Drupal.org nieuws

Subscribe to feed Drupal.org nieuws
Come for the software, stay for the community Drupal is an open source content management platform powering millions of websites and applications. It’s built, used, and supported by an active and diverse community of people around the world.
Bijgewerkt: 2 uur 35 min geleden

Drupal.org Maintenance: October 19th 17:00 PDT (Oct 20th 00:00 UTC )

ma, 10/19/2015 - 19:59

Drupal.org will be affected by maintenance Monday, October 19th 17:00 PDT (Oct 20th 00:00 UTC )

Upgrade Flag module to version 3 on Drupal.org will cause a short downtime as the database table structure is updated. We plan on a 30 minute window of potential instability.

Change record: https://www.drupal.org/node/2594253

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!
____________________________

Read more about change notifications.
Sign up to receive change notifications via email.

Responding to spam on Drupal.org

do, 10/15/2015 - 04:16

With the recent release of Drupal 8 RC1, and the related increases in mentions on social media and tech news outlets, Drupal.org is seeing a modest bump in traffic. Along with that modest bump in real traffic, spammers have decided to increase their efforts to get content onto Drupal.org to boost their own SEO. Drupal.org is very attractive to these spammers.

Spam fighting is not fun, and certainly not glamorous, but it is a necessary part of keeping our community home clean and tidy. Community volunteers have helped report and block spam for many years, and Drupal Association staff are looking for ways to ease this burden.

Every spam fighting solution for a website as open as ours takes on spammers using two approaches: automated pattern matching and human review. I wanted to take a moment to walk through some of the approaches we use—though not in too much detail lest the spammers read this and adapt their methods to match.

On the automated front, we use tools like Mollom to do text analysis. Their system is constantly learning from the sites that use it. These services also have tools to help distinguish a robot from a human. Figuring out which spam is coming from bots helps us prevent certain types of spam from filling up the site. We also use tools like Honeypot to try and detect particularly fast submissions to the site. (Note: this is a tough one as many developers type as fast as a robot. You know who I'm talking about.)

Just as common as bot-based attacks are those that are run by humans. The advantage in using humans to place spam is they can get around bot-detection techniques such as captcha or submission speed check.

The most recent spam attacks are a combination of these techniques. We employed a combination of techniques to respond. These include some automated techniques and some that rely on humans.

The automated techniques will likely get a bit more strict for a time while we sort out the best ways to limit the rate of spam hitting Drupal.org. Most of the spam is submitted to our forum system.

As for the human-reliant techniques, we need your help. If you see something, report it. We switched the focus of our development team this week on building the tools to make reporting process much easier. Early next week confirmed users should be able to help us target spam and remove it from Drupal.org with minimal effort by simply flagging content as spam.

We really appreciate all of the amazing work our community does to help keep its home tidy and free of spam. Our community is phenomenal!

Front page news: Association

Drupal 7.40 released

do, 10/15/2015 - 01:39

Drupal 7.40, a maintenance release with numerous bug fixes (no security fixes) and several new features, is now available for download. See the Drupal 7.40 release notes for a full listing.

Download Drupal 7.40

Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.40 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.39 and 7.40 releases can be found by reading the 7.40 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.40 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x

2015 Membership Drive: Because Members Are Contributors Too

di, 10/13/2015 - 22:28

Today, we introduced a banner on drupal.org pages. It invites all site visitors to support the Drupal project by becoming Drupal Association members.

Our membership drive runs from now through December 30, and we have two big goals: $100,000 in revenue and 1,000 new/renewed members. Visitors to drupal.org who log in as current Individual Members will be invited to share the campaign; all other visitors will be invited to join.

We hope you enjoy the stories told as part of this campaign. We've invited community members to participate by telling us why the Association matters to them. This is another great opportunity for community spotlights to shine on some of the most active and passionate people in Drupal. Want to share your story? Reach me by contact form at http://drupal.org/u/lizzjoy.

We'll keep you updated on our progress toward the campaign goals at https://assoc.drupal.org/support-project-you-love and https://assoc.drupal.org/help-grow-our-membership.

Front page news: Planet Drupal

Drupal 8.0.0-rc1 released

wo, 10/07/2015 - 23:33

We now present the first release candidate for Drupal 8.0.0! Drupal 8 includes a tremendous number of new features and improvements for both users and developers.

We revamped Drupal's user interface; added WYSIWYG and in-place editing; significantly improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; improved multilingual support; and added hundreds of other improvements. Drupal 8.0.0-rc1 is the collective work of over 3,200 core contributors. Read more about what's new in Drupal 8.0.x.

