Drupal

Subscribe to Drupal feed
Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
Updated: 9 hours 13 min ago

Drupal.org Maintenance: Oct 23rd 14:00 PDT (21:00 UTC)

22 October, 2014 - 16:58

Drupal.org will be affected by maintenance Thursday, October 23rd 14:00 PDT, 21:00 UTC.

An increase of the MySQL innodb_buffer_pool_size will cause a short downtime for Drupal.org while MySQL is restarted. We plan on a 30 minute window of potential instability, though the actual outage should be 5 minutes or less.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Categories: Content Management

Drupal 7.32 released

15 October, 2014 - 12:47

Drupal 7.32, a maintenance release which contain fixes for security vulnerabilities, is now available for download. See the Drupal 7.32 release notes for further information.

Download Drupal 7.32

Upgrading your existing Drupal 7 is strongly recommended. There are no new features or non-security-related bug fixes in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.32 is a security release only. For more details, see the 7.32 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.32 was released in response to the discovery of critical security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to Drupal 7.32.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: Content Management

Drupal 8.0.0 beta 1 released

1 October, 2014 - 06:30

Drupal 8.0.0-beta1 has just been released for testing and feedback! This key milestone is the work of over 2,300 people who have contributed more than 11,500 committed patches to 15 alpha releases, and especially the 234 contributors who fixed 177 "beta blocker" issues. To read about the new features in Drupal 8, see Drupal.org's Drupal 8 landing page.

Drupal 8 beta 1 for testers

Betas are good testing targets for developers and site builders who are comfortable reporting (and where possible, fixing) their own bugs, and who are prepared to rebuild their test sites from scratch if necessary. Beta releases are not recommended for non-technical users, nor for production websites.

Start by downloading Drupal 8.0.0-beta 1 and installing it! Drupal 8 definitely still has bugs, and we need your help to discover them. Let us know what bugs you find in the Drupal core issue queue. (Please search the known issues before filing.)

Drupal 8 beta 1 for module and core developers

The main differences between the previous Drupal 8 alphas and the new beta are:

  • The fundamental APIs in Drupal 8 (like the entity, configuration, and menu APIs) are now stable enough so that contributed module and theme authors can start (or resume) their #D8CX pledges and port their projects to Drupal 8.
  • We have locked down Drupal 8's data model enough that developers should generally not need to perform data migrations between beta releases of Drupal 8. We will start providing a beta-to-beta upgrade path in a later beta release.
  • Limited API and data model changes will still happen, though core maintainers will try to isolate these changes to only non-fundamental APIs or critical bug fixes.

We need your help to fix critical bugs by reviewing patches and creating patches.

If you're new to core development, check out Core contribution mentoring, a twice-weekly IRC meeting where you can get one-on-one help getting set up and finding a Drupal 8 task.

Drupal 8 beta 1 for designers, translators, and documentation writers

Drupal 8's user interface, interface text, and markup are not finalized until the first release candidate, so it's too early to focus on user-facing documentation, translations, or themes (though by all means, adventurous contributors should start now to provide feedback while we can still fix things). Note that localize.drupal.org does not yet support the full Drupal 8 API and does not have all translatable strings.

When does 8.0.0 get released?

Beta 1 will be followed by a series of additional beta releases with bug fixes, performance improvements, and improved stability.

The release version of Drupal 8.0.0 will be ready after there are no more critical issues (as of today, there are 97 remaining) and we've had at least one release candidate (RC) without adding any more critical issues to the list.

When will that be? "When it's ready." The more people help, the faster we can find and fix bugs, and the faster 8.0.0 gets released. The faster 8.0.0 gets released, the faster we can start adding new features for Drupal 8.1.0. So help out where you can, and let's deliver the best release of Drupal ever! :)

Thank you!

A massive thank-you to everyone who helped get Drupal 8 beta 1 done, especially the contributors who have focused on beta-blocking issues (pictured below).

