Blikk Drupal News

Drupal 7.38 and 6.36 released

Drupal News - Wed, 2015-06-17 12:06

Drupal 7.38 and Drupal 6.36, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.38 and Drupal 6.36 release notes for further information.

Download Drupal 7.38
Download Drupal 6.36

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.38 is a security release only. For more details, see the 7.38 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Drupal 6.36 is a security release only. For more details, see the 6.36 release notes. A complete list of all changes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.38 and 6.36 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.38 or Drupal 6.36.

Known issues

None.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Blikk Drupal News

Community Spotlight: Solomon Kitumba and Benjamin Lutaaya Kiyita

Drupal News - Tue, 2015-06-02 16:01

For our June community spotlight, we’d like to highlight the efforts of two men in Uganda who are working hard to grow their local community and bring more university students into the Drupal fold. In 2014, the two were awarded a Community Cultivation Grant for their Uganda University Drupal Tour program, which will be discussed in today’s spotlight.

For close to three years, Solomon Kitumba(solomonkitumba) and Benjamin Lutaaya Kiyita(benjaminkyta) of Kampala, Uganda, have been working with Drupal. Solomon, a Drupal front end developer, owns Kyta Labs, a mobile and web app development company. Benjamin, a Drupal Dev Ops and UI/UX Developer, is active both in the local Drupal community and in the local Linux community as well. Both men share a fascination with open source, and encountered the same obstacles when learning Drupal — which led them to team up and forge a better path for other Ugandans.

Initially, both Solomon and Benjamin learned Drupal software through online tutorials found on Lynda.com and YouTube, and through free eBooks as well. One struggle that the two bumped up against — and still struggle with — is the lack of a physical space where their local community can come together to teach new Drupalers, learn from each other, and give each other support.

"One of the biggest challenges we have faced is a lack of collaborative space where drupalers can meet daily,” said Solomon.” In our city, there’s nowhere where we can work on solutions together and learn from each other. There are a couple of these places for mobile developers, but we lack one for web people in Kampala.

“We’ve used our Drupal careers to create a presence in the local tech industry,” said Solomon by email. “People know who to talk to if they want to discuss Drupal and getting paid to develop using Drupal. Initially, our local community was pretty inactive. There were a few people who knew how to use Drupal, but lacked the force and momentum to get good attendance at events and meetups. We’ve been working to attract more people, like site builders and module developers, and we’ve seen a lot of growth in our local community because of it."

And how have the two grown the Drupal community in Uganda?

“We started doing some outreach to use local universities as meeting spaces, but they’re so far from the main city that it became very costly. Getting together outside of the city means dealing with expenses like hotel fees, transportation costs, and a few other things, and those costs would put our projects at a standstill in times when we can’t afford it."

However, the outreach to nearby universities — though expensive — has its benefits. “We’re doing a lot of work to get university students interested in Drupal while they are still at school. Students have a lot of time available to learn new things, so we put together a Drupal University tour that we are still conducting, and so far it has been very well received."

For Solomon and Benjamin, the university tour seemed like a natural extension of the work they’d been doing at local meetups.

"We got the idea from the tech meetups we attended in Kampala that were also attended by university students in the same field. They were all curious about the platforms we use to build our online technologies, and we told them about Drupal. After the meetups they knew it was a CMS and a few of them could even install it — but that was it. We asked ourselves how we could help these students learn Drupal more easily, which led us to the idea of holding training through the major universities in Uganda. And for us, it just made sense to call the campaign the Drupal University Tour."

Planning the University Tour was no easy task: the duo encountered no small amount of hesitation from universities, and came up against financial obstacles as well. “We started off by writing down the things we would need, and figured out from there how we would hold the trainings — what we would teach specifically, and so on. Then, we started communicating with the department heads of the universities we wanted to train at. Some of them were hesitant at first, but eventually they accepted our proposal.

"When we were preparing the tour, we realized that we needed funding for the whole campaign. The universities weren't ready to financially facilitate our sessions, so we applied for the Drupal Community Cultivation Grant. Through it, we were awarded $1,488 USD, and we were able to kick off the tour."