The first release candidate provides a great opportunity to begin developing with Drupal 8, especially for:

  • New sites.
  • Sites that rely mainly on the expanded functionality provided by Drupal 8 core alone.
  • Projects that will take months of development time.
  • Sites for which Drupal 8's benefits outweigh the effort needed to port (or work around) contributed modules that do not yet have Drupal 8 versions.
Using Drupal 8 # Launching new sites #

Drupal 8 itself is very functional straight out of the box -- many of the top Drupal 7 modules are now included in core, and several features have been made more flexible to avoid the need to install many other modules. Evaluate your needs, and you may easily find that everything you need for a project is already included in Drupal 8 core. Check out our slides about Drupal 8 to learn about the changes.

Updating existing sites #

The new version also includes a revamped Migrate module to update existing Drupal 6 and 7 sites to Drupal 8 directly. The migration feature is currently marked "experimental," meaning it is not yet fully supported and we are still working to improve it. For this reason, the Drupal 8 release candidate does not yet provide a user interface for migrations. Use the Migrate Plus and Migrate Upgrade modules to test migrations now, or read more about Migrate in core.

Contributed modules and themes #

There are a number of modules already ported to Drupal 8 as well as themes already being developed. We set up the contrib tracker project to make it easier to track the status of the ports of contributed modules.


DrupalCon Barcelona Drupal 8 sprint photo by Pedro Lozano (under the CC BY 2.0 license) Porting modules and themes to Drupal 8 #

If you have not done so already, now is the time to ensure that your modules and themes will work with the new version. While there are many changes in Drupal 8, we wanted to make it as easy as possible to get started porting modules. We suggest you use Drupal Module Upgrader to run a first pass of code upgrades. Some things will be automatically upgraded while others will get a @todo comment or will be left untouched.

To help you learn and apply the new APIs, the api.drupal.org site has overviews and short examples of all major Drupal 8 APIs. The Drupal.org handbooks have in-depth guides with more background information on each API as well. We also have a complete list of all API changes to Drupal 8, spanning the 4.5 years of Drupal 8's development.

Instead of using our own home-brewed templating system from Drupal 7 and earlier, Drupal 8 uses the Twig templating engine. Many of the concepts from previous versions of Drupal still apply with Twig. We are working on a guide for you to help update your themes. Also check out the Drupal 8 theming documentation for more information.

Be sure to file any core bugs that you may find while updating your module or theme.

Translating Drupal 8 #

The interface strings are officially frozen now. Only error corrections, removals or additions of whole strings, and fixes required for critical issues may be made to the interface text from this point forward. This is the best time to translate Drupal 8, so your translations will be available when the final version is released. The installer now comes with automated translation downloads, so whatever you translate now will be useful for all Drupal 8 installs. Localize.drupal.org has a summary page about core translation status in all the supported languages with a step-by-step guide in the sidebar to help you contribute.

Documentation, book, and video authors #

The user interfaces, interactions, and "look and feel" of Drupal 8.0.0 are now frozen and will only be changed if required for critical bug fixes. If you previously put your documentation, instruction video, or book project on hold, now is the time to pick it up again. Now is also the time to update documentation on Drupal.org and to get documentation fixes into Drupal 8, so the explanations are correct. Thanks for your contributions!

Be aware that Drupal 8 will employ semantic versioning, with new "minor" releases (backwards-compatible with API additions and new features) approximately every six months. So strings, user interfaces, and other visual aspects of Drupal will be improved throughout the entire Drupal 8 process, which may require subsequent updates to these materials.

Contributing to Drupal 8 core #

During the release candidate phase, only critical fixes and documentation improvements will be committed to Drupal 8 core (plus certain non-disruptive "rc target" changes at core committer discretion). Other issues that have been reviewed and tested by the community may remain uncommitted until after 8.0.0 to ensure that critical bugs can be fixed quickly without risking regressions. Read more about the allowed changes during the RC phase.

When will Drupal 8.0.0 be released? #

We will schedule an official release date for 8.0.0 when we are confident that the rate and nature of incoming critical bugs has slowed enough to ensure a stable release. Until then, release candidates of Drupal 8 will be released twice a month concurrently with the Drupal 6 and 7 release windows.

Known issues #

We are confident that our code is stable enough for wider testing by site owners, developers, and end users. There are however still known issues with Drupal 8.0.x, including major bugs. Help resolve these issues by testing Drupal 8 and searching for existing bug reports and adding more information to help resolve those bugs. If your suspected bug hasn't been reported yet, submit a bug report.

There is a known issue with response cache headers sometimes exceeding hosting configuration limits that may cause some pages to not be viewable on some hosting providers. If you run into this, see that issue and its related issues for details.

