Drupal Myths

Drupal.org

Subscribe to Drupal.org feed
Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
Updated: 9 hours 57 min ago

Drupal 7.30 released

July 24th, 2014 at 10:12:51 PM

Drupal 7.30, a maintenance release with several bug fixes (no security fixes), including a fix for regressions introduced in Drupal 7.29, is now available for download. See the Drupal 7.30 release notes for a full listing.

Download Drupal 7.30

Upgrading your existing Drupal 7 sites is recommended. There are no new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.30 is a bug fix only release. The full list of changes between the 7.29 and 7.30 releases can be found by reading the 7.30 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.30 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Drupal 7.29 and 6.32 released

July 16th, 2014 at 8:37:56 PM

Drupal 7.29 and Drupal 6.32, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.29 and Drupal 6.32 release notes for further information.

Download Drupal 7.29
Download Drupal 6.32

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.29 is a security release only. For more details, see the 7.29 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.32 is a security release only. For more details, see the 6.32 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.29 and 6.32 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.29 or Drupal 6.32.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Drupal.org Maintenance: July 8th 11:00 PDT (July 8th 18:00 UTC)

June 30th, 2014 at 5:21:37 PM

Drupal.org will be affected by maintenance Tuesday, July 8th, 11:00 PDT (July 8th, 18:00 UTC).

To finish our load balancer rebuilds, we are moving traffic from our old load balancer to our new. During this process, there maybe a five minute period of brief instability.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Drupal.org Maintenance: July 2nd 13:00 PDT (July 2nd 20:00 UTC)

June 25th, 2014 at 8:00:06 PM

Drupal.org will be affected by maintenance Wednesday, July 2nd, 13:00 PDT (July 2nd, 20:00 UTC).

To finish our CDN deployment on Drupal.org, we are moving the www.drupal.org CNAME to point at our CDN edge. The CNAME switch should be seamless and only take a few minutes to update across DNS.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Drupal 6 extended support announcement

June 18th, 2014 at 4:42:03 PM

On February 13, 2008, Drupal 6 was released. The policy of the community is to support only the current and previous stable versions. (When Drupal 6 was released, Drupal 4.7.x was marked unsupported. When Drupal 7 came out, Drupal 5.x was marked unsupported.) This policy was created to prevent core and module maintainers from having to maintain more than 2 active major versions of Drupal.

With the coming Drupal 8 release, this policy has been questioned. We want to ensure that sites that wish to move from Drupal 6 to Drupal 8 have a supported window within which to do so. The Drupal core team, key module maintainers, and representatives of the Drupal security team met at Drupalcon Austin to discuss this as an in-person follow up to the previous discussion at https://drupal.org/node/2136029.

Drupal 6 core and modules will transition to unsupported status three months after Drupal 8 is released. "Unsupported status" means the community will not be providing support or patches in the same way we do now. Continuing to support Drupal 6 would be difficult for many reasons, including a lack of automated test coverage, the requirement for rigorous manual release testing, the slow-down it introduces in the release of security fixes for the vast majority of Drupal users (on version 7+), and the general shift of volunteers in the community moving their attention onto Drupal 8 development.

This gives Drupal 6 users a few options:

1) Upgrade to Drupal 7 any time between now and 3 months after Drupal 8.0.0 is released. Drupal 7 releases undergo almost 40,000 automated tests, and Drupal 7 will be fully supported at least until Drupal 9 comes out. Given the past history, the release of Drupal 9 is likely to be around 2018.

2) Upgrade to Drupal 8 after it is released, but before Drupal 6 is not supported anymore. Fortunately, Migrate support for Drupal 6 to Drupal 8 is already in core, and there is Migrate UI, a contributed module. While not all contributed modules will be ready at the time Drupal 8 is released, Drupal 8's migration path handles most of the critical site data via its CCK to Entities/Fields in Core migrations.

3) Find an organization that will provide extended support for Drupal 6. The Drupal Security Team will provide a method for companies and/or individuals to work together in the private security issue queue to continue developing updates, and will provide a reasonable amount of time for companies to provide patches to Drupal 6 security issues that also affect Drupal 7 or Drupal 8. The security team will coordinate access to issues for companies wishing to provide extended support for Drupal 6. However, the team will not explicitly review or test the patches (some team members may do this on their own). All code created by these vendors, would be released to the community.

