The L'Oréal Group selects Sitecore to deliver personalized, multi-channel customer experiences across every engagement
Sitecore, the global leader in customer experience management software, announced today that Sitecore’s experience platform has been selected by The L'Oréal Group to enable their marketers to deliver personalized customer experiences.
This week, CMS Report celebrates our eight year anniversary. No one is more surprised than me. Now here we sit with thousands of articles posted by over 350 different contributing authors. I spent some time this week looking back at the most popular articles we posted here on CMS Report. Besides just a list providing the "reader's choice", I also provide my own list of favorite articles that has been posted here on CMSReport.com. When comparing the two lists, you will find the only article on both lists is the one comparing Drupal and Joomla. In 2006, it was one of the first articles that I had written which suggested CMSReport.com might stick around a little longer than I had expected.
Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.Download Drupal 7.27
Download Drupal 6.31
Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.Security information
We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.Bug reports
Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:
To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.Known issues
This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Version 3.9 of WordPress, named “Smith” in honor of jazz organist Jimmy Smith, is available for download or update in your WordPress dashboard. This release features a number of refinements that we hope you’ll love.A smoother media editing experience Improved visual editing
The updated visual editor has improved speed, accessibility, and mobile support. You can paste into the visual editor from your word processor without wasting time to clean up messy styling. (Yeah, we’re talking about you, Microsoft Word.)Edit images easily
With quicker access to crop and rotation tools, it’s now much easier to edit your images while editing posts. You can also scale images directly in the editor to find just the right fit.Drag and drop your images
Uploading your images is easier than ever. Just grab them from your desktop and drop them in the editor.Gallery previews
Galleries display a beautiful grid of images right in the editor, just like they do in your published post.Do more with audio and video Ain't Misbehavin' Davenport Blues Buddy Bolden's Blues Squaty Roo Dixie Blues Wolverine Blues
Images have galleries; now we’ve added simple audio and video playlists, so you can showcase your music and clips.Live widget and header previews //wordpress.org/news/files/2014/04/widgets.mp4
Add, edit, and rearrange your site’s widgets right in the theme customizer. No “save and surprise” — preview your changes live and only save them when you’re ready.
The improved header image tool also lets you upload, crop, and manage headers while customizing your theme.Stunning new theme browser
Looking for a new theme should be easy and fun. Lose yourself in the boundless supply of free WordPress.org themes with the beautiful new theme browser.
Aaron D. Campbell, Aaron Jorbin, Adam Harley, Adam Silverstein, adelval, Ajay, Akeda Bagus, Alex Concha, Alison Barrett, Allan Collins, Amy Hendrix (sabreuse), Andrea Fercia, Andrew Nacin, Andrew Norcross, Andrew Ozz, Andrey "Rarst" Savchenko, Andy Keith, Andy Skelton, Anton Timmermans, Aubrey Portwood, Barry, Bartosz Romanowski, bassgang, bcworkz, Ben Dunkle, Bernhard Riedl, bigdawggi, Bob Gregor, bobbingwide, Brad Touesnard, bradparbs, bramd, Brandon Kraft, brasofilo, bravokeyl, Bryan Petty, cgaffga, Chirag Swadia, Chouby, Chris Blower, Chris Olbekson, Chris Scott, chriseverson, chrisguitarguy, Christopher Finke, ciantic, cmmarslender, Comparativa de Bancos, Connor Jennings, Cor van Noorloos, Corphi, cramdesign, Daniel