The two knew that, for maximum efficacy, they’d have to go to a number of different schools to speak to as many students as possible. So they decided to go to the best schools in the country. “We went to all the major universities in Uganda. Makere University, Kampala International University, Kyambogo University, and Mbara University of Science and Technology were all on our list. Because of scheduling conflicts, we weren’t able to run the tour in the timeframe we had planned, but we eventually made it. And, we managed to have a little money left over — about $50 USD, which was enough for us to go to another institution called Datamine Technical Institute. So they were able to benefit from the campaign as well,” Solomon concluded.

The Drupal University tour has been a big success, the two felt.

“We spent a day teaching the students about Drupal itself as a software. We taught them about making contributions to the development, such as by submitting code to the project. We also emphasized the power of both the local and global Drupal communities, and discussed what a big benefit it is,” Solomon said. “We talked about how to share resources with people in the Drupal community, and how we can mobilize both locally and internationally to help people learn Drupal and organize training."

We couldn’t be more thrilled and grateful for the work that Solomon and Benjamin have done. We often hear conversations about the difficulties of bringing new talent into the Drupal community, and the work that Solomon and Benjamin have done is invaluable, both for their local community and for the wider Drupal world. Thank you for your work!

Categories: Blikk Drupal News

Drupal 8 Security bug bounty program: Get paid to find security issues in D8

Drupal News - Tue, 2015-06-02 08:38

Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure D8 upholds the same level of security as our previous releases. That's where you come in!

The security team is using monies from the D8 Accelerate fund to pay for valid security issues found in Drupal 8, from now until August 31, 2015 (open to extension). This program is open for participation by anyone.

How does this work?

Install a local copy of Drupal 8 from Git (https://www.drupal.org/project/drupal/git-instructions). Find security issues such as XSS, SQL Injection, CSRF, Access Bypass etc. If you find any, go to www.bugcrowd.com/drupal and submit them. You will have to sign up for an account on bugcrowd.com for this. Bugcrowd is a crowdsourced security bug finding platform suggested by security team members, and it is used by many, including LastPass, Pinterest, Heroku, Pantheon, and CARD.com.

I can get paid to do this?

We will be paying anywhere from $50-$1000 per issue. The more serious the issue, the more the security team will be paying. Issues must first be confirmed by a security team member before being approved for payment. You must provide a detailed explanation of the issue and steps to reproduce the issue. The quality of your report will be taken into account when assigning a value to it. We will also take into account the severity of the security issue.

Can I get paid for finding issues in contrib or Drupal 7?

No, however if you do find security issues in Drupal core other than version 8 or in contrib projects please submit them via our issue reporting process.

Who is running this program?

The Drupal Security Team with funds from the D8 Accelerate program.

If I find something will I get credit?

Yes, just like our regular reporting policy you will get credit as long as you don’t disclose it until a fix is released. If an issue is suitable for public discussion, we will disclose it and give you credit.

Do all security issues count?

If a task requires the attacker to have one of the following permissions it would not count:
Access site reports (a.k.a. "View site reports"), Administer filters, Administer users, Administer permissions, Administer content types, Administer site configuration, Administer views, Translate interface.

Issues excluded from the bounty program:
- Descriptive error messages (e.g. Stack Traces, application or server errors).
- HTTP 404 codes/pages or other HTTP non-200 codes/pages.
- Fingerprinting / banner disclosure on common/public services.
- Disclosure of known public files or directories, (e.g. robots.txt).
- Clickjacking and issues only exploitable through clickjacking.
- CSRF on forms that are available to anonymous users (e.g. the contact form).
- Logout Cross-Site Request Forgery (logout CSRF).
- Presence of application or web browser ‘autocomplete’ or ‘save password’ functionality.
- Lack of Secure/HTTPOnly flags on non-sensitive Cookies.
- Lack of Security Speedbump when leaving the site.
- Username enumeration
- Missing HTTP security headers, specifically (https://www.owasp.org/index.php/List_of_useful_HTTP_headers), e.g.
- Strict-Transport-Security
- X-Frame-Options
- X-XSS-Protection
- X-Content-Type-Options
- Content-Security-Policy, X-Content-Security-Policy, X-WebKit-CSP
- Content-Security-Policy-Report-Only
- SSL Issues, e.g.
- SSL Attacks such as BEAST, BREACH, Renegotiation attack
- SSL Forward secrecy not enabled
- SSL weak / insecure cipher suites
- Other exceptions not listed.