Organizations and individuals interested in providing this level of support for their customers
AND who have the technical knowledge to maintain a Drupal core release should go to the security team Drupal 6 long term support page.

Both the Security Team and Drupal core leadership feel that a 3-month window after Drupal 8's release before eclipsing community support for Drupal 6 is a workable compromise between leaving Drupal 6 sites on an unsupported version the second Drupal 8 comes out, and acknowledging that our community's volunteer resources are limited and have shifted focus. We hope that organizations that rely on Drupal 6 will step up to help maintain it after community support winds down, and/or help their clients update to D8.

Drupal version: Drupal 6.x

Drupal.org Maintenance: June 18th 3PM PDT (June 18th 22:00 UTC)

June 16th, 2014 at 9:44:47 PM

Drupal.org will be affected by maintenance Wednesday, June 18th, 15:00 PDT (June 18th, 22:00 UTC) and ending Wednesday, June 18th, 16:00 PDT (June 18th, 23:00 UTC).

In preparation for our CDN deployment on Drupal.org, we are moving Drupal.org to www.drupal.org. The name switch should be seamless and only take a few minutes to update in various places.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Drupal.org Maintenance: June 16th 4PM PDT (June 16th 23:00 UTC)

June 12th, 2014 at 10:04:21 PM

Drupal.org will be affected by our ISP’s maintenance window starting Monday, June 16th, 16:00 PDT (June 16th, 23:00 UTC) and ending Monday, June 16th, 18:00 PDT (June 17th, 01:00 UTC).

Our ISP will be upgrading the firmware on the customer aggregation routers, and we expect to see a 10‒15 minute disruption in traffic sometime during the maintenance window.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Community Spotlight on Emanuel Greucean, Maurits Dekkers, and Ernő Zsemlye

May 20th, 2014 at 4:03:01 PM

For this month’s community spotlight, we wanted to showcase three stellar Drupalistas who went above and beyond at the Dev Days Szeged sprints. Emanuel Greucean (gremy), Maurits Dekkers (Mauzeh), and Ernő Zsemlye (zserno) all made big contributions to the project at Dev Days Szeged. Here’s a little bit about each.

Emanuel Greucean (gremy) How did you get involved with Drupal?

I got involved with Drupal right after college, in 2009. I went to a job interview, showed the employers my enthusiasm about web development and my very not impressive profile, one of which was a Joomla website, and they accepted me. At this job, I got initiated in the art of web development and got a solid education in Drupal. At my first day on the job, I was given the Drupal Developer’s “Bible” (Pro Drupal Development, 2nd edition), and was told that I had to know it by heart.

What do you think open source represents?

For me, open source represents the opportunity to have access to awesome products for free. It also represents the opportunity to join a community of passionate developers and to learn a lot, and also to pass on your knowledge. If you are a contributor, it’s also an opportunity to leave a mark, and a joy to know that your work is being used by millions of people.

Why did you choose to work in Szeged on beta blocking, and what is your fondest memory from Szeged?

One reason for working on beta blockers in Szeged was the desire to get Drupal 8 as close as possible to being released, because I really want to start using it in Production.

One of my fondest memories from Szeged might be the moment when I actually finished the last missing "Change Record” issue, and with this Drupal 8 change records were up to date for the first time in three years. Also I really appreciate all the help I received from people I had never met before. They initiated me into contributing to the community.

Are you working on any fun projects at the moment?

Yes. I am currently collaborating with Kalamuna, a Drupal shop from San Francisco's East Bay Area. They are really great colleagues, and I have the opportunity to work on great projects with them. One of the projects I am most excited about is Kalabox, and I have to say that I am really enthusiastic about its future.

Maurits Dekkers (Mauzeh) How did you get involved with Drupal?

I got involved with Drupal through a client about three years ago. They were using Drupal mainly for its ability to allow site builders to create their own fieldable data structures. Until then I had mostly worked with Zend Framework and Symfony, and I never even knew there was an open source system that could do this! Or course, now I know that there is so much more about Drupal that is awesome, and I cannot imagine a web development life without it!

What do you think open source represents?

