least 10,000 active users with the ‘Community’ role. With so many people to grant the ‘confirmed’ role, new users should be confirmed faster than ever before.
If you aren’t sure if you have the ‘community’ role or not, don’t worry. We will send an email notification to every user whose account receives the new role. The email will have all the information about the role and how to use it.
Thanks for helping us make Drupal.org a better place!
The release candidate for WordPress 4.2 is now available.
We’ve made more than 140 changes since releasing Beta 4 a week and a half ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.2 on Wednesday, April 22, but we need your help to get there.
If you haven’t tested 4.2 yet, now is the time! (Please though, not on your live site unless you’re adventurous.)
Developers, please test your plugins and themes against WordPress 4.2 and update your plugin’s Tested up to version in the readme to 4.2 before next week. If you find compatibility problems, we never want to break things, so please be sure to post to the support forums so we can figure those out before the final release.
Achievement unlocked: RC
Release here we come
The Marketing Working Group (MWG) is pleased to announce the addition of a new team member. We welcome Mike Veeckmans on board the Marketing team!
Mike Veeckmans will collaborate with the other members of the Marketing Working Group in the role of communications manager, taking care of the successful planning, initiation and execution of some projects. Mike has proved his management skills in many occasions, like Grace Hopper and the launch of Joomla! 3.4 campaign. We felt he was the perfect piece to match our team.
The primary focus of the Marketing Working Group (MWG) is to raise awareness of the Joomla Content Management System (CMS) and Framework within the international Joomla community, as well as the general open source community.
Bedrock Data Will Sync and Automatically Update Data From Services Like HubSpot, Marketo, Mailchimp, Cvent, Salesforce, SugarCRM and More
Boston-based Bedrock Data™ today announced the launch of its data integration platform for businesses, along with $3.11 million in Series A funding led by .406 Ventures. This announcement marks the official launch of the company after over a year of development, testing and customer on-boarding.
One of the Drupal Association's primary missions is to grow the adoption of Drupal. We are about to launch a new program on April 15th called Try Drupal. The program will make it easy and fast for evaluators to try Drupal and have a simple, great experience while on Drupal.org.
We’ve created Try Drupal with our Premium Hosting Supporters to make it easier for CMS evaluators and Drupal.org newcomers to test and work with a Drupal demo site. The Program will showcase a selection of Hosting Companies where a new user can quickly (in less than 20 minutes) sign up and have a Drupal demo site up and running for them to use for free.
This is part of the Drupal Association’s initiative to develop a new revenue stream through advertising programs on Drupal.org. This revenue will help fund various site initiatives by the Association to improve Drupal.org performance, and make it easier to use and more secure. After interviewing many members of the community, we determined that new advertising products should be useful to Drupal.org visitors, support our mission to grow the adoption of Drupal, and should not interfere with visitors contributing to the project.
To ensure a positive Drupal experience, partners need to adhere to the following guidelines:
- Users are directed to a self-serve sign up platform
- Users can create a free account for the demo site that accommodates a trial installation of Drupal 7 or 8
- Users can create a website in 20 minutes or less
- The demo site should be available to the user for a minimum of one day upon sign up
- The partner cannot include a paywall or require a credit card upon sign up
The Try Drupal program will be featured on the homepage of Drupal.org. It will launch with a larger iterative change to the homepage, with an emphasis on helping users move from newcomer, to learner, to skilled Drupal community members.
It’s important that we fund Drupal.org improvements, and that we do so in a responsible way that respects the community. We anticipate rolling out more key advertising programs throughout 2015, stay tuned for more updates. Thanks for taking the time to read about our initiatives, and please tell us your thoughts!
Many social media sites are trying to push back against the juggernaut known as Google and its mammoth advertising operation. Perhaps it’s no secret how important advertising revenue is to most social media platforms. After all, free services have to find money to operate from somewhere. Fully taking advantage of advertising, however, has been tricky thanks to Google AdWords and its powerful influence across the web. AdWords’ reach is impressive and plays a crucial role in Google’s growth. In fact, AdWords is the mega-corporation’s primary source of revenue. Needless to say, many social media platforms see this and want to expand their own advertising efforts in a push to compete with Google every step of the way. Facebook, Twitter, and LinkedIn know the value of a more expansive advertising scope, and though each is working independently of the other, it’s fascinating to see that they’ve come up with similar strategies to achieve their goals.
Expanded Perforce Consulting Services Help Customers Boost Security, Raise Development Efficiency and Adopt DevOps
Perforce Software today announced it is expanding its consulting offerings with new tools and services designed to help customers build complex products better and faster. These new offerings build upon a rich set of training, consulting and support options from Perforce.
How are CMS vendors responding to the contemporary needs of the market to create a content-centric and context-relevant experience for their users?
Enables Delphi/Object Pascal and C++ developers to extend existing Windows applications into solutions for mobile, cloud, and the Internet of Things
Maidenhead, U.K. - April 7, 2015 - Embarcadero Technologies, a leading provider of software solutions for application and database development, today released Embarcadero® RAD Studio XE8, the connected app platform for Windows and beyond. This major new release of RAD Studio enables Delphi/Object Pascal and C++ developers to leverage their Windows VCL applications and build expanded, innovative solutions for mobile, cloud and the Internet of Things (IoT).