However, we would still like to know about it, and you will still get credit for it. but we will not be issuing payments for it.

I have a question not listed here

Email security@drupal.org

Drupal version: Drupal 8.x
Categories: Blikk Drupal News

Drupal 7.37 released

Drupal News - Wed, 2015-05-06 23:24

Update: Drupal 7.38 is now available.

Drupal 7.37, a maintenance release with numerous bug fixes (no security fixes), is now available for download. See the Drupal 7.37 release notes for a full listing.

Download Drupal 7.37

Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.37 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.36 and 7.37 releases can be found by reading the 7.37 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.37 release notes for details on important changes in this release.

Known issues

See the 7.37 release notes for a list of known issues affecting this release.

Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: Blikk Drupal News

Limited email privacy breach on Drupal.org on April 15th

Drupal News - Fri, 2015-04-17 19:05

On April 15th, a change to a Drupal.org website permission inadvertently allowed a small segment of users to view a report listing the email addresses of recently logged in users. No passwords were involved. The problem was mitigated within 13 hours of being introduced and within 3 hours of being reported. The problem was completely resolved within 24 hours of introduction. The number of affected email addresses is relatively small – fewer than 500. Those users are being contacted directly if their email was affected. Users with maintainer access or the community role and above were not affected by this incident.

The users with permission to see this report were limited to community members that have shown frequent contribution to Drupal.org. The possible exposure time was also limited to between April 15, 2015 20:53 UTC to April 16, 2015 9:00 UTC. There were approximately 44 IP addresses that accessed the information during that time. These users are mostly administrators of Drupal.org and the community members who first reported the incident.

Even though the exposure of email addresses was limited as described above, we recommend all users to be cautious of any email that asks you for personal information.

We want to thank the community members who moved quickly to alert the Drupal Security and Drupal.org infrastructure teams about the problem.

Drupal version: Drupal 7.x
Categories: Blikk Drupal News

A new way to welcome newcomers on Drupal.org

Drupal News - Wed, 2015-04-15 15:04

The first initiative on the Drupal.org 2015 roadmap is ‘Better account creation and login’. One of the listed goals for that initiative is “Build a user engagement path which will guide users from fresh empty accounts to active contributors, identifying and preventing spammers from moving further.” This is something Drupal Association team has been focusing on in the last few weeks.

The first change we rolled out a few days ago was a ‘new’ indicator on comments from users whose Drupal.org accounts are fewer than 90 days old. The indicator is displayed on their profile page as well. We hope this will help make conversations in the issue queues and forum comments more welcoming, as people will be able to easily see that someone is new, and probably doesn’t know yet a lot about the way community works.

Today we are taking another step towards making Drupal.org more welcoming environment for new users. But first, a bit of background.

New users and spam

It is not a surprise for anyone that a big number of user accounts registering on the site are spam accounts. To fight that and prevent spam content from appearing on Drupal.org, we have a number of different tools in place. Of course, we don’t want these tools to affect all active, honest users of the site, and make their daily experience more difficult. To separate users we are sure about from those we aren’t sure about yet, we have a special ‘confirmed’ user role.

All new users start without such a role. Their content submissions are checked by Honeypot and Mollom, their profiles are not visible to anonymous visitors of the site, and the types of content they may create are limited. Once a user receives a ‘confirmed’ role, his or her submissions will not be checked by spam fighting tools anymore; their profile page will be visible to everyone, and they will be able to create more different types of content on the site.

This system works pretty well, and our main goal is to ensure that valid new users get the ‘confirmed’ role as quickly as possible, to improve their experience and enable them to fully participate on the site.

The best way to identify someone as not a spammer is have another human look at the content they post and confirm they are not spammers. Previously, we had a very limited number of people who could do that-- about 50. Because of that, it usually took quite some time for new user to get the role. This was especially noticeable during sprints.

Today we’d like to open a process of granting a ‘confirmed’ role to the thousands of active users on the site.