Handling security issues #

Starting now, any security issues discovered for Drupal 8 should be kept confidential and reported using the Report a security vulnerability link on the Drupal project page in order to protect existing sites. Through December 31, 2015, the Drupal 8 security bounty is also still active, so you can get paid for finding security issues and reporting them in our private tracker! See the security team page for more information on Drupal security.

Talk about the release candidate! #

We suggest the #drupal8rc hashtag for Twitter, Facebook, etc. posts. To mention and find conversations about work already made with Drupal 8, use #madewithd8. We can't wait to see what you make with Drupal 8!

Front page news: Drupal NewsDrupal version: Drupal 8.x

Marketplace Updates to Highlight Contributing Organizations

di, 09/22/2015 - 19:28

We are excited to announce some big changes to the Drupal.org Marketplace. In Dries’ Amsterdam Keynote, he made a compelling case for showing the contributions of organizations that are helping build Drupal. By highlighting organizations that give their employees time to give back, we make it possible for more people to give time to making the project better.

In March, we took steps to begin collecting this information by allowing individuals that were contributing in the issue queues to attribute their contributions to organization that they are employed by or customers that funded the work. When a maintainer of a project (module, theme, distribution or Drupal Core) closes an issue as fixed, they have an opportunity to pass on credit to the individuals who helped contribute to fixing the issue—and not just code contributions, but any kind of feedback, review, designs, etc.

We called this system issue credits and it has been a huge success. We now show the last 90 days of issue credits awarded to an individual or organization on their profile.

Today, after months of collecting this data, we are taking how we highlight contributing organizations to a new level.

With this launch, we are removing the distinction of "featured service providers" versus "all service providers". By using data about these organizations contributions, we can provide a single list of all organizations ordered by their contributions.

For now, we are using issue credits as the primary sort. The secondary sort highlights organizations that are giving back by supporting Drupal.org through the supporting partner program or organization membership. Soon, we plan to incorporate case studies submitted, DrupalCon sponsorships, and camp sponsorships to help make a more complete picture of how organizations are contributing to our community.

Give it a look and give us your feedback.

Front page news: Drupal News

Help us test DrupalCI

di, 09/15/2015 - 19:05

DrupalCI is the next generation testing infrastructure for Drupal. After years of development, DrupalCI has been rolled out for testing Drupal 8 Core and Contrib projects - and will soon be taking over testing Drupal 7 Core and Contrib as well and for Drupal 6 for the duration of its long term support window.

But we need your help!

At this time, DrupalCI is running in parallel with the existing PIFT/PIFR testing architecture. Before we retire the old testing infrastructure we want to ensure that there are no feature regressions in the new DrupalCI system, and that core and contrib developers have had time to learn the new testing architecture and try it out thoroughly.

If you are a maintainer of a contrib module with testing enabled, we will enable DrupalCI testing for your project. At this time, DrupalCI supports testing in D8 Core and Contrib, but D7 and D6 testing will be enabled soon. If you see that DrupalCI testing has been enabled for your project, please provide your feedback in the issue linked below.

To learn more about how to use DrupalCI for automated testing of your project on Drupal.org, please consult this documentation page.

How can you provide feedback?

We are collecting feedback on the new testing architecture in this issue: #2534132 - Disable Legacy Testbots and use drupalCI as our testing infrastructure. Please focus your feedback on:

  • Feature regressions from current testbots
  • Unexpected test failures
  • User interface issues
  • Test result parsing and display

Though DrupalCI is a more flexible and extensible testing architecture, we are not collecting additional feature requests at this time.

If you are a module maintainer, and you are a satisfied that the new DrupalCI tests are meeting your testing needs, you can return to the Automated Testing tab for your project and choose to disable PIFT/PIFR testing, by deleting the specific releases you no longer need tested in the old system:


Learn how to add automated testing to your project…

If you would like to add automated testing to your projects on Drupal.org you can learn more about writing tests with this tutorial.

Front page news: Drupal NewsDrupal version: Drupal 6.xDrupal 7.xDrupal 8.x

Drupal 7.39 and 6.37 released

wo, 08/19/2015 - 22:45

Drupal 7.39 and Drupal 6.37, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.39 and Drupal 6.37 release notes for further information.

Download Drupal 7.39
Download Drupal 6.37

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.39 is a security release only. For more details, see the 7.39 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Drupal 6.37 is a security release only. For more details, see the 6.37 release notes. A complete list of all changes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.39 and 6.37 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.39 or Drupal 6.37.

