Drupal Myths

Drupal.org

Subscribe to Drupal.org feed
Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
Updated: 11 hours 42 min ago

Drupal 7.27 and 6.31 released

April 16th, 2014 at 7:59:15 PM

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Download Drupal 7.27
Download Drupal 6.31

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues

This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Drupal.org Response to Heartbleed Security Incident

April 8th, 2014 at 10:36:14 PM

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Front page news: Drupal News

Drupal.org Downtime: Mar 19th 5PM PDT (Mar 20th 0:00 UTC)

March 18th, 2014 at 9:55:29 PM

Drupal.org will be going down for up to 1 hour starting Wednesday, Mar 19, 17:00 PDT (Mar 20, 0:00 UTC). This maintenance window will be used for routine Drupal module updates, which need to alter large tables. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra Twitter account for updates during the downtime. Thanks for your patience!

Community Spotlight: Lee Rowlands (larowlan)

March 14th, 2014 at 2:45:02 PM

Since joining Drupal.org in 2007, Lee Rowlands (larowlan) has been an important contributor to the Drupal project. A major core contributor and Drupal 8 advocate, Rowlands has become a well-recognized and celebrated member of the Drupal community.

Rowlands is an important Drupal figure in Australia, and has spoken at DrupalCamp Brisbane 2010, Drupal Downunder Melbourne 2012, DrupalCon Sydney 2013 and Drupal South Wellington 2014. An occasional mentor during Drupal Office Hours in the Australian timezone (GMT+10), Rowlands is also a well-recognized figure in the international Drupal community for his involvement with core and his contributions to a huge variety of projects on Drupal.org.

How did you get involved with Drupal?

Jim Morrison and a naked native american came to me in a dream and told me it was my destiny. Just kidding. I started up my own IT consulting business and I'd built a couple of Drupal 5 sites.

The third site I built needed some tricky mapping functionality. This was in Drupal 5 and the site was for a locally owned fishing tackle franchise. Their point of difference with the big national chain-store was local knowledge. So they had this great idea to create a series of online fishing maps for local regions, each featuring points of interest for that region. Each point of interest had a marker icon based on its type, eg there were boat ramps, fishing spots etc. Each marker had a popup with an image and some text. The kind of thing you can build on your own with Google Maps now, but back then - it was a fairly new concept.

At the time gmap module was the go-to mapping option (Drupal 5) but it didn't support the image/marker/description functionality. So I wrote a patch to allow wiring up a content-type with gmap functionality to do so. And in order to post the patch, I had to sign up for a Drupal.org account. So that was my first comment on Drupal.org, a sizeable patch!

Not long after that I pitched the idea of a website to a local motel that had just had a renovation. At this stage Drupal 6 was out and the go-to ecommerce solution was Ubercart. My pitch included online-reservations so I worked with Will Vincent to round out a hotel-booking solution for Ubercart. That's how I got my CVS access on Drupal.org.

Contributing my code back to Drupal.org opened my consulting business up to the world. Up until that point most of my work had been for local businesses. Once I had a project on Drupal.org I started receiving work offers via my Drupal.org project page, mostly for adding new pieces of functionality.

I continued building sites and I always ensured that I had contract provisions to open-source any generic modules that the project needed. Over time I ended up with more than 30 contrib projects on Drupal.org, all with varying degrees of maintenance. Each of these kept resulting in work referrals and I kept expanding my skillset and client-base.

Then Drupal 7 came out and it felt like I had to start learning all over again. I had a long car-trip coming up so I downloaded the mega 'Upgrading 6.x modules to 7.x' thread from Drupal.org and spent about three hours taking in all the changes. As soon as I had net access, I subscribed to the Drupal core issues RSS feed. At this stage my motivation was just to keep across changes happening in core, but after a while I started seeing issues posted that I realised I could fix/work on. So I started commenting and posting the odd patch.

Not long after an epic thread was posted by @sun in the issue queue titled 'Make core maintainable' (https://drupal.org/node/1255674), basically it was proposing that if we didn't get more hands on deck in core, the only way forward was to start dropping unmaintained modules. I jumped into irc and put my hand up to maintain forum, one of the modules on the chopping block. I had a conversation with @chx who later remarked 'yesterday I saw a guy on IRC who was contemplating on taking the forum module maintainer hat' (http://www.drupal4hu.com/node/303).