‘Community’ user role

Today, we are introducing a new ‘Community’ role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org. Users who have this role will be able to ‘confirm’ new users on the site. They will see a small button on comments and user profile of any user who has not yet been confirmed. If you are one of the users with ‘Community’ role, look out for this new Confirm button, and when you see one next to a user - take another look at what the person posted. If their content looks valid, just click ‘confirm’. By doing so, you will empower new users to fully participate on Drupal.org and improve their daily experience on the site.

We expect to have at least 10,000 active users with the ‘Community’ role. With so many people to grant the ‘confirmed’ role, new users should be confirmed faster than ever before.

If you aren’t sure if you have the ‘community’ role or not, don’t worry. We will send an email notification to every user whose account receives the new role. The email will have all the information about the role and how to use it.

Thanks for helping us make Drupal.org a better place!

Front page news: Planet Drupal
Categories: Blikk Drupal News

New Try Drupal Program

Drupal News - Fri, 2015-04-10 11:38

One of the Drupal Association's primary missions is to grow the adoption of Drupal. We are about to launch a new program on April 15th called Try Drupal. The program will make it easy and fast for evaluators to try Drupal and have a simple, great experience while on Drupal.org.

We’ve created Try Drupal with our Premium Hosting Supporters to make it easier for CMS evaluators and Drupal.org newcomers to test and work with a Drupal demo site. The Program will showcase a selection of Hosting Companies where a new user can quickly (in less than 20 minutes) sign up and have a Drupal demo site up and running for them to use for free.

This is part of the Drupal Association’s initiative to develop a new revenue stream through advertising programs on Drupal.org. This revenue will help fund various site initiatives by the Association to improve Drupal.org performance, and make it easier to use and more secure. After interviewing many members of the community, we determined that new advertising products should be useful to Drupal.org visitors, support our mission to grow the adoption of Drupal, and should not interfere with visitors contributing to the project.

To ensure a positive Drupal experience, partners need to adhere to the following guidelines:

  • Users are directed to a self-serve sign up platform
  • Users can create a free account for the demo site that accommodates a trial installation of Drupal 7 or 8
  • Users can create a website in 20 minutes or less
  • The demo site should be available to the user for a minimum of one day upon sign up
  • The partner cannot include a paywall or require a credit card upon sign up

The Try Drupal program will be featured on the homepage of Drupal.org. It will launch with a larger iterative change to the homepage, with an emphasis on helping users move from newcomer, to learner, to skilled Drupal community members.

It’s important that we fund Drupal.org improvements, and that we do so in a responsible way that respects the community. We anticipate rolling out more key advertising programs throughout 2015, stay tuned for more updates. Thanks for taking the time to read about our initiatives, and please tell us your thoughts!

Front page news: Planet Drupal
Categories: Blikk Drupal News

Drupal 7.36 released

Drupal News - Wed, 2015-04-01 21:56

Update: Drupal 7.37 is now available.

Drupal 7.36, a maintenance release with numerous bug fixes (no security fixes) and several new features, is now available for download. See the Drupal 7.36 release notes for a full listing.

Download Drupal 7.36

Upgrading your existing Drupal 7 sites is recommended. There are no major, non-backwards-compatible features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.36 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.35 and 7.36 releases can be found by reading the 7.36 release notes. A complete list of all changes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.36 release notes for details on important changes in this release.

Known issues

See the 7.36 release notes for a list of known issues affecting this release.

Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: Blikk Drupal News

Aaron Winborn Community Spotlight

Drupal News - Tue, 2015-03-24 15:22

Drupal users around the world know Aaron Winborn (aaron), a long-time community member who has made countless contributions to the project and to the people who use it. From building the Media module to helping organize NYC Camp, Aaron has had a massive impact on our community and our project.

For years, Aaron has contributed valuable code, acted as an advocate for increasing involvement in the Drupal community, and has inspired countless people with his brilliance, humility, and grace. That’s why we’re proud to feature Aaron in our latest Community Spotlight, to extend our thanks and let everyone touched by Aaron’s contribution know how they can do the same.