Update notes

See the 7.39 and 6.37 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Community Spotlight: Jibran Ijaz (Jibran)

wo, 08/05/2015 - 18:24

Jibran Ijaz (jibran) is a Drupal developer, and is the only Drupal Core contributor in Pakistan. A member of Drupal.org since he began building websites in 2010, Jibran has become an important member of both his local community and the greater global Drupal community. The Drupal Association spoke with Jibran over email and asked him a few questions. We’re excited to share the conversation with you.

How did you get involved with Drupal and core contribution?

Back in December 2010, I started working as a freelancer on a Drupal 6 site with a friend. It took me a while to understand all the systems like nodes, cck, views, and themes, but I was finally able to find my way. At the time, Drupal 7 RC versions had only just begun being released, so when Drupal 7.0 came out I had to learn a lot of things all over again. For me, the new built-in Entity API and Field API were difficult concepts to understand. It took me a while to understand the changes in theme layer, learn about html.tpl.php, and understand the Render API. These things were so confusing to me that I wound up submitting my first core issue related to documentation.

After going through this learning curve twice, I thought I might as well start learning Drupal 8 now. So I started hanging out in the core issue queue, and began reading a lot of Drupal 8 blog posts on Drupal planet. One day, I read that they were moving all the Drupal Core files to the Core directory and they needed help in re-rolling a lot of trivial patches. I went and found a documentation novice issue in Drupal 8 and helped fix it both for Drupal 8 and for Drupal 7. After that, I was hooked.

What do you do with Drupal these days?

I'm a senior Drupal developer for PreviousNext, where I work remotely from Lahore, Pakistan. I mostly work on large Drupal 7 sites, but lately I have started working on a Drupal 8 site as well. It's fun to work with such a great team of front-end developers, back-end developers, and project managers at PreviousNext.

In my free time, I contribute to Drupal. I do a lot of code reviews. Specifically, I love working on Views issues in Drupal 8. I have also been actively involved in a lot of contrib projects and have been helping with porting them to Drupal 8. During the weekends, I enjoy working on dynamic_entity_reference.

You’re involved with quite a variety of projects in the Drupal community and in your national Drupal community as well. Can you describe some of the things you do and why you like them?

Ever since my childhood, computers have fascinated me. Even though my bachelor's degree is in Telecommunication Engineering, I always loved coding. This means my involvement with Drupal is almost always related to coding. I enjoy solving bugs, writing patches, and performing code reviews. I also like to get involved in technical discussions related to Drupal, and really enjoy helping others understand difficult Drupal concepts, so I mentor people as well.

In Pakistan, we have a very enthusiastic Drupal community. The Drupal Association has helped us with organizing numerous camps, workshops and training opportunities in different cities all over the country. I wasn’t actively involved with local community until about a year ago when I talked to Donna Benjamin (kattekrab), who was the director of community engagement at PreviousNext at the time. Donna encouraged me to participate a lot more in my local Drupal community, so I took part in my first Drupal Camp at Lahore on 3 May 2014. I was the only core developer there, and my fellow attendees were very appreciative and welcoming. At the camp, I talked about Drupal 8, and everybody loved it. So I’ve been attending ever the Drupal Camp I can get to ever since. I was even a keynote speaker at Drupal camp Islamabad back in April.

What’s the coolest project you’ve worked on?

I have worked on a lot of Drupal projects with very complex architecture. It's always fun whenever I get to use a big module like Domain Access, Services, Commerce, Ubercart, Google Maps, or Organic Groups to build features for our clients. It's also fun when I get to build a complex architecture using Drupal API. I'd prefer not to name a specific project, though. It would feel like I'm pointing at my favorite kid.

What changes are you most looking forward to in Drupal 8?

Oh! The simple answer is everything. The change form Functional Programming to Object Oriented Programming is the most important thing for me. Personally, I also like the built-in plugins system of Drupal 8 because if you’re familiar with the plugin API, you can easily use it in Blocks, Entities, Fields, Menus, and Views. Even Drupal 8 contrib modules like Rules and Page Manager are doing a lot of amazing things with plugins.

What is your favorite thing about the Drupal community?

I love the Drupal community as whole, and am inspired by the fact that we all share the same enthusiasm towards Drupal. It doesn't matter who you are or what the scope of your technical knowledge is — anyone and everyone can make a difference in the community. I spend a lot of time with Drupal developers on IRC, at local and international Drupal events, and I haven't found a single person who isn’t kind and helpful. No matter how many times you ask the same question or a stupid question, everyone always responds very kindly. No one has ever treated me differently because of my religion or region. Every person I have met in the Drupal community has inspired me on some level, irrespective of their contribution in Drupal. That is my favorite thing about the Drupal community.