For me, open source represents people (!) who provide their time, effort, and financial resources on something that provides only indirect value. An open source developer spends their free time working on a feature not knowing whether it will actually make it into the final product (unless they are the project lead...). For some this might be an unrewarding way of working because there appear to be few direct, short-term, rewards. So if you contribute something to open source software, you must do it for reasons unrelated to direct income or revenue. Therefore, the passion that people have for the product comes from a much deeper belief.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

Despite working with open source software on a daily basis, and lurking around in the issue queues, I never had the guts to really get involved. I realized that getting to know the people behind the nicknames would certainly help because I could just walk over and ask something. So when I saw the announcement for Szeged, I jumped in straight away. And I'm really glad I did. I most remember the people I was working with and having beers with at night, with Cathy (YesCT) being just amazing to get people up to speed. Her passion for the community is really remarkable. I wanted to learn more about how the Entity API works in Drupal 8, and was directed to tstoeckler and plach, from whom I learned very much very quickly.

Are you working on any fun projects at the moment?

I'm currently working as a freelancer for a few Drupal site building shops. Since I just started as a freelancer in November last year, I'm working quite a lot to make sure I have some financial room to contribute some more to D8.

Ernő Zsemlye (zserno) How did you get involved with Drupal?

It all started during my 4th year at the university. I needed a few more credits for the upcoming semester and stumbled upon a new elective course titled "Open Source Content Management Systems" held by a guy called Kristof Van Tomme. I had absolutely no idea about the topic but it sounded pretty cool so I applied. The first lecture was about open source in general and a brief introduction to the Drupal world. At the end of the lecture, Kristof mentioned that he was looking for interns for his new company. I applied the next day and I am sure that was the best move in my career to date. :)

What do you think open source represents?

I could compare it to traveling. Once you experience what traveling to new places feels like, you suddenly start to feel as if you had been looking at the world through a small and dirty window. Then you also realize how small you are in this life. This is so true for open source.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

I wanted to work on something that would give me the opportunity to dive deep into Drupal 8 and learn as much as possible about the new system. I was assigned to an Entity API beta blocker. After having spent my first 3 days on getting my head around all the new things in D8, I got stuck. The next day Berdir pinged me on IRC that he wanted to discuss the next steps with me in person. We talked for about 5 minutes but that was enough to put me back on track with the issue and also gave me great inspiration that I could talk to a real rockstar in person.

Are you working on any fun projects at the moment?

I am working at the Central European University as a web developer. We are a small team of four people who maintain virtually any web presence of the whole university: main institutional site with heavy traffic, custom websites for each departments, research groups, alumni campaigns, student groups, etc. It is a constant challenge to use our limited resources to address all arising needs successfully. So we are continuously looking for new ways to create reusable solutions across all these websites. And this is lots of fun. For example I just finished building a custom installation profile based on the fantastic Panopoly distribution so firing up a new website became ridiculously easy.

---

Gremy, mauzeh, and zserno were just a few of a huge number of rock stars who worked hard and made great contributions at Szeged. Thank you so much to everyone who turned out for the sprints! The next major sprint event will be at DrupalCon Austin. Our community organizers (led by YesCT) have worked hard to make sure we'll have seven days of sprints that culminate in a huge sprint on Friday, June 6. We hope to see you there.

Drupal version: Drupal 8.x

Community Spotlight on Emanuel Greucean, Maurits Dekkers, and Ernő Zsemlye

May 20th, 2014 at 4:03:01 PM

For this month’s community spotlight, we wanted to showcase three stellar Drupalistas who went above and beyond at the Dev Days Szeged sprints. Emanuel Greucean (gremy), Maurits Dekkers (Mauzeh), and Ernő Zsemlye (zserno) all made big contributions to the project at Dev Days Szeged. Here’s a little bit about each.

Emanuel Greucean (gremy) How did you get involved with Drupal?

I got involved with Drupal right after college, in 2009. I went to a job interview, showed the employers my enthusiasm about web development and my very not impressive profile, one of which was a Joomla website, and they accepted me. At this job, I got initiated in the art of web development and got a solid education in Drupal. At my first day on the job, I was given the Drupal Developer’s “Bible” (Pro Drupal Development, 2nd edition), and was told that I had to know it by heart.

What do you think open source represents?

For me, open source represents the opportunity to have access to awesome products for free. It also represents the opportunity to join a community of passionate developers and to learn a lot, and also to pass on your knowledge. If you are a contributor, it’s also an opportunity to leave a mark, and a joy to know that your work is being used by millions of people.

Why did you choose to work in Szeged on beta blocking, and what is your fondest memory from Szeged?