“I met Aaron through Drupal in 2006,” said Jacob Redding (jredding) , a good friend of Aaron's. "I was living and working in New York, and he was at Advomatic at the time, where he was working on a lot of different things. In 2007 I wound up moving to China and doing some open source and Drupal work out there. Then in March of 2008 I was at a meet-up in China, and there were these guys talking in Chinese about Aaron’s code, and they were ecstatic about it.

“Aaron wrote a lot of modules around media, like putting videos on Drupal sites. It’s something that we do a lot now, though in 2008 it was hard to put video on your website... but Aaron made it easy. So, at this meet-up, these guys thousands of miles away took Aaron's work and extended it to fit all the video formats that work in China.

“So I filmed this video for him with these developers in China,” Redding concluded. “I said to him, 'your code just made it to the other side of the planet and made a huge impact — here it is in Chinese, in a different language, for a different market.' I don’t know where the video is now, but it was really fun. It just shows the way the community gets together and reinforces all these different relationships."

A friend and mentor

“When I first decided to do Drupal professionally, I was working hard to learn more,” said Alex Urevick-Ackelsberg (Alex UA). “A friend of mine has a firm called Advomatic, and Aaron was the first employee there. So, I asked Aaron if he would help me learn about Drupal, and in repayment, I offered to help him manage the issue queues for his module — the Embedded Media Field. Aaron really helped me figure out the development side of Drupal and… you know, I say that I offered to help him, but really, he’s one of the most giving people I’ve ever met, and I’m sure he would have helped me for nothing more than the karma."

“He’s a very warm and thoughtful person, and is a very unique individual,” said Amanda Luker (mndonx), a coworker of his from Advomatic. “Aaron has a lot of interesting things to say — you might not know it right away, since he can be very quiet at first. But he really is very thoughtful and sweet. Advomatic was my first job in a development shop, and I was really nervous, but Aaron was so great to work with. He did a lot to help me feel comfortable, and to help me not feel dumb. It means a lot, especially from someone like him — he was always working on a different level. “

Jonathan DeLaigle (grndlvl), another co-worker from Advomatic, agreed. “I’ve always found Aaron to be very approachable, someone that you wouldn’t have to worry about phrasing the question in such a way as to not get ‘oh, well, that’s a stupid question.’ Even though sometimes I’d ask a question that I probably should have known the answer to, he’s the sort of person where it’s ok. You can ask those stupid questions and you can expect a response that’s conducive to your learning experience.”

“It just pours out of him, this intelligence"

When it comes to qualities in Aaron that his friends and colleagues admire, his brilliance is always one of the first things mentioned — alongside his generosity, humility, and kindness.

“Every time I had a conversation with Aaron it was fantastic,” said Redding. "He’s one of these guys where you know he’s super smart. It’s hard to describe when you’re talking to someone who’s pretty much a genius and they’re very subtle and subdued, not over the top — but when you talk to them, you realize what they’re saying is intense and complex and intricate... and it just pours out of him, this intelligence."

"I met him though the Drupal community,” said Arthur Foelsche (arthurf), who worked with Aaron on the Media module. “Aaron is someone I’ve been at multiple DrupalCons with, someone who I’ve done media sprints with, someone I’ve always appreciated. My experience of Aaron was that every time he encountered a road-block, he always tried to figure out ways to solve it himself.

"That’s not to say he’d eschew other people,” Foelsche added, "but he’d work to figure out solutions that were interesting and relevant to him and to others. He didn’t approach things from the perspective of, ‘why am I being stopped,’ but rather, ‘I bet I can create a solution to get around this problem.’ I see Aaron as this person who believes on a fundamental level that he can make change — not just in Drupal, but in everything and in his personal life. It’s a very important part of who he is.”

“Fixing problems in elegant ways"

Aaron made a reputation for himself in the Drupal community as someone who was happiest when quietly working to solve difficult problems and make Drupal better.

“At one DrupalCon, we were talking through some of the handling of the files themselves in the Media module,” said Foelsche. "Aaron was going through this rumination of, ‘how can these be useful’ and we talked until late at night. We started up again in the morning pretty early (all things considered), and he came back with this notebook just full of ideas. He was so excited and engaged, and just wanted to be able to fix problems in ways that were elegant and useful to people. His enthusiasm around it, and all the time he had spent just that night — I saw him in that moment as just being so glad to be able to work with people on the same problem."