Front page news: Planet DrupalDrupal version: Drupal 8.x
Categories: Content Management

Drupal.org Maintenance: Sep 23rd 14:00 PDT (21:00 UTC)

22 September, 2014 - 20:50

Drupal.org will be affected by maintenance Tuesday, September 23rd 14:00 PDT, 21:00 UTC.

Switching version control systems for Drupal.org deployment will cause a short downtime as docroot files are migrated. We plan on a 30 minute window of potential instability.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Categories: Content Management

Drupal Security Team update.

18 September, 2014 - 18:07
Joint Security release with WordPress

In big news, we had our first joint release with WordPress. We collaborated together with the WordPress team on a PHP security issue discovered by a security researcher. We’re thrilled that we had an opportunity to work together with others in the open source CMS community. We shared a few tips and tricks and it was great working with the WordPress team.

Keeping Drupal Secure

In keeping with our mission to showcase security best practices at Drupal’s online home, we’ve upgraded https://security.drupal.org to Drupal 7. This ensures we’re on a supported platform. We also took the opportunity to add some new features that help us enhance our team’s efficiency by automating a number of routine tasks.

As part of our dedication to keeping Drupal users safe, we’ve written and announced the Long Term support (LTS) plan for Drupal 6 (https://www.drupal.org/d6-lts-support). This is an important step as we look forward to the release of Drupal 8. Soon we will be introducing two-factor authentication to Drupal.org, thanks to hard work from security team members Ben Jeavons, Greg Knaddison , Neil Drumm, and Michael Hess. (https://groups.drupal.org/node/439868 and https://drupal.org/node/2239973)

And here’s one last, fun note: Security.Drupal.org issues now show up on the drupal.org dashboard if you add the widget. You can get it clicking on dashboard after logging in and adding the widget.


Securing Drupal E-Commerce

Some Drupal security team members were recently involved in putting together a compliance White paper for keeping track of PCI compliance. Anyone who runs a Drupal site and takes credit cards should read the whitepaper. Here’s a little more information:

Version 3.0 of the PCI compliance standard becomes mandatory on January 1st, 2015 and will be a complete game changer for many Drupal eCommerce sites. This includes triple the number of security controls if your website touches credit card information and more. The community supported Drupal PCI Compliance White Paper (http://drupalpcicompliance.org/) will give you a high level overview of what PCI compliance is, why you need to comply, and (most importantly) how to get started. This paper was written and reviewed by several members of the Drupal security team, including Rick Manelius, Greg Knaddison, Ned McClain, Michael Hess, and Peter Wolanin.

Simplifying Security

We’ve redesigned our Security Advisory system to make evaluating and analyzing security threats easier and more intuitive. This came about after several core contributors informed us that they wanted a better way to address security threats. We sent out a survey through Twitter to learn more about how people write and read the Security Advisories. Based on the responses we put together a new Security Advisory system that takes much of the guesswork out of the process of evaluating threats. We’ve added and reordered elements on the Security Advisory’s criticality scale and added explanations to help people understand where a security problem is on the spectrum of potential threats.

Our Growing Team

We’ve brought a number of new members onto the security team. Please help us give a very warm welcome to our newest security team members:

Alex Pott (alexpott) - IRC nick: alexpott, Organization: Chapter Three
Cash Williams (cashwilliams) - IRC nick: CashWilliams, Organization: Acquia
Dan Smith (galooph) - IRC nick: galooph, Organization: Code Enigma
David Snopek (dsnopek) - IRC nick: dsnopek, Organization: MVPcreator
Rick Manelius (rickmanelius) - IRC nick: rickmanelius, Organization: NewMedia!

We’re always looking for more qualified people who place a high priority on security. If you’d like to join the security team: https://security.drupal.org/join

Drupal version: Drupal 7.x
Categories: Content Management

Drupal.org Maintenance: Sep 16th 16:00 PDT (23:00 UTC)

15 September, 2014 - 22:34

Drupal.org will be affected by maintenance Tuesday, September 16th 16:00 PDT, 23:00 UTC.

A regular module update will alter some larger tables, which will block other queries. We plan on up to 30 minutes of downtime while these updates run.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Front page news: Drupal News
Categories: Content Management