Bachhuber, Daniel Jalkut (Red Sweater), Danny de Haan, Daryl Koopersmith, Dave Kellam (eightface), DaveE, David A. Kennedy, David Anderson, David Marichal, Denis de Bernardy, Dion Hulse, Dominik Schilling, Doug Wollison, Drew Jaynes, DrProtocols, Dustin Filippini, eatingrules, edik, Elio Rivero, enej, Eric Andrew Lewis, Eric Mann, Erica Varlese, Erick Hitter, Evan Anderson, Fahmi, fboender, Frank Klein, Gary Cao, Gary Jones, Gary Pendergast, genkisan, Gennady Kovshenin, George Stephanis, Graham Armfield, Grant Mangham, Gregory Cornelius, Gregory Karpinsky, hakre, hanni, Helen Hou-Sandí, ippetkov, Ipstenu (Mika Epstein), J.D. Grimes, Jack Reichert, jameslee, Janneke Van Dorpe, janrenn, JayCC, Jeff Sebring, Jen Mylo, Jeremy Felt, Jesin A, Jesper Johansen (jayjdk), jnielsendotnet, Joan Artes, Joe Dolson, Joe Hoyle, John Blackbourn, John James Jacoby, John P. Bloch, John Regan, Jon Cave, Jonas Bolinder (jond3r), Joost de Valk, Josh Pollock, Joshua Abenazer, jstraitiff, Julio Potier, Justin Kopepasah, Justin Sainton, K.Adam White, Kailey (trepmal), Kaspars, Kelly Dwan, kerikae, Kevin Worthington, Kim Parsell, Kirk Wight, kitchin, klihelp, Knut Sparhell, Konstantin Kovshenin, Konstantin Obenland, Krzysiek Drozdz, Lance Willett, Lee Willis, lkwdwrd, lpointet, Luc De Brouwer, Lucas Karpiuk, Mark Barnes, Mark Jaquith, Marko Heijnen, Marventus, Matt (Thomas) Miklic, Matt Banks, Matt Mullenweg, Matthew Boynes, Matthew Denton, Matthew Haines-Young, mattonomics, mattyrob, Matías Ventura, Max Cutler, mcadwell, Mel Choyce, meloniq, Michael Arestad, Michel - xiligroup dev, Miguel Fonseca, Mike Burns, Mike Hansen, Mike Manger, Mike Schinkel, Mike Schroder, mikecorkum, mitcho (Michael Yoshitaka Erlewine), Mohammad Jangda, Morgan Estes, Morten Rand-Hendriksen, Naoko Takano, Nashwan Doaqan, nendeb55, Nick Halsey, Nicole Arnold, Nikhil Vimal (NikV), nivijah, nofearinc, Nuno Morgadinho, olivM, Omer Korner, OriginalEXE, oso96_2000, patricknami, Paul Gibbs, Paul Wilde, pavelevap, Pbearne, Peter Westwood, Philip Arthur Moore, Pippin Williamson, Prasath Nadarajah, prettyboymp, Raam Dev, rachelbaker, Ram Ratan Maurya, ramonchiara, Rescuework Support, Rhys Wynne, Ricardo Correia, Richard Sweeney, Richard Tape, richard2222, Ricky Lee Whittemore, Robert Chapin, robmiller, Rodrigo Primo, romaimperator, roothorick, ruud@joyo, Ryan Boren, Ryan McCue, salcode, Samuel Wood (Otto), Sandeep, Scott Lee, Scott Reilly, Scott Taylor, ScreenfeedFr, scribu, sdasse, Sean Butze, Sean Hayes, Sean Nessworthy, Sergey Biryukov, shahpranaf, Shaun Andrews, ShinichiN, Simon Prosser, Simon Wheatley, Siobhan, Siobhan Bamber (siobhyb), sirzooro, solarissmoke, sonjanyc, Spencer Finnell, Spencer Piontkowski, stephcook22, Stephen Edgar, Stephen Harris, Steve Bruner, Steven Word, Takayuki Miyauchi, Tanner Moushey, Taylor Lovett, tbrams, tellyworth, TobiasBg, Tom Auger, Tom Willmot, Topher, topquarky, Torsten Landsiedel, Toru, Travis Smith, Umesh Kumar, undergroundnetwork, VarunAgw, wawco, Weston Ruter, wokamoto, xsonic, Yoav Farhi, Yuri Victor, Zach Tirrell, and Ze Fontainhas. Also thanks to Michael Pick for producing the release video.
Paul Rubens’ February article in CIO magazine, 7 Reasons Not to Use Open Source Software, has received quite the backlash in open source circles. I’d like to take a moment to add my own two cents, but I won’t be fanning the flames of the hardline open source fire. Let me be clear—I take issue with this article, but I don’t disagree with most of it. Instead, I think it only tells part of the story, failing to give open source credit where it’s due.
Terry Lawlor recognized as a technology leader for his experience and leadership at Confirmit
In its March issue, SURVEY Magazine presented its 2014 Top Technology Trendsetters. This year's list featured 12 technology leaders changing the research industry, including Terry Lawlor,Confirmit's EVP of Product Management.