So from there I took a more active role in core contribution. Those threads are a great read, even today, as they indicates the level of frustration that core developers were experiencing in the first six months of Drupal 7's release.

What do you do with Drupal these days?

I build sites for some of Australia's largest government, education, media and non-profit organisations with one of Australia's most respected Drupal Agencies, PreviousNext. It's a great team and I get to work on interesting projects.

After all this time I still enjoy working with Drupal. Sometimes people lament Drupal's ease of site-building, likening it to 'golden handcuffs', but that's where contributing to core and contrib help. If you find yourself stuck in a 'click-monkey' rut, contributing code lets you flex your 'code-monkey' muscles.

You’re involved with quite a variety of projects in the Drupal community - can you describe some of the things you do and why you like them?

I particularly like working on Drupal core because it helps me keep abreast of upcoming changes. I don't have a CS education, I have degrees in mathematics and engineering, and I've been quoted before saying I got my CS education in the Drupal issue queues. As a contributor you are incredibly lucky to have your work constructively reviewed by some of the world's best programmers. Every time someone makes a suggestion on your patch, you learn a little more. I've learnt so many programming concepts from reviewing other's code and having my code reviewed by others. Particularly during the Drupal 8 cycle, where we've effectively rewritten Drupal in a new language - PHP 5.3.

What’s the coolest project you’ve worked on?

Its not live anymore unfortunately but I worked on sendmypostcards.com which was a Drupal 6 site with Ubercart where you could create your own postcards and pay to have them printed. You could use your Facebook photo-galleries, Flickr account or upload your own files. The designer/editor was built with jQuery and the site used batch-jobs to generate 300dpi print-ready PDFs. It was a challenging project but it did end up spawning a number of contrib modules including Image Cache External which allows you to generate derivatives of remote images. Unfortunately the site didn't last, but I did get a couple of Christmas cards printed and sent to my office. It was great to have something tangible, I still have them mounted on my office wall.

What changes do you hope will come in Drupal 8?

I'm disappointed we didn't get a layout builder in core but I'm excited by the opportunities for it to develop and mature in the contrib ecosystem. Some of the work done as part of the Scotch Initiative by @sdboyer and @eclipsegc was pretty awesome. @sdboyer stepped me through the 'Princess' branch (the name was a dare) at the stage when it was fairly functional and the possibilities it opened up were pretty awesome. Hopefully that work will be leveraged for what becomes of panels/page manager in Drupal 8.

What is your favorite part about the Drupal community?

Getting to work with insanely intelligent and brilliant people. There are so many awesome people working with and on Drupal every day who are always willing to share their experiences and knowledge.

Tell us a little about your background or things that interest you outside Drupal?

I live in Central Queensland at the Southern tip of Australia's Great Barrier Reef. We have three World Heritage listed destinations all within our reach - the reef, Fraser Island and Mon Repos Turtle Rookery, where you can watch Marine turtles lay their eggs or the hatchlings make their way into the world. The climate is great, the cost of living is low and the people are some of the friendliest in the world. I get to work out of an office with two great Drupal devs who also work for PreviousNext, @nick_schuch and @grom385. Its a great lifestyle, our office is right on the beach.

Outside Drupal I'm passionate about family, with two school aged children and I've been married for 15 years. I'm lucky that Drupal gave me an income while my children were pre-school aged and when they went off to school I was able to turn this into a career.

Drupal version: Drupal 8.x

Unplanned Drupal.org Downtime Earlier Today (Thu Feb 13 14:59-15:21 UTC 2014)

February 13th, 2014 at 6:00:38 PM

The Drupal.org primary database server experienced a crash due to a full disk earlier today around 6:59am PST (14:59 UTC). The Nagios monitoring system which normally alerts us to prevent these outages had also crashed and failed to send any notices of a problem to the infrastructure team. By 7:21am PST (15:21 UTC) Jeff Sheltren had cleared enough space to bring the database server back online and Drupal.org returned to normal operation.