As any DrupalCon attendee can tell you, camps, cons and great parties go hand in hand. And while loud parties may not be Aaron’s scene, he still participates in his own way.

"I guess one anecdote,” said Aaron Welch (crunchywelch), the founder of Advomatic, “was when we went to OSCon on the Yahoo campus in 2006 or 2007. It was a general Open Source convention, but basically it was overrun by Drupal shops and agents — we completely eclipsed all of the other projects. In any case, the Advomatic team rented a house, and we had some big, crazy parties. There was Guitar Hero on giant screens, lots of drinks, people barbecuing in the back yard… Anyway, Aaron was staying with us at the house, and in the middle of all of this crazy partying going on, he was coding away on the Media module in the kitchen, happy as a clam.

“He was totally participating in his own funny Aaron way,” Welch continued. “He was really happy to be hanging out with everybody, but was still just coding away, being his quiet Aaron self. And that’s Aaron — he’s a pretty reserved kind of person, and he’s the nicest, most dedicated, hard working guy you’ll ever meet."

Whether alone or in a group, Aaron’s problem solving has gained him a tremendous amount of respect from his peers in the Drupal community.

“Aaron has always tried to find solutions to problems — not just getting around road-blocks,” said Foelsche. “I’ve always been impressed by his knowing himself as a person, and wanting to find ways to do things in the world when he didn’t know that he could. That disposition is a marvelous one. In my opinion, Aaron has always struck a really graceful balance between the ability to solve things on his own and the willingness to work in a group to solve things together. I’ve always enjoyed his company and work, and appreciated not only his disposition in the community but also as a human being.”

“Aaron has never been the person who would blindly jump in if there was a problem,” said Luker. “Working together, he’s always very thoughtful, very deliberate in how he approached things. I could tell that, with his background in philosophy and his interest in alternative education, that independence influenced how he approached life in general. It made me feel like I was in the right place when I started at Advomatic. Knowing that he was there, believing what he believed, it made me feel like, ok, this is a good fit for me, too."

"An advocate and activist"

Aaron’s passions extend further than just writing code, though. A strong advocate for involvement in the Drupal community, Aaron often quietly stepped up to help grow the project and facilitate change — in Drupal, and in the greater world.

"I would say that Aaron taught me a whole lot of humility,” said Redding. “I don’t know if a lot of people know, but he was behind the scenes of so much stuff. In October of 2009, Aaron stepped up to serve as the Drupal Association (VZW) financial point person for a few sprints… he just sort of stepped in and said, ‘I’m going to do this.’ And he did. At the time he was also running culturefix.org, he was working in activism, and he was — and even after his diagnosis has continued to be — a strong advocate and an activist. He was behind the scenes in a lot of sprints, meet-ups, camps, and was instrumental in a lot of the foundational work that turned into the Drupal Association as it is today."

“Aaron is, to me, really inspirational when it comes to open source. He really lives it and gives himself to it,” agreed Urevick-Ackelsberg. ”He needed the work, like everybody else, but whatever he could give he gave freely. I feel like, for all the people whose lives he has touched, the repayment is that they’re here and contributing— and I think the real lesson that I’ve taken from him is to give yourself as freely as you can afford to, and the payback for the community that you’re a part of, it goes on and on."

“Aaron has taught me that you should enjoy the people and the things around you,” Urevick-Ackelsberg said. "I know that Aaron has and does; he’s very inspirational in that regard. He’s taught me that you have to do good things every day, and to give yourself as freely as you can."

“Strength and dignity from day one"

In spring of 2011, Aaron was diagnosed with ALS, which he announced in a heart-wrenching post on his blog several months later.

“When Aaron got his diagnosis, he took the news and he tried to find a solution,” said Redding. "He's used the time he has to the best of his ability: he’s spent it with his family, with the communities around him, and looked towards the future of what he could do for those around him — including those he will never meet."

“He has been so realistic and matter of fact about it,” said Aaron Welch. “It’s just incredible watching how strong he has been. A lot of people would, I think, give up — but Aaron has always been focused on the next challenge. We wanted to give him every opportunity to keep working,” Welch continued. “We knew it would be important — you have to have something to keep you going, and he was always just so strong and generous about it. He was grateful for any help he received, but he wasn’t necessarily asking for it, either. I think you can see that strength and dignity from day one on. He’s just been incredible through the whole thing."