A couple years ago, Switzerland-based Magnolia set its sights on North America as a way to increase its global growth. To continue the effort, Magnolia has redesigned its annual conference to accommodate growth, support its thriving U.S. presence and increase opportunities for clients, partners and prospective users.
This year, Magnolia will host its conference in Basel, Switzerland, as well as in Silicon Valley for the first time. At the U.S. edition of the conference, Atlassian, Barclays Bank Delaware, VSP Global and others will be sharing their experiences of building highly scalable systems to support their digital business initiatives. On the European side, Virgin Holidays will head up the digital business track. The expansion highlights Magnolia’s steady growth, which includes a strong increase in global license sales and a 30% increase in employees.
Magnolia’s 2014 conference in Switzerland attracted more than 250 Magnolia developers, users and partners. This year, the company expects 300 people to attend the sixth European Magnolia conference on June 9 - 11 in the Pathé Küchlin Cinema, Basel, Switzerland. The Magnolia Conference Americas will take place in Silicon Valley, California on May 5 - 7, 2015. Registration is now open.
If you visit WordPress.org regularly you might have noticed some changes around the place. If you don’t, now’s the time to check them out! We’ve been working hard to improve the site to make it more useful to everyone, both developers and users, and we hope you like what we’ve done.New Theme and Plugin Directories
Since WordPress 3.8, you’ve been enjoying improved theme management in your WordPress admin, and in WordPress 4.0 plugin management was refined. We’ve brought these experiences from your admin and re-created them right here on WordPress.org.Theme Directory
The Theme Directory has a better browsing experience, with handy tabs where you can view featured, popular, and the latest themes. As with the theme experience in your admin, you can use the feature filter to browse for just the right theme for your WordPress website.
Click on a theme to get more information about it, including shiny screenshots, ratings, and statistics.
The Plugin Directory has a brand new theme that mirrors the experience in your WordPress admin, with a more visual experience, and better search and statistics.
As well as a facelift, there are some great new features for you to play around with:
- Favorites – when you’re logged in to you WordPress.org account, this page gives you direct access to the plugins that you have favorited.
- Beta Testing – try out plugins where developers are experimenting with new features for WordPress.
- Search by plugin author – you can search for a plugin author using their username.
- Better statistics – listings now display the number of active installs so you can see how many people are actually using a plugin.
An overview of the new theme was posted by Scott Reilly.Better Statistics
We’ve made huge improvements to our statistics. This gives us more useful information about the WordPress versions people are using, their PHP version, and their MySQL version.
Already these new statistics have provided us with useful insights into WordPress usage.
- More than 43% of all sites are running the latest version of WordPress. Previously, we thought only 10% of sites were up-to-date. By excluding sites that are no longer online we were able to improve these statistics.
- We were able to clear up the data around WordPress 3.0, bringing it more in line with expectations. This anomaly was a by-product of spammers.
- Only 15.9% of sites are using PHP 5.2, which is better than we thought.
Over the coming months we’ll be able to use these statistics to bring you new tools and improvements, and to make more informed decisions across the board. Read Andrew Nacin’s post about these changes for more background.Thanks!
Thanks to everyone who contributed to the theme directory redesign, the plugin directory refresh, and improved statistics: Alin Marcu, Damon Cook, Dion Hulse, Dominik Schilling, Jan Cavan Boulas, Konstantin Obenland, Kyle Maurer, Matías Ventura, Mel Choyce, Natalie MacLees, Paul de Wouters, Samuel Sidler, Samuel Wood (Otto), Scott Reilly, Siobhan McKeown.
WordPress 4.2 Beta 4 is now available!
This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip).
- Incrementally improved the experience when accessing the Customizer on mobile. Please test on your mobile devices and let us know if anything seems wonky.
- Added the ability to make admin notices dismissible. Plugin and theme authors: adding .notice and .is-dismissible as adjacent classes to your notice containers should automatically make them dismissible. Please test.
- Fixed some reported issues with backward-compatibility issues caused by the modularization of core JS files.
- Removed the ability to swipe the admin menu open and closed on touch devices due to reports of some issues with built-in history navigation on certain platforms.
- Improved accessibility of the WordPress admin by replacing skip-to-content links with landmark roles. Screen reader users: please test in any core admin screens.
- Various bug fixes. We’ve made more than 90 changes in the last week.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. Or, if you’re comfortable writing a bug report, file one on the WordPress Trac. There, you can also find a list of known bugs and everything we’ve fixed.
Customizer on mobile
RC nearly here
SDL (LSE: SDL) today introduced industry specific language platforms to help organizations rapidly and efficiently address the needs of their global customers within the industries they operate. The language platforms, a key extension to the Language pillar of SDL’s Customer Experience Cloud (CXC), can be integrated to provide seamless delivery of global customer experiences.
Drupal 7.36, a maintenance release with numerous bug fixes (no security fixes) and several new features, is now available for download. See the Drupal 7.36 release notes for a full listing.Download Drupal 7.36
Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.Security information
We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.
There are no security fixes in this release of Drupal core.Bug reports
Drupal 7.36 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.35 and 7.36 releases can be found by reading the 7.36 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.Update notes
See the 7.36 release notes for details on important changes in this release.Known issues
None.Front page news: Planet DrupalDrupal version: Drupal 7.x