One reason for working on beta blockers in Szeged was the desire to get Drupal 8 as close as possible to being released, because I really want to start using it in Production.

One of my fondest memories from Szeged might be the moment when I actually finished the last missing "Change Record” issue, and with this Drupal 8 change records were up to date for the first time in three years. Also I really appreciate all the help I received from people I had never met before. They initiated me into contributing to the community.

Are you working on any fun projects at the moment?

Yes. I am currently collaborating with Kalamuna, a Drupal shop from San Francisco's East Bay Area. They are really great colleagues, and I have the opportunity to work on great projects with them. One of the projects I am most excited about is Kalabox, and I have to say that I am really enthusiastic about its future.

Maurits Dekkers (Mauzeh) How did you get involved with Drupal?

I got involved with Drupal through a client about three years ago. They were using Drupal mainly for its ability to allow site builders to create their own fieldable data structures. Until then I had mostly worked with Zend Framework and Symfony, and I never even knew there was an open source system that could do this! Or course, now I know that there is so much more about Drupal that is awesome, and I cannot imagine a web development life without it!

What do you think open source represents?

For me, open source represents people (!) who provide their time, effort, and financial resources on something that provides only indirect value. An open source developer spends their free time working on a feature not knowing whether it will actually make it into the final product (unless they are the project lead...). For some this might be an unrewarding way of working because there appear to be few direct, short-term, rewards. So if you contribute something to open source software, you must do it for reasons unrelated to direct income or revenue. Therefore, the passion that people have for the product comes from a much deeper belief.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

Despite working with open source software on a daily basis, and lurking around in the issue queues, I never had the guts to really get involved. I realized that getting to know the people behind the nicknames would certainly help because I could just walk over and ask something. So when I saw the announcement for Szeged, I jumped in straight away. And I'm really glad I did. I most remember the people I was working with and having beers with at night, with Cathy (YesCT) being just amazing to get people up to speed. Her passion for the community is really remarkable. I wanted to learn more about how the Entity API works in Drupal 8, and was directed to tstoeckler and plach, from whom I learned very much very quickly.

Are you working on any fun projects at the moment?

I'm currently working as a freelancer for a few Drupal site building shops. Since I just started as a freelancer in November last year, I'm working quite a lot to make sure I have some financial room to contribute some more to D8.

Ernő Zsemlye (zserno) How did you get involved with Drupal?

It all started during my 4th year at the university. I needed a few more credits for the upcoming semester and stumbled upon a new elective course titled "Open Source Content Management Systems" held by a guy called Kristof Van Tomme. I had absolutely no idea about the topic but it sounded pretty cool so I applied. The first lecture was about open source in general and a brief introduction to the Drupal world. At the end of the lecture, Kristof mentioned that he was looking for interns for his new company. I applied the next day and I am sure that was the best move in my career to date. :)

What do you think open source represents?

I could compare it to traveling. Once you experience what traveling to new places feels like, you suddenly start to feel as if you had been looking at the world through a small and dirty window. Then you also realize how small you are in this life. This is so true for open source.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

I wanted to work on something that would give me the opportunity to dive deep into Drupal 8 and learn as much as possible about the new system. I was assigned to an Entity API beta blocker. After having spent my first 3 days on getting my head around all the new things in D8, I got stuck. The next day Berdir pinged me on IRC that he wanted to discuss the next steps with me in person. We talked for about 5 minutes but that was enough to put me back on track with the issue and also gave me great inspiration that I could talk to a real rockstar in person.

Are you working on any fun projects at the moment?

I am working at the Central European University as a web developer. We are a small team of four people who maintain virtually any web presence of the whole university: main institutional site with heavy traffic, custom websites for each departments, research groups, alumni campaigns, student groups, etc. It is a constant challenge to use our limited resources to address all arising needs successfully. So we are continuously looking for new ways to create reusable solutions across all these websites. And this is lots of fun. For example I just finished building a custom installation profile based on the fantastic Panopoly distribution so firing up a new website became ridiculously easy.

---

Gremy, mauzeh, and zserno were just a few of a huge number of rock stars who worked hard and made great contributions at Szeged. Thank you so much to everyone who turned out for the sprints! The next major sprint event will be at DrupalCon Austin. Our community organizers (led by YesCT) have worked hard to make sure we'll have seven days of sprints that culminate in a huge sprint on Friday, June 6. We hope to see you there.