What is your most meaningful Drupal moment?

Drupal has given me a lot of beautiful moments. It's very hard to pick one, so I’ve listed several below.

1. First time I attended DrupalCon. Picture by @lsheydrupal

2. First time I met with webchick

3. First time I got a shout-out from webchick on my Drupal contributions at DrupalSouth

And there are countless other moments, like my keynote at Drupal Camp Islamabad, hanging out with VDC team at DrupalCon code sprint, meeting with the whole PreviousNext team for the first time, and dynamic_entity_reference hacking with Lee Rowlands after the DrupalSouth code sprint.

Tell us a little about your background or things that interest you outside Drupal.

Before computers, my first love was math. I like to read, but lately I haven't been able to read many books. I can speak and understand a bit of Arabic, French, and German. I love to learn new stuff and experiences new things in life. I like watching football and Formula1, and I also watch a lot of English TV series and movies. Now I know why I don't have time to read anymore. :D

Secure your account: Two Factor authentication on Drupal.org

zo, 07/19/2015 - 22:22

Drupal.org users* can now use Two factor authentication to increase the security of their accounts. It can be enabled via Security tab of your user profile page. Read the detailed instructions at Enabling TFA on Drupal.org.

This was made available to Drupal.org admins in May. It is now required for users who have advanced access on Drupal.org. However, every user can benefit from the security that two factor authentication offers.

If you want to make two factor authentication available on your own Drupal site, you can install the TFA module.

* Two factor authentication is available for all users with the 'confirmed user' role. If you don't see 'Security' tab on your profile page, you might be missing the role. Just keep posting content on Drupal.org and it will be granted soon. You can also apply to get the role.

Front page news: Planet Drupal

Drupal.org Git Server Migration (2015-07-09 20:00-22:30 UTC)

wo, 07/08/2015 - 19:22

On July 9th 8pm UTC, Drupal.org migrated to a redundant cluster of 2 servers. This provides failover in the event one server fails.

After the migration Host keys will change and your client might give an error message when pushing to Git. Consult your OS’s documentation on how to fix this error. For most operating systems, the following should remove the errors:

ssh-keygen -R git.drupal.org  && ssh-keygen -R 140.211.10.43

If you have any questions please raise an issue in the infrastructure issue queue. https://www.drupal.org/project/issues/infrastructure?categories=All

You can follow the progress of the migration at http://twitter.com/drupal_infra

Update: migration was successful

Host keys have changed and your client might give an error message when pushing to Git. The new host key is:

2048 16:f5:44:6c:a1:c6:be:72:cd:98:b5:b7:7d:26:d6:14 git.drupal.org (RSA)

Drupal 7.38 and 6.36 released

wo, 06/17/2015 - 19:06

Drupal 7.38 and Drupal 6.36, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.38 and Drupal 6.36 release notes for further information.

Download Drupal 7.38
Download Drupal 6.36

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.38 is a security release only. For more details, see the 7.38 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Drupal 6.36 is a security release only. For more details, see the 6.36 release notes. A complete list of all changes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.38 and 6.36 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.38 or Drupal 6.36.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x

Community Spotlight: Solomon Kitumba and Benjamin Lutaaya Kiyita

di, 06/02/2015 - 23:01

For our June community spotlight, we’d like to highlight the efforts of two men in Uganda who are working hard to grow their local community and bring more university students into the Drupal fold. In 2014, the two were awarded a Community Cultivation Grant for their Uganda University Drupal Tour program, which will be discussed in today’s spotlight.

For close to three years, Solomon Kitumba(solomonkitumba) and Benjamin Lutaaya Kiyita(benjaminkyta) of Kampala, Uganda, have been working with Drupal. Solomon, a Drupal front end developer, owns Kyta Labs, a mobile and web app development company. Benjamin, a Drupal Dev Ops and UI/UX Developer, is active both in the local Drupal community and in the local Linux community as well. Both men share a fascination with open source, and encountered the same obstacles when learning Drupal — which led them to team up and forge a better path for other Ugandans.

Initially, both Solomon and Benjamin learned Drupal software through online tutorials found on Lynda.com and YouTube, and through free eBooks as well. One struggle that the two bumped up against — and still struggle with — is the lack of a physical space where their local community can come together to teach new Drupalers, learn from each other, and give each other support.

"One of the biggest challenges we have faced is a lack of collaborative space where drupalers can meet daily,” said Solomon.” In our city, there’s nowhere where we can work on solutions together and learn from each other. There are a couple of these places for mobile developers, but we lack one for web people in Kampala.

