Blikk Drupal News

Drupal.org Maintenance: July 8th 11:00 PDT (July 8th 18:00 UTC)

Drupal News - Mon, 2014-06-30 12:21

Drupal.org will be affected by maintenance Tuesday, July 8th, 11:00 PDT (July 8th, 18:00 UTC).

To finish our load balancer rebuilds, we are moving traffic from our old load balancer to our new load balancer. During this process, there may be a five minute period of brief instability.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Categories: Blikk Drupal News

Drupal.org Maintenance: July 2nd 13:00 PDT (July 2nd 20:00 UTC)

Drupal News - Wed, 2014-06-25 15:00

Drupal.org will be affected by maintenance Wednesday, July 2nd, 13:00 PDT (July 2nd, 20:00 UTC).

To finish our CDN deployment on Drupal.org, we are moving the www.drupal.org CNAME to point at our CDN edge. The CNAME switch should be seamless and only take a few minutes to update across DNS.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Categories: Blikk Drupal News

Drupal 6 extended support announcement

Drupal News - Wed, 2014-06-18 11:42

On February 13, 2008, Drupal 6 was released. The policy of the community is to support only the current and previous stable versions. (When Drupal 6 was released, Drupal 4.7.x was marked unsupported. When Drupal 7 came out, Drupal 5.x was marked unsupported.) This policy was created to prevent core and module maintainers from having to maintain more than 2 active major versions of Drupal.

With the coming Drupal 8 release, this policy has been questioned. We want to ensure that sites that wish to move from Drupal 6 to Drupal 8 have a supported window within which to do so. The Drupal core team, key module maintainers, and representatives of the Drupal security team met at Drupalcon Austin to discuss this as an in-person follow up to the previous discussion at https://drupal.org/node/2136029.

Drupal 6 core and modules will transition to unsupported status three months after Drupal 8 is released. "Unsupported status" means the community will not be providing support or patches in the same way we do now. Continuing to support Drupal 6 would be difficult for many reasons, including a lack of automated test coverage, the requirement for rigorous manual release testing, the slow-down it introduces in the release of security fixes for the vast majority of Drupal users (on version 7+), and the general shift of volunteers in the community moving their attention onto Drupal 8 development.

This gives Drupal 6 users a few options:

1) Upgrade to Drupal 7 any time between now and 3 months after Drupal 8.0.0 is released. Drupal 7 releases undergo almost 40,000 automated tests, and Drupal 7 will be fully supported at least until Drupal 9 comes out. Given the past history, the release of Drupal 9 is likely to be around 2018.

2) Upgrade to Drupal 8 after it is released, but before Drupal 6 is not supported anymore. Fortunately, Migrate support for Drupal 6 to Drupal 8 is already in core, and there is Migrate UI, a contributed module. While not all contributed modules will be ready at the time Drupal 8 is released, Drupal 8's migration path handles most of the critical site data via its CCK to Entities/Fields in Core migrations.

3) Find an organization that will provide extended support for Drupal 6. The Drupal Security Team will provide a method for companies and/or individuals to work together in the private security issue queue to continue developing updates, and will provide a reasonable amount of time for companies to provide patches to Drupal 6 security issues that also affect Drupal 7 or Drupal 8. The security team will coordinate access to issues for companies wishing to provide extended support for Drupal 6. However, the team will not explicitly review or test the patches (some team members may do this on their own). All code created by these vendors, would be released to the community.

Organizations and individuals interested in providing this level of support for their customers
AND who have the technical knowledge to maintain a Drupal core release should go to the security team Drupal 6 long term support page.

Both the Security Team and Drupal core leadership feel that a 3-month window after Drupal 8's release before eclipsing community support for Drupal 6 is a workable compromise between leaving Drupal 6 sites on an unsupported version the second Drupal 8 comes out, and acknowledging that our community's volunteer resources are limited and have shifted focus. We hope that organizations that rely on Drupal 6 will step up to help maintain it after community support winds down, and/or help their clients update to D8.

Drupal version: Drupal 6.x
Categories: Blikk Drupal News

Drupal 6 extended support announcement

Drupal News - Wed, 2014-06-18 11:42

On February 13, 2008, Drupal 6 was released. The policy of the community is to support only the current and previous stable versions. (When Drupal 6 was released, Drupal 4.7.x was marked unsupported. When Drupal 7 came out, Drupal 5.x was marked unsupported.) This policy was created to prevent core and module maintainers from having to maintain more than 2 active major versions of Drupal.

With the coming Drupal 8 release, this policy has been questioned. We want to ensure that sites that wish to move from Drupal 6 to Drupal 8 have a supported window within which to do so. The Drupal core team, key module maintainers, and representatives of the Drupal security team met at Drupalcon Austin to discuss this as an in-person follow up to the previous discussion at https://drupal.org/node/2136029.