Drupal version: Drupal 8.x

Drupal 7.28 released

May 8th, 2014 at 4:19:33 AM

Drupal 7.28, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.28 release notes for a full listing.

Download Drupal 7.28

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.28 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.27 and 7.28 releases can be found by reading the 7.28 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.28 release notes for details on important changes in this release.

Known issues

Changes made to the Update Manager module in this release may lead to performance slowdowns in certain cases (including on rare page loads for site visitors, if the site is using the automated cron feature). See the release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Drupal 7.28 released

May 8th, 2014 at 4:19:33 AM

Drupal 7.28, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.28 release notes for a full listing.

Download Drupal 7.28

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.28 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.27 and 7.28 releases can be found by reading the 7.28 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.28 release notes for details on important changes in this release.

Known issues

Changes made to the Update Manager module in this release may lead to performance slowdowns in certain cases (including on rare page loads for site visitors, if the site is using the automated cron feature). See the release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Drupal.org Downtime: April 29th 5PM PDT (April 30th 0:00 UTC)

April 28th, 2014 at 11:41:31 PM

Drupal.org will be going down for up to 2 hours starting Tuesday, April 29th, 17:00 PDT (April 30th, 0:00 UTC).

This maintenance window will be used for an issue queue update, which will need to alter a large table, #2152169: Issue queues sort projects by node number, not project name. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be disabled; they will otherwise remain available.

Please follow the @drupal_infra Twitter account for updates during the downtime.

Thanks for your patience!

Drupal.org Downtime: April 22nd 5PM PDT (April 23rd 0:00 UTC)

April 21st, 2014 at 7:26:22 PM

Drupal.org will be going down for up to 2 hours starting Tuesday, April 22nd, 17:00 PDT (April 23rd, 0:00 UTC).

This maintenance window will be used for routine Drupal module updates, which need to alter large tables. We expect issue text search performance to improve as a result. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be disabled; they will otherwise remain available.

Please follow the @drupal_infra Twitter account for updates during the downtime.

Thanks for your patience!

Drupal 7.27 and 6.31 released

April 16th, 2014 at 7:59:15 PM

Update: Drupal 7.28 is now available.

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Download Drupal 7.27
Download Drupal 6.31

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues
  • This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.
  • (Drupal 7 only) This release caused a JavaScript error which breaks Ajax requests in very old browsers (for example, Internet Explorer 8 and earlier); see this issue for details. The solution is to upgrade to Drupal 7.28.
  • (Drupal 7 only) This release caused the Multiple Forms module to stop working correctly. A fix is available in this issue.
Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Drupal 7.27 and 6.31 released

April 16th, 2014 at 7:59:15 PM

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Download Drupal 7.27
Download Drupal 6.31

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues

This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Drupal.org Response to Heartbleed Security Incident

April 8th, 2014 at 10:36:14 PM

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Drupal.org Response to Heartbleed Security Incident

April 8th, 2014 at 10:36:14 PM

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Front page news: Drupal News

Drupal.org Downtime: Mar 19th 5PM PDT (Mar 20th 0:00 UTC)

March 18th, 2014 at 9:55:29 PM

Drupal.org will be going down for up to 1 hour starting Wednesday, Mar 19, 17:00 PDT (Mar 20, 0:00 UTC). This maintenance window will be used for routine Drupal module updates, which need to alter large tables. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be down; they will otherwise remain available. Please follow the @drupal_infra Twitter account for updates during the downtime. Thanks for your patience!

Community Spotlight: Lee Rowlands (larowlan)

March 14th, 2014 at 2:45:02 PM

Since joining Drupal.org in 2007, Lee Rowlands (larowlan) has been an important contributor to the Drupal project. A major core contributor and Drupal 8 advocate, Rowlands has become a well-recognized and celebrated member of the Drupal community.

Rowlands is an important Drupal figure in Australia, and has spoken at DrupalCamp Brisbane 2010, Drupal Downunder Melbourne 2012, DrupalCon Sydney 2013 and Drupal South Wellington 2014. An occasional mentor during Drupal Office Hours in the Australian timezone (GMT+10), Rowlands is also a well-recognized figure in the international Drupal community for his involvement with core and his contributions to a huge variety of projects on Drupal.org.

How did you get involved with Drupal?

Jim Morrison and a naked native american came to me in a dream and told me it was my destiny. Just kidding. I started up my own IT consulting business and I'd built a couple of Drupal 5 sites.