Semiconductor Firm Slashes Latency to Enable Remote Productivity
PITTSBURGH – April 15, 2014 – Avere Systems, a leading provider of enterprise storage for cloud enabled data centers, today announced that Sigma Designs has deployed Avere’s FXT Series Edge Filers to deliver significantly improved productivity for design engineers by providing fast, reliable access to critical design systems and data. With Avere, Sigma Designs IT organization can consistently deliver responsive, high-availability infrastructure, even as rampant data growth strains systems and mounting administrative and energy costs threaten always-tight budgets.
The Joomla Event Travel Programme (JET) is pleased to announce that we have selected 25 members from the worldwide Joomla community, representing 16 countries as the recipients of the first JET Programme recognition. They will have the cost of admission covered to the upcoming J and Beyond Conference on May 30 – June 1, 2014 in Königstein Germany, and will receive assistance with travel and lodging.
The JET Programme is an initiative that was created to support active project volunteers and community members who have dedicated time and energy to make Joomla better, and who would like to attend larger Joomla events, such as J and Beyond and the Joomla! World Conference. (We will put a call out for the Joomla! World Conference JET Programme later this summer.)
We wish to thank all those who applied and congratulate those who were accepted! We look forward to seeing you in Königstein at J and Beyond!
On April 8th 2014 the Board of Open Source Matters Inc (OSM), the non-profit organization that provides legal and financial support to the Joomla! project, conducted their first Annual General Meeting of the Members in accordance with the bylaws. From a list of candidates that consisted of board Directors who could be re-elected and a number of nominees that were submitted after the call for nominations, the members selected a board of 13 Directors:
Martijn Boomsma (The Netherlands)
Mike Carson (USA)
Ronni Christiansen (Denmark)
Victor Drover (USA)
Jorge Lopez-Bachiller Fernandez (Guatemala)
Rod Martin (USA)
Tessa Mero (USA)
Ryan Ozimek (USA)
Saurabh Shah (India)
Joe Sonne (Canada)
Marijke Stuivenberg (The Netherlands)
Radek Suski (Germany)
Sarah Watz (Sweden)
Expanded Android Support Enables C++ and Delphi Developers to Capitalize on the Largest Addressable Mobile Market Using One Code Base
Maidenhead, U.K. – April 15, 2014 – Embarcadero Technologies, a leading provider of software solutions for application and database development, today launched Embarcadero® RAD Studio XE6, the complete multi-device, natively compiled app development platform for Windows, Android, iOS and Mac.
The second release candidate for WordPress 3.9 is now available for testing.
If you haven’t tested 3.9 yet, you’re running out of time! We made about five dozen changes since the first release candidate, and those changes are all helpfully summarized in our weekly post on the development blog. Probably the biggest fixes are to live widget previews and the new theme browser, along with some extra TinyMCE compatibility and some RTL fixes.
Plugin authors: Could you test your plugins against 3.9, and if they’re compatible, make sure they are marked as tested up to 3.9? It only takes a few minutes and this really helps make launch easier. Be sure to follow along the core development blog; we’ve been posting notes for developers for 3.9. (For example: HTML5, symlinks, MySQL, Plupload.)
To test WordPress 3.9 RC2, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 3.9, visit the nearly complete About screen in your dashboard ( → About in the toolbar) and also check out the Beta 1 post.
This is for testing,
so not recommended for
WordPress 3.8.3 is now available to fix a small but unfortunate bug in the WordPress 3.8.2 security release.
The “Quick Draft” tool on the dashboard screen was broken in the 3.8.2 update. If you tried to use it, your draft would disappear and it wouldn’t save. While we doubt anyone was writing a novella using this tool, any loss of content is unacceptable to us.
We recognize how much trust you place in us to safeguard your content, and we take this responsibility very seriously. We’re sorry we let you down.
We’ve all lost words we’ve written before, like an email thanks to a cat on the keyboard or a term paper to a blue screen of death. Over the last few WordPress releases, we’ve made a number of improvements to features like autosaves and revisions. With revisions, an old edit can always be restored. We’re trying our hardest to save your content somewhere even if your power goes out or your browser crashes. We even monitor your internet connection and prevent you from hitting that “Publish” button at the exact moment the coffee shop Wi-Fi has a hiccup.