We are sorry for any inconveniences the outage may have caused. We are taking steps to prevent failed monitoring in the future by adding additional monitoring of our monitoring server. Brandon Bergren is also working to fix the issue with the cache_form table which caused the disk to fill up.

Joining The Day We Fight Back

February 10th, 2014 at 11:20:13 PM

Free Software is not just about saving money. It's not just about sharing for sharing's sake. Free Software, at its core, is about empowering people. It is about ensuring that everyone has ultimate control over their own electronic lives, because the software that runs their electronic lives is under their control and not someone else's.

How do you know your computer is doing what you tell it to, and not someone else? How do you know your phone is only recording what you tell it to record? How do you know your files are only being read by you? How do you know your refrigerator isn't reporting on your diet to someone else?

The only way to be sure is to have the source code so that you or someone you trust can verify that it is doing only what you tell it to and your electronic tools are not secretly acting for someone else. Free Software is all about ensuring an individual's personal digital sovereignty, free from unwanted or secret invasion from anyone -- other people, corporations, or governments.

The entire point of sharing source code is so that individual people and organizations can ultimately have control over their own equipment, information, and digital lives. In many ways it is about privacy: The security to know that your data is accessible to you, and your computer is used by you, and only you, unless you decide otherwise.

Recent revelations, however, have shown that people's digital sovereignty is under even more attack than before. Both the American and British governments have been found violating the digital privacy of millions of people in their own countries and around the world. That is exactly the sort of attack on individual digital sovereignty that Free Software was created to combat.

As a leading Free Software project, the Drupal Community opposes such privacy invasions. We believe it is our ethical duty to stand with The Day We Fight Back and others who oppose such violations of individual digital sovereignty. We encourage all people, all over the world, to take a stand for digital freedom. If you are in the United States you can use the banner at the bottom of this page to locate and contact your Congressional representatives and tell them to oppose further infringement of individual privacy rights and to force the NSA and similar agencies to obey the law in both letter and spirit.

Drupal 7.26 and 6.30 released

January 15th, 2014 at 7:59:49 PM

Drupal 7.26 and Drupal 6.30, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.26 and Drupal 6.30 release notes for further information.

Download Drupal 7.26
Download Drupal 6.30

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.26 is a security release only. For more details, see the 7.26 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.30 is a security release only. For more details, see the 6.30 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.26 and 6.30 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.26 or Drupal 6.30.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Predictions for 2014

January 14th, 2014 at 9:26:53 AM

4877. That is where the tradition within the Drupal community of making predictions for the year ahead with regards to our software, our community and broader, the web, started. Node 4877, written at the end of the year 2003. We have come a long way since then.

This year we would like to know what you think the year ahead will bring for Drupal and, as a bonus, we would like to know what was the best prediction you found in the past. Where did we shine when it comes to vision or humor.

See older entries from 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 and 2013. Read them.

And now predict for 2014 and reflect the last decade in this thread.

Drupal.org Downtime: Jan 13th 5PM PDT (1:00 UTC)

January 12th, 2014 at 11:01:37 PM

Drupal.org will be going down for up to 1 hour Monday, Jan 13, 17:00 PDT (Jan 14, 1:00 UTC). This maintenance window will be used for routine Drupal updates, which need to alter large tables. Single sign on for sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra Twitter account for updates during the downtime. Thanks for your patience!

Drupal.org Downtime: Jan 8th 5PM PDT (1:00 UTC)

January 7th, 2014 at 7:59:33 PM

Drupal.org will be going down for up to 2 hours Wednesday, Jan 8, 17:00 PDT (Jan 9, 1:00 UTC). This maintenance window will be used to improve the speed of issue queues. Single sign on for sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra twitter account for updates during the downtime and thanks for your patience!

Drupal 7.25 released

January 3rd, 2014 at 12:48:32 AM

Drupal 7.25, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.25 release notes for a full listing.