The third site I built needed some tricky mapping functionality. This was in Drupal 5 and the site was for a locally owned fishing tackle franchise. Their point of difference with the big national chain-store was local knowledge. So they had this great idea to create a series of online fishing maps for local regions, each featuring points of interest for that region. Each point of interest had a marker icon based on its type, eg there were boat ramps, fishing spots etc. Each marker had a popup with an image and some text. The kind of thing you can build on your own with Google Maps now, but back then - it was a fairly new concept.

At the time gmap module was the go-to mapping option (Drupal 5) but it didn't support the image/marker/description functionality. So I wrote a patch to allow wiring up a content-type with gmap functionality to do so. And in order to post the patch, I had to sign up for a Drupal.org account. So that was my first comment on Drupal.org, a sizeable patch!

Not long after that I pitched the idea of a website to a local motel that had just had a renovation. At this stage Drupal 6 was out and the go-to ecommerce solution was Ubercart. My pitch included online-reservations so I worked with Will Vincent to round out a hotel-booking solution for Ubercart. That's how I got my CVS access on Drupal.org.

Contributing my code back to Drupal.org opened my consulting business up to the world. Up until that point most of my work had been for local businesses. Once I had a project on Drupal.org I started receiving work offers via my Drupal.org project page, mostly for adding new pieces of functionality.

I continued building sites and I always ensured that I had contract provisions to open-source any generic modules that the project needed. Over time I ended up with more than 30 contrib projects on Drupal.org, all with varying degrees of maintenance. Each of these kept resulting in work referrals and I kept expanding my skillset and client-base.

Then Drupal 7 came out and it felt like I had to start learning all over again. I had a long car-trip coming up so I downloaded the mega 'Upgrading 6.x modules to 7.x' thread from Drupal.org and spent about three hours taking in all the changes. As soon as I had net access, I subscribed to the Drupal core issues RSS feed. At this stage my motivation was just to keep across changes happening in core, but after a while I started seeing issues posted that I realised I could fix/work on. So I started commenting and posting the odd patch.

Not long after an epic thread was posted by @sun in the issue queue titled 'Make core maintainable' (https://drupal.org/node/1255674), basically it was proposing that if we didn't get more hands on deck in core, the only way forward was to start dropping unmaintained modules. I jumped into irc and put my hand up to maintain forum, one of the modules on the chopping block. I had a conversation with @chx who later remarked 'yesterday I saw a guy on IRC who was contemplating on taking the forum module maintainer hat' (http://www.drupal4hu.com/node/303).

So from there I took a more active role in core contribution. Those threads are a great read, even today, as they indicates the level of frustration that core developers were experiencing in the first six months of Drupal 7's release.

What do you do with Drupal these days?

I build sites for some of Australia's largest government, education, media and non-profit organisations with one of Australia's most respected Drupal Agencies, PreviousNext. It's a great team and I get to work on interesting projects.

After all this time I still enjoy working with Drupal. Sometimes people lament Drupal's ease of site-building, likening it to 'golden handcuffs', but that's where contributing to core and contrib help. If you find yourself stuck in a 'click-monkey' rut, contributing code lets you flex your 'code-monkey' muscles.

You’re involved with quite a variety of projects in the Drupal community - can you describe some of the things you do and why you like them?

I particularly like working on Drupal core because it helps me keep abreast of upcoming changes. I don't have a CS education, I have degrees in mathematics and engineering, and I've been quoted before saying I got my CS education in the Drupal issue queues. As a contributor you are incredibly lucky to have your work constructively reviewed by some of the world's best programmers. Every time someone makes a suggestion on your patch, you learn a little more. I've learnt so many programming concepts from reviewing other's code and having my code reviewed by others. Particularly during the Drupal 8 cycle, where we've effectively rewritten Drupal in a new language - PHP 5.3.

What’s the coolest project you’ve worked on?

Its not live anymore unfortunately but I worked on sendmypostcards.com which was a Drupal 6 site with Ubercart where you could create your own postcards and pay to have them printed. You could use your Facebook photo-galleries, Flickr account or upload your own files. The designer/editor was built with jQuery and the site used batch-jobs to generate 300dpi print-ready PDFs. It was a challenging project but it did end up spawning a number of contrib modules including Image Cache External which allows you to generate derivatives of remote images. Unfortunately the site didn't last, but I did get a couple of Christmas cards printed and sent to my office. It was great to have something tangible, I still have them mounted on my office wall.