About a year after Aaron’s initial diagnosis, he and his wife attended DrupalCon Denver. Though his condition had begun to deteriorate, Aaron did not let it stop him from making the most of the experience.

“I remember, we had a day when the Advomatic team all worked together in the same room — and we’re never all in the same room so that was great,” said Luker. “At that point he was able to use voice commands to do his work, and we were all joking about how he got way more done not even typing than the rest of us in the room. You could tell he was so happy to be at DrupalCon — with his community, with his people — and he was so happy that he could contribute."

“Since his diagnosis it’s been hard,” said Sam Tresler (Tresler), another friend of Aaron’s. “The way he can muster the ability to still find joy in the various things that he does...the ability to face something like that with dignity is such an inspiring thing to me.

“You kind of assume when that much of yourself is taken away, it would cause some drastic changes to an individual — but he hasn’t changed. He’s just using different tools,” Sam continued. "And that’s the best thing I could say about him — his priorities haven't changed, his desire to learn didn’t change, and his determination to keep his quality of life and his family’s quality of life is forefront in his mind."

As part of preserving that quality of life for his daughters and his family, Aaron wrote a short book for his daughters called “Where Did Daddy Go?” The book tells the story of a young girl trying to discover what happened to her father, who died. She asks, as a four-year-old might, her pets, the sun, moon and earth, before finally asking her sister and mother,"Where did Daddy Go?" Aaron plans to make the book available on Amazon in the coming weeks.

“We wouldn’t be what we are without him"

"Aaron has always been an example of the values we hold dear in the Drupal community. His humility, generosity, and enthusiasm have quietly but profoundly helped shape our community into what it is today. Drupal wouldn't be the same without him,” said Dries Buytaert (dries), speaking to Aaron’s numerous contributions to both the Drupal project and the wider community.

“If you look at Drupal 8, and how much time and energy people spent on it, and all the conferences we’re having on it, he has a big influence in it,” said Redding. “He’s not making a big deal about it… he’s not out there saying, ‘I did this!’ because he’s never been that way. But his work on the Media module is really important to Drupal 8, and this comes back to his lessons in humility: that you should do what you do because you like doing it, work on what you love to work on, and if it becomes a big deal, great— and if it doesn’t, great. You don’t have to get caught up in it."

“Aaron was the first employee of Advomatic,” said Aaron Welch. “It’s hard to point out just one thing Aaron did — I couldn’t even tell you how many projects we worked on together. But we could always, always count on Aaron to be there and help out when we put in a lot of long hours. For a pretty small team, we were doing big, important stuff— and he was a critical part of building Advomatic and making it what it is today. We wouldn’t be what we are today without the incredible dedication and talent he has shown over the years, and his quiet support and hard work.

“He really, in a way, is one of the founders of the company,” Welch continued. "He made his mark, not just on Advomatic but on the Drupal community in general and it has been amazing watching the outpouring of support. People are always asking, ‘how can we help, what can we do…’ and, in my opinion, the best we can do is support him and give him encouragement. I know he really deeply appreciates it."

Thank You, Aaron

Aaron has given an incredible amount to Drupal. He has contributed to the project, the community, the Drupal Association, and the wider world in ways measurable and immeasurable. And, as Aaron and his family have found, the world is giving back.

“So many people in the Drupal community have generously given to Aaron’s Special Needs Trust,” said Gwen Pfeifer, Aaron’s wife. “Our family has really appreciated it.”

Aaron, thank you so much for everything you have done for all of us. The Drupal project and the Drupal community would not be the same without you. Your kindness, generosity, humility, and dedication are an inspiration to us all. Thank you for the gift of your friendship and code. Through your hard work, dedication, and your incredible strength of character have made the world a better, brighter place. Thank you for everything.

Updated on March 24, 2015:

The Drupal Association is saddened to announce that Aaron Winborn passed earlier today. We have attached Aaron's obituary to this community spotlight. He will be deeply missed.