“We’ve used our Drupal careers to create a presence in the local tech industry,” said Solomon by email. “People know who to talk to if they want to discuss Drupal and getting paid to develop using Drupal. Initially, our local community was pretty inactive. There were a few people who knew how to use Drupal, but lacked the force and momentum to get good attendance at events and meetups. We’ve been working to attract more people, like site builders and module developers, and we’ve seen a lot of growth in our local community because of it."

And how have the two grown the Drupal community in Uganda?

“We started doing some outreach to use local universities as meeting spaces, but they’re so far from the main city that it became very costly. Getting together outside of the city means dealing with expenses like hotel fees, transportation costs, and a few other things, and those costs would put our projects at a standstill in times when we can’t afford it."

However, the outreach to nearby universities — though expensive — has its benefits. “We’re doing a lot of work to get university students interested in Drupal while they are still at school. Students have a lot of time available to learn new things, so we put together a Drupal University tour that we are still conducting, and so far it has been very well received."

For Solomon and Benjamin, the university tour seemed like a natural extension of the work they’d been doing at local meetups.

"We got the idea from the tech meetups we attended in Kampala that were also attended by university students in the same field. They were all curious about the platforms we use to build our online technologies, and we told them about Drupal. After the meetups they knew it was a CMS and a few of them could even install it — but that was it. We asked ourselves how we could help these students learn Drupal more easily, which led us to the idea of holding training through the major universities in Uganda. And for us, it just made sense to call the campaign the Drupal University Tour."

Planning the University Tour was no easy task: the duo encountered no small amount of hesitation from universities, and came up against financial obstacles as well. “We started off by writing down the things we would need, and figured out from there how we would hold the trainings — what we would teach specifically, and so on. Then, we started communicating with the department heads of the universities we wanted to train at. Some of them were hesitant at first, but eventually they accepted our proposal.

"When we were preparing the tour, we realized that we needed funding for the whole campaign. The universities weren't ready to financially facilitate our sessions, so we applied for the Drupal Community Cultivation Grant. Through it, we were awarded $1,488 USD, and we were able to kick off the tour."

The two knew that, for maximum efficacy, they’d have to go to a number of different schools to speak to as many students as possible. So they decided to go to the best schools in the country. “We went to all the major universities in Uganda. Makere University, Kampala International University, Kyambogo University, and Mbara University of Science and Technology were all on our list. Because of scheduling conflicts, we weren’t able to run the tour in the timeframe we had planned, but we eventually made it. And, we managed to have a little money left over — about $50 USD, which was enough for us to go to another institution called Datamine Technical Institute. So they were able to benefit from the campaign as well,” Solomon concluded.

The Drupal University tour has been a big success, the two felt.

“We spent a day teaching the students about Drupal itself as a software. We taught them about making contributions to the development, such as by submitting code to the project. We also emphasized the power of both the local and global Drupal communities, and discussed what a big benefit it is,” Solomon said. “We talked about how to share resources with people in the Drupal community, and how we can mobilize both locally and internationally to help people learn Drupal and organize training."

We couldn’t be more thrilled and grateful for the work that Solomon and Benjamin have done. We often hear conversations about the difficulties of bringing new talent into the Drupal community, and the work that Solomon and Benjamin have done is invaluable, both for their local community and for the wider Drupal world. Thank you for your work!

Drupal 8 Security bug bounty program: Get paid to find security issues in D8

di, 06/02/2015 - 15:38

Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure D8 upholds the same level of security as our previous releases. That's where you come in!

The security team is using monies from the D8 Accelerate fund to pay for valid security issues found in Drupal 8, from now until August 31, 2015 (open to extension). This program is open for participation by anyone.

How does this work?

Install a local copy of Drupal 8 from Git (https://www.drupal.org/project/drupal/git-instructions). Find security issues such as XSS, SQL Injection, CSRF, Access Bypass etc. If you find any, go to www.bugcrowd.com/drupal and submit them. You will have to sign up for an account on bugcrowd.com for this. Bugcrowd is a crowdsourced security bug finding platform suggested by security team members, and it is used by many, including LastPass, Pinterest, Heroku, Pantheon, and CARD.com.

I can get paid to do this?

We will be paying anywhere from $50-$1000 per issue. The more serious the issue, the more the security team will be paying. Issues must first be confirmed by a security team member before being approved for payment. You must provide a detailed explanation of the issue and steps to reproduce the issue. The quality of your report will be taken into account when assigning a value to it. We will also take into account the severity of the security issue.

Can I get paid for finding issues in contrib or Drupal 7?

No, however if you do find security issues in Drupal core other than version 8 or in contrib projects please submit them via our issue reporting process.

Who is running this program?