What changes do you hope will come in Drupal 8?

I'm disappointed we didn't get a layout builder in core but I'm excited by the opportunities for it to develop and mature in the contrib ecosystem. Some of the work done as part of the Scotch Initiative by @sdboyer and @eclipsegc was pretty awesome. @sdboyer stepped me through the 'Princess' branch (the name was a dare) at the stage when it was fairly functional and the possibilities it opened up were pretty awesome. Hopefully that work will be leveraged for what becomes of panels/page manager in Drupal 8.

What is your favorite part about the Drupal community?

Getting to work with insanely intelligent and brilliant people. There are so many awesome people working with and on Drupal every day who are always willing to share their experiences and knowledge.

Tell us a little about your background or things that interest you outside Drupal?

I live in Central Queensland at the Southern tip of Australia's Great Barrier Reef. We have three World Heritage listed destinations all within our reach - the reef, Fraser Island and Mon Repos Turtle Rookery, where you can watch Marine turtles lay their eggs or the hatchlings make their way into the world. The climate is great, the cost of living is low and the people are some of the friendliest in the world. I get to work out of an office with two great Drupal devs who also work for PreviousNext, @nick_schuch and @grom385. Its a great lifestyle, our office is right on the beach.

Outside Drupal I'm passionate about family, with two school aged children and I've been married for 15 years. I'm lucky that Drupal gave me an income while my children were pre-school aged and when they went off to school I was able to turn this into a career.

Drupal version: Drupal 8.x

Community Spotlight: Lee Rowlands (larowlan)

March 14th, 2014 at 2:45:02 PM

Since joining Drupal.org in 2007, Lee Rowlands (larowlan) has been an important contributor to the Drupal project. A major core contributor and Drupal 8 advocate, Rowlands has become a well-recognized and celebrated member of the Drupal community.

Rowlands is an important Drupal figure in Australia, and has spoken at DrupalCamp Brisbane 2010, Drupal Downunder Melbourne 2012, DrupalCon Sydney 2013 and Drupal South Wellington 2014. An occasional mentor during Drupal Office Hours in the Australian timezone (GMT+10), Rowlands is also a well-recognized figure in the international Drupal community for his involvement with core and his contributions to a huge variety of projects on Drupal.org.

How did you get involved with Drupal?

Jim Morrison and a naked native american came to me in a dream and told me it was my destiny. Just kidding. I started up my own IT consulting business and I'd built a couple of Drupal 5 sites.

The third site I built needed some tricky mapping functionality. This was in Drupal 5 and the site was for a locally owned fishing tackle franchise. Their point of difference with the big national chain-store was local knowledge. So they had this great idea to create a series of online fishing maps for local regions, each featuring points of interest for that region. Each point of interest had a marker icon based on its type, eg there were boat ramps, fishing spots etc. Each marker had a popup with an image and some text. The kind of thing you can build on your own with Google Maps now, but back then - it was a fairly new concept.

At the time gmap module was the go-to mapping option (Drupal 5) but it didn't support the image/marker/description functionality. So I wrote a patch to allow wiring up a content-type with gmap functionality to do so. And in order to post the patch, I had to sign up for a Drupal.org account. So that was my first comment on Drupal.org, a sizeable patch!

Not long after that I pitched the idea of a website to a local motel that had just had a renovation. At this stage Drupal 6 was out and the go-to ecommerce solution was Ubercart. My pitch included online-reservations so I worked with Will Vincent to round out a hotel-booking solution for Ubercart. That's how I got my CVS access on Drupal.org.

Contributing my code back to Drupal.org opened my consulting business up to the world. Up until that point most of my work had been for local businesses. Once I had a project on Drupal.org I started receiving work offers via my Drupal.org project page, mostly for adding new pieces of functionality.

I continued building sites and I always ensured that I had contract provisions to open-source any generic modules that the project needed. Over time I ended up with more than 30 contrib projects on Drupal.org, all with varying degrees of maintenance. Each of these kept resulting in work referrals and I kept expanding my skillset and client-base.