Download Drupal 7.25

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.25 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.24 and 7.25 releases can be found by reading the 7.25 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.25 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Drupal Association is hiring CTO

December 29th, 2013 at 7:46:52 PM

The Drupal Association, with the help of a Search Committee comprised of Board and Advisory Board members, is beginning a search for a Chief Technical Officer (CTO) for Drupal.org (not the Drupal software project). The CTO will fill a critical role for the both the Association and the community, working at the strategic level with the Drupal.org Working Groups to build a roadmap for Drupal.org, create and manage processes critical to the success of the site (including security and disaster recovery), and ensure that Drupal.org roadmaps are met. A CTO role ensures that Drupal.org has the technical and strategic oversight needed to drive improvements and innovations. Specifically we want to ensure that we have the best platform for developers, community involvement, and critical revenue-generating opportunities.

The CTO is the first of several hires we will make over the course of the next few months to significantly increase our ability to improve the experience of Drupal.org for our many constituents. These hires will include more development and devops bandwidth, among other things. In short, this is a really exciting time to work on Drupal.org!

We're asking for your help to find the right person for this role. We're looking for someone with strong product management skills, a community player who can work with our broad base of remarkable volunteers, and the experience to guide and manage our development, infrastructure and operations teams. Please review and share the Drupal Association CTO Job Description.

We've also included a little more context below if you want to learn more. And, if you have any questions, please feel free to contact Holly Ross.

Why a CTO? Isn’t that a bit much for our needs?

Our focus at the Association in 2013 has been re-aligning Association resources to bring more support and funding to our community’s most important asset: Drupal.org. During the last 9 months, we've begun diversifying our revenue streams so that we can scale our income and provide more funding for Drupal.org projects. We launched Working Groups to manage the strategic direction and policy setting we need to make good decisions for the site. Most recently, we hired a Technology Manager for the Association so that our limited technical staff can focus more fully on Drupal.org.

In 2014, we are planning for an even more dramatic shift, bringing on engineering and infrastructure staff to pay off years of technical debt and begin to move the site forward with new developer tools, better site performance, and strong security practices. We’re incredibly excited to help the community move Drupal.org forward and really meet community needs. We see the CTO role as essential to making this happen. It sets us up to proactively address Drupal.org needs at a strategic level - forecasting necessary changes before they become critical problems.

Isn’t this the role of the Working Groups?

Yes - the Working Group charters put them in charge of direction-setting and strategy for the sites. We anticipate that the CTO will work closely with the Working Groups to coordinate their work and ensure that those decisions are translated into a cohesive roadmap. Additionally, the Working Groups are not designed to implement the roadmap. The CTO will oversee the team that does that - either in-house, using 3rd party tools, through contractors, with volunteers, or a combination of these options.

Are you going to hire from within the community?

We are certainly going to look within the community. We will also look outside the Drupal community. The committee seeks a candidate who brings a breadth of experience and knowledge regarding open source community sites.

Is this a technical role or a business role?

We expect that the right candidate will have equal parts technical chops and business savvy. We are not expecting the CTO to write production code, but the CTO will have to know how to do that so that they can manage it well. Additionally, the CTO will need to understand business problems and how technology can be strategically deployed to meet those needs.

Where will the position be based?

Ideally, in Portland, OR, at the Drupal Association headquarters. We know however, that this is likely unrealistic as a hard and fast constraint, and will encourage applicants from around the globe.

Drupal 6 to stop supporting PHP 4 on March 1st 2014

December 18th, 2013 at 5:01:15 PM

Drupal 6.0 was released almost 6 years ago in February 2008. The Drupal community is committed to release Drupal 6 bugfixes until Drupal 8.0 is released and with recent changes provide security fixes much longer.

The hosting and development landscape was very different in 2008 though. PHP has gone a long way since we released Drupal 6. While Drupal 6 is still supported on PHP 4.x, the PHP developer community itself end-of-lifed PHP 4 just half a year after Drupal 6.0 came out. According to public statistics and data available to us about Drupal 6 sites, we estimate that there is a very small number of Drupal sites which may still run on PHP 4. We also don't believe it is in our best interest to support Drupal 6 on a possibly insecure but definitely unsupported base system, so we discussed and decided to drop support for PHP 4 on March 1st 2014.