The Drupal Security Team with funds from the D8 Accelerate program.

If I find something will I get credit?

Yes, just like our regular reporting policy you will get credit as long as you don’t disclose it until a fix is released. If an issue is suitable for public discussion, we will disclose it and give you credit.

Do all security issues count?

If a task requires the attacker to have one of the following roles it would not count:
Access site reports (a.k.a. "View site reports"), Administer filters, Administer users, Administer permissions, Administer content types, Administer site configuration, Administer views, Translate interface.
List of issues excluded from the bounty program includes, but not limited to:
- Descriptive error messages (e.g. Stack Traces, application or server errors).
- HTTP 404 codes/pages or other HTTP non-200 codes/pages.
- Fingerprinting / banner disclosure on common/public services.
- Disclosure of known public files or directories, (e.g. robots.txt).
- Clickjacking and issues only exploitable through clickjacking.
- CSRF on forms that are available to anonymous users (e.g. the contact form).
- Logout Cross-Site Request Forgery (logout CSRF).
- Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality.
- Lack of Secure/HTTPOnly flags on non-sensitive Cookies.
- Lack of Security Speedbump when leaving the site.
- Username enumeration
- Missing HTTP security headers, specifically (https://www.owasp.org/index.php/List_of_useful_HTTP_headers), e.g.
- Strict-Transport-Security
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP
- Content-Security-Policy-Report-Only
- SSL Issues, e.g.
- SSL Attacks such as BEAST, BREACH, Renegotiation attack
- SSL Forward secrecy not enabled
- SSL weak / insecure cipher suites

However, we would still like to know about it, and you will still get credit for it. but we will not be issuing payments for it.

I have a question not listed here

Email security@drupal.org

Drupal version: Drupal 8.x

Drupal 7.37 released

do, 05/07/2015 - 06:24

Drupal 7.37, a maintenance release with numerous bug fixes (no security fixes), is now available for download. See the Drupal 7.37 release notes for a full listing.

Download Drupal 7.37

Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.37 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.36 and 7.37 releases can be found by reading the 7.37 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.37 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Limited email privacy breach on Drupal.org on April 15th

za, 04/18/2015 - 02:05

On April 15th, a change to a Drupal.org website permission inadvertently allowed a small segment of users to view a report listing the email addresses of recently logged in users. No passwords were involved. The problem was mitigated within 13 hours of being introduced and within 3 hours of being reported. The problem was completely resolved within 24 hours of introduction. The number of affected email addresses is relatively small – fewer than 500. Those users are being contacted directly if their email was affected. Users with maintainer access or the community role and above were not affected by this incident.

The users with permission to see this report were limited to community members that have shown frequent contribution to Drupal.org. The possible exposure time was also limited to between April 15, 2015 20:53 UTC to April 16, 2015 9:00 UTC. There were approximately 44 IP addresses that accessed the information during that time. These users are mostly administrators of Drupal.org and the community members who first reported the incident.

Even though the exposure of email addresses was limited as described above, we recommend all users to be cautious of any email that asks you for personal information.

We want to thank the community members who moved quickly to alert the Drupal Security and Drupal.org infrastructure teams about the problem.

Front page news: Drupal NewsDrupal version: Drupal 7.x

A new way to welcome newcomers on Drupal.org

wo, 04/15/2015 - 22:04

The first initiative on the Drupal.org 2015 roadmap is ‘Better account creation and login’. One of the listed goals for that initiative is “Build a user engagement path which will guide users from fresh empty accounts to active contributors, identifying and preventing spammers from moving further.” This is something Drupal Association team has been focusing on in the last few weeks.

The first change we rolled out a few days ago was a ‘new’ indicator on comments from users whose Drupal.org accounts are fewer than 90 days old. The indicator is displayed on their profile page as well. We hope this will help make conversations in the issue queues and forum comments more welcoming, as people will be able to easily see that someone is new, and probably doesn’t know yet a lot about the way community works.

Today we are taking another step towards making Drupal.org more welcoming environment for new users. But first, a bit of background.

New users and spam

It is not a surprise for anyone that a big number of user accounts registering on the site are spam accounts. To fight that and prevent spam content from appearing on Drupal.org, we have a number of different tools in place. Of course, we don’t want these tools to affect all active, honest users of the site, and make their daily experience more difficult. To separate users we are sure about from those we aren’t sure about yet, we have a special ‘confirmed’ user role.

All new users start without such a role. Their content submissions are checked by Honeypot and Mollom, their profiles are not visible to anonymous visitors of the site, and the types of content they may create are limited. Once a user receives a ‘confirmed’ role, his or her submissions will not be checked by spam fighting tools anymore; their profile page will be visible to everyone, and they will be able to create more different types of content on the site.