Then Drupal 7 came out and it felt like I had to start learning all over again. I had a long car-trip coming up so I downloaded the mega 'Upgrading 6.x modules to 7.x' thread from Drupal.org and spent about three hours taking in all the changes. As soon as I had net access, I subscribed to the Drupal core issues RSS feed. At this stage my motivation was just to keep across changes happening in core, but after a while I started seeing issues posted that I realised I could fix/work on. So I started commenting and posting the odd patch.

Not long after an epic thread was posted by @sun in the issue queue titled 'Make core maintainable' (https://drupal.org/node/1255674), basically it was proposing that if we didn't get more hands on deck in core, the only way forward was to start dropping unmaintained modules. I jumped into irc and put my hand up to maintain forum, one of the modules on the chopping block. I had a conversation with @chx who later remarked 'yesterday I saw a guy on IRC who was contemplating on taking the forum module maintainer hat' (http://www.drupal4hu.com/node/303).

So from there I took a more active role in core contribution. Those threads are a great read, even today, as they indicates the level of frustration that core developers were experiencing in the first six months of Drupal 7's release.

What do you do with Drupal these days?

I build sites for some of Australia's largest government, education, media and non-profit organisations with one of Australia's most respected Drupal Agencies, PreviousNext. It's a great team and I get to work on interesting projects.

After all this time I still enjoy working with Drupal. Sometimes people lament Drupal's ease of site-building, likening it to 'golden handcuffs', but that's where contributing to core and contrib help. If you find yourself stuck in a 'click-monkey' rut, contributing code lets you flex your 'code-monkey' muscles.

You’re involved with quite a variety of projects in the Drupal community - can you describe some of the things you do and why you like them?

I particularly like working on Drupal core because it helps me keep abreast of upcoming changes. I don't have a CS education, I have degrees in mathematics and engineering, and I've been quoted before saying I got my CS education in the Drupal issue queues. As a contributor you are incredibly lucky to have your work constructively reviewed by some of the world's best programmers. Every time someone makes a suggestion on your patch, you learn a little more. I've learnt so many programming concepts from reviewing other's code and having my code reviewed by others. Particularly during the Drupal 8 cycle, where we've effectively rewritten Drupal in a new language - PHP 5.3.

What’s the coolest project you’ve worked on?

Its not live anymore unfortunately but I worked on sendmypostcards.com which was a Drupal 6 site with Ubercart where you could create your own postcards and pay to have them printed. You could use your Facebook photo-galleries, Flickr account or upload your own files. The designer/editor was built with jQuery and the site used batch-jobs to generate 300dpi print-ready PDFs. It was a challenging project but it did end up spawning a number of contrib modules including Image Cache External which allows you to generate derivatives of remote images. Unfortunately the site didn't last, but I did get a couple of Christmas cards printed and sent to my office. It was great to have something tangible, I still have them mounted on my office wall.

What changes do you hope will come in Drupal 8?

I'm disappointed we didn't get a layout builder in core but I'm excited by the opportunities for it to develop and mature in the contrib ecosystem. Some of the work done as part of the Scotch Initiative by @sdboyer and @eclipsegc was pretty awesome. @sdboyer stepped me through the 'Princess' branch (the name was a dare) at the stage when it was fairly functional and the possibilities it opened up were pretty awesome. Hopefully that work will be leveraged for what becomes of panels/page manager in Drupal 8.

What is your favorite part about the Drupal community?

Getting to work with insanely intelligent and brilliant people. There are so many awesome people working with and on Drupal every day who are always willing to share their experiences and knowledge.

Tell us a little about your background or things that interest you outside Drupal?

I live in Central Queensland at the Southern tip of Australia's Great Barrier Reef. We have three World Heritage listed destinations all within our reach - the reef, Fraser Island and Mon Repos Turtle Rookery, where you can watch Marine turtles lay their eggs or the hatchlings make their way into the world. The climate is great, the cost of living is low and the people are some of the friendliest in the world. I get to work out of an office with two great Drupal devs who also work for PreviousNext, @nick_schuch and @grom385. Its a great lifestyle, our office is right on the beach.

Outside Drupal I'm passionate about family, with two school aged children and I've been married for 15 years. I'm lucky that Drupal gave me an income while my children were pre-school aged and when they went off to school I was able to turn this into a career.

Drupal version: Drupal 8.x

Pages

See other Drupal sites in action

Drupal site of the day: Examiner

Examiner.com is a local news websites, allowing "pro-am contributors" to share their city-based knowledge on a blog-like platform.

view.jpg