It’s possible that the quick draft you lost last week is still in the database, and just hidden from view. As an added complication, these “discarded drafts” normally get deleted after seven days, and it’s already been six days since the release. If we were able to rescue your draft, you’ll see it on the “All Posts” screen after you update to 3.8.3. (We’ll also be pushing 3.8.3 out as a background update, so you may just see a draft appear.)
So, if you tried to jot down a quick idea last week, I hope WordPress has recovered it for you. Maybe it’ll turn into that novella.
Download WordPress 3.8.3 or click “Update Now” on Dashboard → Updates.
This affected version 3.7.2 as well, so we’re pushing a 3.7.3 to these installs, but we’d encourage you to update to the latest and greatest.
Now for some good news:
WordPress 3.9 is near.
Expect it this week
"After under-buying and over-buying, the most common mistake I see in buying a CMS is looking at the wrong list of vendors. The WCM marketplace is saturated and hard to navigate, in truthfulness. Many organizations fall victims to this complexity and chose from completely wrong tools."
Irina Guseva, Senior Analyst for the Real Story Group, "5 Minutes With Irina Guseva", CMS Wire, April 8, 2014.
Munich, Germany (14 April 2014) – ABBYY®, a leading provider of document recognition, data capture and linguistic software and professional services, today announced they are running a survey of finance and accounting professionals working in sectors such as Legal, Banking, Manufacturing and many others.
The purpose of the survey is to find out how accounting professionals are processing invoices and purchase orders and working with systems like ERP. If you work in a finance role, or know someone who does, then please take a few minutes to give us your opinion or forward it on to someone who can.
You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.
We want to communicate a couple pieces of information about this news with regard to Drupal.org.
Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.
As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.
We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.
We have taken the following steps to protect Drupal.org account holders:
- Installed new SSL certificates based on a new private key
- Revoked the old SSL certificates
- Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
- Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
- Removed all active sessions
- Verified the email addresses in use today match those in use a week ago
- Required that all Drupal.org users with administrative or project repository access to reset their passwords
Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
Feel free to comment on the post with any questions. Thank you!Front page news: Drupal News
As teased earlier, the first release candidate for WordPress 3.9 is now available for testing!
We hope to ship WordPress 3.9 next week, but we need your help to get there. If you haven’t tested 3.9 yet, there’s no time like the present. (Please, not on a production site, unless you’re adventurous.)
To test WordPress 3.9 RC1, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the release candidate here (zip). If you’d like to learn more about what’s new in WordPress 3.9, visit the work-in-progress About screen in your dashboard ( → About in the toolbar) and check out the Beta 1 post.
If you’re a plugin author, there are two important changes in particular to be aware of:
- TinyMCE received a major update, to version 4.0. Any editor plugins written for TinyMCE 3.x might require some updates. (If things broke, we’d like to hear about them so we can make adjustments.) For more, see TinyMCE’s migration guide and API documentation, and the notes on the core development blog.
- WordPress 3.9 now uses the MySQLi Improved extension for sites running PHP 5.5. Any plugins that made direct calls to mysql_* functions will experience some problems on these sites. For more information, see the notes on the core development blog.
Be sure to follow along the core development blog, where we will be continuing to post notes for developers for 3.9. (For example, read this if you are using Masonry in your theme.) And please, please update your plugin’s Tested up to version in the readme to 3.9 before April 16.
This haiku’s the easy one
3.9 is near
WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately.
This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress security team.
It also contains a fix to prevent a user with the Contributor role from improperly publishing posts. Reported by edik.
This release also fixes nine bugs and contains three other security hardening changes:
- Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
- Fix a low-impact SQL injection by trusted users. Reported by Tom Adams of dxw.
- Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. Reported by Szymon Gruszecki.
Download WordPress 3.8.2 or venture over to Dashboard → Updates and simply click “Update Now.”
Sites that support automatic background updates will be updated to WordPress 3.8.2 within 12 hours. If you are still on WordPress 3.7.1, you will be updated to 3.7.2, which contains the same security fixes as 3.8.2. We don’t support older versions, so please update to 3.8.2 for the latest and greatest.
Already testing WordPress 3.9? The first release candidate is now available (zip) and it contains these security fixes. Look for a full announcement later today; we expect to release 3.9 next week.