This system works pretty well, and our main goal is to ensure that valid new users get the ‘confirmed’ role as quickly as possible, to improve their experience and enable them to fully participate on the site.

The best way to identify someone as not a spammer is have another human look at the content they post and confirm they are not spammers. Previously, we had a very limited number of people who could do that-- about 50. Because of that, it usually took quite some time for new user to get the role. This was especially noticeable during sprints.

Today we’d like to open a process of granting a ‘confirmed’ role to the thousands of active users on the site.

‘Community’ user role

Today, we are introducing a new ‘Community’ role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org. Users who have this role will be able to ‘confirm’ new users on the site. They will see a small button on comments and user profile of any user who has not yet been confirmed. If you are one of the users with ‘Community’ role, look out for this new Confirm button, and when you see one next to a user - take another look at what the person posted. If their content looks valid, just click ‘confirm’. By doing so, you will empower new users to fully participate on Drupal.org and improve their daily experience on the site.

With expect to have at least 10,000 active users with the ‘Community’ role. With so many people to grant the ‘confirmed’ role, new users should be confirmed faster than ever before.

If you aren’t sure if you have the ‘community’ role or not, don’t worry. We will send an email notification to every user whose account receives the new role. The email will have all the information about the role and how to use it.

Thanks for helping us make Drupal.org a better place!

New Try Drupal Program

vr, 04/10/2015 - 18:38

One of the Drupal Association's primary missions is to grow the adoption of Drupal. We are about to launch a new program on April 15th called Try Drupal. The program will make it easy and fast for evaluators to try Drupal and have a simple, great experience while on Drupal.org.

We’ve created Try Drupal with our Premium Hosting Supporters to make it easier for CMS evaluators and Drupal.org newcomers to test and work with a Drupal demo site. The Program will showcase a selection of Hosting Companies where a new user can quickly (in less than 20 minutes) sign up and have a Drupal demo site up and running for them to use for free.

This is part of the Drupal Association’s initiative to develop a new revenue stream through advertising programs on Drupal.org. This revenue will help fund various site initiatives by the Association to improve Drupal.org performance, and make it easier to use and more secure. After interviewing many members of the community, we determined that new advertising products should be useful to Drupal.org visitors, support our mission to grow the adoption of Drupal, and should not interfere with visitors contributing to the project.

To ensure a positive Drupal experience, partners need to adhere to the following guidelines:

  • Users are directed to a self-serve sign up platform
  • Users can create a free account for the demo site that accommodates a trial installation of Drupal 7 or 8
  • Users can create a website in 20 minutes or less
  • The demo site should be available to the user for a minimum of one day upon sign up
  • The partner cannot include a paywall or require a credit card upon sign up

The Try Drupal program will be featured on the homepage of Drupal.org. It will launch with a larger iterative change to the homepage, with an emphasis on helping users move from newcomer, to learner, to skilled Drupal community members.

It’s important that we fund Drupal.org improvements, and that we do so in a responsible way that respects the community. We anticipate rolling out more key advertising programs throughout 2015, stay tuned for more updates. Thanks for taking the time to read about our initiatives, and please tell us your thoughts!

Drupal 7.36 released

do, 04/02/2015 - 04:56

Drupal 7.36, a maintenance release with numerous bug fixes (no security fixes) and several new features, is now available for download. See the Drupal 7.36 release notes for a full listing.

Download Drupal 7.36

Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.36 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.35 and 7.36 releases can be found by reading the 7.36 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.36 release notes for details on important changes in this release.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 7.x

Announcing The Aaron Winborn Award to honor amazing community members

di, 03/24/2015 - 05:17

In honor of long-time Drupal contributor Aaron Winborn (see his recent Community Spotlight), whose battle with Amyotrophic lateral sclerosis (ALS) (also referred to as Lou Gehrig's Disease) is coming to an end later today, the Community Working Group, with the support of the Drupal Association, would like to announce the establishment of the Aaron Winborn Award.

This will be an annual award recognizing an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community. It will include a scholarship and stipend to attend DrupalCon and recognition in a plenary session at the event. Part of the award will also be donated to the special needs trust to support Aaron's family on an annual basis.

Thanks to Hans Riemenschneider for the suggestion, and the Drupal Association executive board for approving this idea and budget so quickly. We feel this award is a fitting honor to someone who gave so much to Drupal both on a technical and personal level.

Thank you so much to Aaron for sharing your personal journey with all of us. It’s been a long journey, and a difficult one. You and your family are all in our thoughts.

Front page news: Planet Drupal

Pagina's