If you are running a Drupal 6 site on PHP 4.x, we suggest you look at your hosting situation as it is likely there are other outdated (and possibly insecure) components involved in your environment as well. For the secure operations of your site, we suggest you look at other hosting options. We suggest to look for hosting with at least PHP 5.2.4 (same as Drupal 7's oldest supported PHP version).

While we don't plan to deliberately introduce PHP 5 constructs in Drupal 6, this change also lets contributed module developers to use PHP 5 more easily in their code.

Front page news: Drupal NewsDrupal version: Drupal 6.x

Michael Hess new Security Team Lead

December 10th, 2013 at 3:16:33 PM

Back in November of 2011, I appointed Greg Knaddison to lead the Drupal Security Team, for a term of two years. In that time, Greg has done a tremendous job helping the Security Team scale. November 2013 ends the term that Greg and I agreed to, Greg is now stepping down as team lead.

I'm pleased to share that Michael Hess (mlhess on Drupal.org) has accepted my invitation to become the new Security Team lead. For those who don't know Michael, he is an adjunct lecturer and a Solution Architect Lead at the University of Michigan. He teaches courses on content management platforms, particularly focusing on Drupal, oversees the functionality of several campus websites, and serves in a consulting and development role for other departments within the University of Michigan. He has been a member of the Drupal Security Team for 3 years and a member of the infrastructure team for 2 year.

As the Drupal Security Team lead, Michael will be the point person for the team. He'll be responsible for coordinating the Security Team's activities and for making decisions when consensus doesn't arise. Michael wants to move the team into more of an advisory and preemptive role, rather than a response function. In addition, he wants to continue to scale the security team (e.g. by working on building better and more automated tools, providing better metrics, etc).

Please join me in thanking Greg for all the great work he has done over the past two years, and in welcoming Michael as the new team lead!

Front page news: Drupal News

Drupal 7.24 and 6.29 released

November 20th, 2013 at 9:00:02 PM

Drupal 7.24 and Drupal 6.29, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.24 and Drupal 6.29 release notes for further information.

Download Drupal 7.24
Download Drupal 6.29

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.24 is a security release only. For more details, see the 7.24 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.29 is a security release only. For more details, see the 6.29 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.24 and 6.29 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.24 or Drupal 6.29.

Update notes

See the 7.24 and 6.29 release notes for details on important changes in this release.

Known issues

Sites running certain versions of Drupal core may see an erroneous message from the Update Status or Update Manager module recommending that they update to Drupal 6.27 or Drupal 7.19, rather than the actual latest security release. This appears to be an issue related to the drupal.org Drupal 7 upgrade; see this issue for further details.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Drupal.org D7 upgrade live!

November 1st, 2013 at 11:40:45 AM

If you are reading this announcement right now, then we did it! Drupal.org runs on Drupal 7! This was a big and complicated project, which took longer than we expected. But we are finally done!

What changed?

Our goal was a straight port to Drupal 7 without major changes to functionality or layout, but with greatly improved code under the hood. However some things did change, please see Drupal.org D7 F.A.Q. for details. Overall Drupal 7 gives us more flexibility to implement new features and there will be a boost in performance for some of the pages.

NOTE 1: release packaging will stay disabled for a while, till we sort out a few post upgrade issues.
NOTE 2: projects and issues are being indexed right now, listings and searches will show incomplete results till indexing is done.

What’s next?

There probably will be some bugs. If you encounter something unusual, please check the Drupal.org D7 F.A.Q. first. It may be that the change was intentional. If you are sure that you found a bug, please use the D7 upgrade QA queue to report them.

* * *

The only thing we really want to say now is.. let’s party THANK YOU!

Thank you to all of you for being patient with us during this long project. We know it took longer than anticipated and there were some bumps along the way. Our only goal throughout the project was to make Drupal.org better for all of you.