In part of our ongoing work to honor exemplary community members, we have created the Aaron Winborn Award to honor community members who exhibit the incredible kindness, integrity, and above-and-beyond commitment to the community that Aaron loved.

Front page news: Planet Drupal
Categories: Blikk Drupal News

Announcing The Aaron Winborn Award to honor amazing community members

Drupal News - Mon, 2015-03-23 23:17

In honor of long-time Drupal contributor Aaron Winborn (see his recent Community Spotlight), whose battle with Amyotrophic lateral sclerosis (ALS) (also referred to as Lou Gehrig's Disease) is coming to an end later today, the Community Working Group, with the support of the Drupal Association, would like to announce the establishment of the Aaron Winborn Award.

This will be an annual award recognizing an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community. It will include a scholarship and stipend to attend DrupalCon and recognition in a plenary session at the event. Part of the award will also be donated to the special needs trust to support Aaron's family on an annual basis.

Thanks to Hans Riemenschneider for the suggestion, and the Drupal Association executive board for approving this idea and budget so quickly. We feel this award is a fitting honor to someone who gave so much to Drupal both on a technical and personal level.

Thank you so much to Aaron for sharing your personal journey with all of us. It’s been a long journey, and a difficult one. You and your family are all in our thoughts.

Front page news: Planet Drupal
Categories: Blikk Drupal News

Ready, Set, Drupal 8! D8 Accelerate Fundraiser

Drupal News - Mon, 2015-03-23 07:25

Last November we launched Drupal 8 Accelerate, a grant program designed to eliminate Drupal 8 release blockers. Through the progam, we’ve made a small number of grants that have had a huge impact. In fact, we only have about 50 release blockers left between us and release. So now the Association is going to take it to the next level. We've already pledged $62,500 of our general operating budget in 2015 as matching funds for you donations. Now we are announcing that the board has partnered with 7 outstanding community supporters to “match the match” and provide another $62,500 of the program, bringing us to $125,000 available for grants.

Now it's your turn! We're asking you to help us raise another $125,000 to make the total amount available for these grants $250,000. You can give knowing that every dollar you contribute is already matched by the Association and these anchor donors, doubling your impact. Your donations will allow us to make more grants, faster, increasing our impact and getting D8 out the door!

This is an all-out, everyone-in effort to raise $250,000 to kill the last release blockers in our way.This is our moment - together, we are going to move Drupal 8 from beta to release with the Drupal 8 Accelerate program. We already know it works. Drupal 8 Accelerate grants have already tackled release blockers issues related to menus, entity field validation, and caching. As a donor, you will always know exactly what you're funding because we're making it all public

Join us today and make your donation. The sooner we get this done, the sooner we can all enjoy those launch parties!

Special thanks to our anchor donors, Acquia, Appnovation, Lullabot, Palantir.net, Phase2, PreviousNext, and Wunderkraut, for making this matching campaign possible.  These seven organizations stepped up to the plate and made this entire campaign possible. Thank them on Twitter using the #D8Accelerate hashtag.

The D8 Accelerate project is designed to help move Drupal 8 from the initial beta to a full release. This directly relates to the Association's mission: uniting a global open source community to build and promote Drupal. This is a pilot program from the Drupal Association to put $250,000 of community funds toward accelerating the release of Drupal 8, due to the strategic impact this work has on the entire Drupal ecosystem.

---
Originally published at https://assoc.drupal.org/blog/holly.ross.drupal/ready-set-drupal-8-d8-ac...

Categories: Blikk Drupal News

Drupal 7.35 and 6.35 released

Drupal News - Wed, 2015-03-18 13:10

Update: Drupal 7.36 and Drupal 6.36 are now available.

Drupal 7.35 and Drupal 6.35, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.35 and Drupal 6.35 release notes for further information.

Download Drupal 7.35
Download Drupal 6.35

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.35 is a security release only. For more details, see the 7.35 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.35 is a security release only. For more details, see the 6.35 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.35 and 6.35 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.35 or Drupal 6.35.

Update notes

See the 7.35 and 6.35 release notes for details on important changes in this release.

Known issues

See the 7.35 and 6.35 release notes for known issues with this release.

Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Blikk Drupal News
Syndicate content