Thank you to all our fantastic contributors. There are so many of them, we even have a special page. Thank you:

Andrei Mateescu / amateescu
Joel Moore / banghouse
Rudy Grigar / basic
Brandon Bergren / bdragon
Tom Behets / betz
Bojhan Somers / Bojhan
Chi / Chi
Ian Carrico / ChinggizKhan
Nell Hardcastle / chizu
Karoly Negyesi / chx
Bill O'Conner / csevb10
Dave Reid / davereid
David Strauss / David Strauss
Meghan Palagyi / dead_arm
Dave Fletcher / dfletcher
Derek Wright / dww
Melissa Anderson / eliza411
Frank Baele / frankbaele
Greg Lund-Chaix / gchaix
Greg Knaddison / greggles
Dylan Tack / grendzy
Jose Marquez / hackwater
Michael Halstead / halstead
Herman van Rink / helmo
Chad Phillips / hunmonk
Jason Savino / jasonsavino
Jonathan Hedstrom / jhedstrom
Jennifer Hodgdon / jhodgdon
Jeremy Thorson / jthorson
KS Sundarajan / ksbalajisundar
Lewis Nyman / lewisnyman
Mark Pavlitski / markpavlitski
Marco Villegas / marvil07
Michael Prasuhn / mikey_p
Mitchell Tannenbaum / mitchell
Nick Veenhof / nick_vh
Narayan Newton / nnewton
Theodore Biadala / nod_
Pradeep Kumar / pradeeprkara
Peter Wolanin / pwolanin
Robert Ristroph / rgristroph
Chris Ruppel / rupl
Sam Boyer / sdboyer
Joel Farris / Senpai
Sam Richard / snugug
Venkata Suresh / sachin2honi
Howard Tyson / tizzo
Tyler Ward / twardnw
Angela Byron / webchick
Steve Edwards / wonder95
Roy Scholten / yoroy

Thank you to the Drupal Association Supporting Partners, who gave us the funding required to make the upgrade happen.

We couldn’t have done this without you!

/ drumm & tvn

Drupal.org downtime: 31st of October 2013, 15:00 UTC (08:00am PDT)

October 28th, 2013 at 7:28:46 PM

The Drupal.org D7 upgrade launch is confirmed. Today is Monday, 28th of October, we have 0 launch blocking issues and performance tests are looking fine. Therefore, we are going to launch on Thursday, October 31st, 2013.

What will the launch process be like?

Drupal.org will be down for approximately 24 hours during deployment. It will be replaced by a static page with a download link for the latest Drupal release available. Sub-sites will stay online, but with user logins disabled. Both updates.drupal.org and ftp.drupal.org will stay online. drush make / dl will work fine, update status module as well.

We will start deployment around 15:00 UTC on October 31st. We expect the site to be back up by 15:00 UTC on November 1st.

We realize this will be a significant inconvenience for users who rely on Drupal.org, and will try to minimize downtime as much as possible.

What if there are problems? Do you have a backup plan?

Yes, we do. If we encounter significant problems during migration, we will roll back to the Drupal 6 version of Drupal.org and restore with a backup made right before migration started.

How can I find out what’s going on during deployment?

Twitter accounts to follow are @drupal_org and @drupal_infra . IRC channels: #drupal and #drupal-contribute.

What changes will I experience when the site comes back online?

You can find information about the changes in functionality or UI in the Drupal.org D7 F.A.Q. Most pages on the site won’t change as far as layout or functionality. Our goal for this project was a straight port from Drupal 6 to Drupal 7. The only place where you will see significant UI changes is the issue page. This blog post explains what is changing on the issue page and why in detail. In general Drupal 7 gives us more flexibility to implement new features and there will be a boost in performance for some of the pages.

Why aren’t we waiting and upgrading to Drupal 8 once it releases?

The Drupal 7 upgrade began in March 2012. The upgrade took longer than we anticipated due to a variety of reasons that include the scale and complexity of Drupal.org and resource contstraints. We decided to push ahead and complete the Drupal 7 upgrade so Drupal.org can be on the latest release of Drupal, and so we can use the learnings in future upgrades.

Drupal 8 UX research studies: how you can help improve Drupal?

October 21st, 2013 at 12:23:55 AM

Usability studies are one of the best ways to keep improving Drupal 8. We want to speak with people who create or edit content on the web to take part in a UX research study to help improve Drupal 8.

This study will help us learn how content creators move between admin and non-admin interfaces. Editing content is a key part of working with Drupal, so understanding this interaction is essential.

Sign up for Drupal 8 usability study

There are a few ways you can help:

  1. You can help us recruit participants by retweeting the tweet below, post on your own social networks, and emailing friends to send people directly to the Drupal 8 usability study sign up form.
  2. You can sign yourself up as a participant.
  3. We also need people to help us observe, take notes and debrief after sessions (it’s a chance to get hands-on experience in UX research).
  4. If you have experience moderating usability studies, you can moderate some sessions too!

And, with a pool of willing participants, we'll have people we can reach out to for future studies.

If you’re interested in helping out on other Drupal User Experience issues, join us in IRC in #drupal-usability (particularly Mondays at 4:00PM Eastern Time) or follow along with issues posted in https://groups.drupal.org/usability.

Drupal.org Drupal 7 upgrade going live, prospective launch date and downtime

October 16th, 2013 at 8:53:24 PM

After a month-long Community QA, we are getting ready to deploy Drupal.org D7 upgrade. During the last couple of weeks we were limiting the number of ‘to-do before launch’ issues to those that are absolutely essential. Currently our launch blocker list consists of the 12 open issues.

We took a look at the upcoming Drupal events to find a quiet week, which won’t interfere with major camps and sprints, and..

Launch date

If by Monday, 28 of October, launch blocker issue is down to 0, we plan to deploy the Drupal.org D7 upgrade on Thursday, 31 of October.

If by Monday, 28 of October, the launch blocker issue count is higher than 0, we will have to postpone deployment for a few weeks.

What will the launch look like?

Drupal.org will be down for approximately 24 hours during deployment. It will be replaced by a static page with a download link for the latest Drupal release available. Sub-sites will stay online, but with user logins disabled. We realize this will be a significant inconvenience for users who rely on Drupal.org, and will try to bring it up as soon as possible.

We will start deployment around 15:00 UTC on October 31st. We expect the site to be back up by 15:00 UTC on November 1st.

What if there are problems? Do you have a back up plan?

Yes, we do. If we encounter significant problems during migration, we will roll back to the Drupal 6 version of Drupal.org and restore backup made right before migration started.

How can I find out what’s going on during deployment?

Twitter accounts to follow are @drupal_org and @drupal_infra. IRC channels: #drupal and #drupal-contribute.

What changes will I see when the site comes back online?

Most pages on the site won’t change. Our goal for this project was straight port from Drupal 6 to Drupal 7. The only place where you will see significant UI changes is the issue page. Some time ago we wrote up this blog post, which explains what is changing and why in detail. We will also publish an F.A.Q. right before launch, which will list all changes you might encounter on the website.

How can I help?

To ensure we are able to launch on time, you can help us by bringing launch blockers count to 0.

Here are the issues:

Drupal Core
#1289336: Calling node_view for the same node with muliple view modes on the same page does not correctly attach fields
#2001308: Node preview removes file values from node edit form for non-displayed items

Search API
#2110315: Specialized filter for users and terms
#1832356: Figure out how to dereference option lists with Search API

Project*
#2044475: Advanced issue search returns no results
#2097927: Add 'Update this issue' link next to main comment form
#1991726: Move "Follow" button back to the sidebar

Other
#2090757: User timezone on git7site doesn't match the value on production

1 Million Users on Drupal.org!

October 11th, 2013 at 7:34:14 PM

If you have been on Drupal.org today, you may have noticed something interesting near the bottom of the page. At some point during the past 24 hours, the millionth user joined Drupal.org!

It is tempting to overlook those statistics at the bottom of the page because our eyes tend to skip over what they see repeatedly. But it’s worth taking a moment to think about it. 228 countries. 181 languages. And counting.

As Dries pointed out in his keynote at Prague, more than 1,600 people have contributed to Drupal 8. That's nearly double the number of contributors for Drupal 7!

The Drupal community is truly global and it's always growing, always moving forward, 24 hours a day, 365 days a year.

Here's to the next 1 million!

Pages

See other Drupal sites in action

Drupal site of the day: Examiner

Examiner.com is a local news websites, allowing "pro-am contributors" to share their city-based knowledge on a blog-like platform.

view.jpg