Drupal 6 core and modules will transition to unsupported status three months after Drupal 8 is released. "Unsupported status" means the community will not be providing support or patches in the same way we do now. Continuing to support Drupal 6 would be difficult for many reasons, including a lack of automated test coverage, the requirement for rigorous manual release testing, the slow-down it introduces in the release of security fixes for the vast majority of Drupal users (on version 7+), and the general shift of volunteers in the community moving their attention onto Drupal 8 development.

This gives Drupal 6 users a few options:

1) Upgrade to Drupal 7 any time between now and 3 months after Drupal 8.0.0 is released. Drupal 7 releases undergo almost 40,000 automated tests, and Drupal 7 will be fully supported at least until Drupal 9 comes out. Given the past history, the release of Drupal 9 is likely to be around 2018.

2) Upgrade to Drupal 8 after it is released, but before Drupal 6 is not supported anymore. Fortunately, Migrate support for Drupal 6 to Drupal 8 is already in core, and there is Migrate UI, a contributed module. While not all contributed modules will be ready at the time Drupal 8 is released, Drupal 8's migration path handles most of the critical site data via its CCK to Entities/Fields in Core migrations.

3) Find an organization that will provide extended support for Drupal 6. The Drupal Security Team will provide a method for companies and/or individuals to work together in the private security issue queue to continue developing updates, and will provide a reasonable amount of time for companies to provide patches to Drupal 6 security issues that also affect Drupal 7 or Drupal 8. The security team will coordinate access to issues for companies wishing to provide extended support for Drupal 6. However, the team will not explicitly review or test the patches (some team members may do this on their own). All code created by these vendors, would be released to the community.

Organizations and individuals interested in providing this level of support for their customers
AND who have the technical knowledge to maintain a Drupal core release should go to the security team Drupal 6 long term support page.

Both the Security Team and Drupal core leadership feel that a 3-month window after Drupal 8's release before eclipsing community support for Drupal 6 is a workable compromise between leaving Drupal 6 sites on an unsupported version the second Drupal 8 comes out, and acknowledging that our community's volunteer resources are limited and have shifted focus. We hope that organizations that rely on Drupal 6 will step up to help maintain it after community support winds down, and/or help their clients update to D8.

Drupal version: Drupal 6.x
Categories: Blikk Drupal News

Drupal.org Maintenance: June 18th 3PM PDT (June 18th 22:00 UTC)

Drupal News - Mon, 2014-06-16 16:44

Drupal.org will be affected by maintenance Wednesday, June 18th, 15:00 PDT (June 18th, 22:00 UTC) and ending Wednesday, June 18th, 16:00 PDT (June 18th, 23:00 UTC).

In preparation for our CDN deployment on Drupal.org, we are moving Drupal.org to www.drupal.org. The name switch should be seamless and only take a few minutes to update in various places.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Categories: Blikk Drupal News

Drupal.org Maintenance: June 16th 4PM PDT (June 16th 23:00 UTC)

Drupal News - Thu, 2014-06-12 17:04

Drupal.org will be affected by our ISP’s maintenance window starting Monday, June 16th, 16:00 PDT (June 16th, 23:00 UTC) and ending Monday, June 16th, 18:00 PDT (June 17th, 01:00 UTC).

Our ISP will be upgrading the firmware on the customer aggregation routers, and we expect to see a 10‒15 minute disruption in traffic sometime during the maintenance window.

Please follow the @drupal_infra Twitter account for any issues encountered during the maintenance window.

Thanks for your patience!

Categories: Blikk Drupal News

Community Spotlight on Emanuel Greucean, Maurits Dekkers, and Ernő Zsemlye

Drupal News - Tue, 2014-05-20 11:03

For this month’s community spotlight, we wanted to showcase three stellar Drupalistas who went above and beyond at the Dev Days Szeged sprints. Emanuel Greucean (gremy), Maurits Dekkers (Mauzeh), and Ernő Zsemlye (zserno) all made big contributions to the project at Dev Days Szeged. Here’s a little bit about each.

Emanuel Greucean (gremy) How did you get involved with Drupal?

I got involved with Drupal right after college, in 2009. I went to a job interview, showed the employers my enthusiasm about web development and my very not impressive profile, one of which was a Joomla website, and they accepted me. At this job, I got initiated in the art of web development and got a solid education in Drupal. At my first day on the job, I was given the Drupal Developer’s “Bible” (Pro Drupal Development, 2nd edition), and was told that I had to know it by heart.

What do you think open source represents?

For me, open source represents the opportunity to have access to awesome products for free. It also represents the opportunity to join a community of passionate developers and to learn a lot, and also to pass on your knowledge. If you are a contributor, it’s also an opportunity to leave a mark, and a joy to know that your work is being used by millions of people.

Why did you choose to work in Szeged on beta blocking, and what is your fondest memory from Szeged?

One reason for working on beta blockers in Szeged was the desire to get Drupal 8 as close as possible to being released, because I really want to start using it in Production.

One of my fondest memories from Szeged might be the moment when I actually finished the last missing "Change Record” issue, and with this Drupal 8 change records were up to date for the first time in three years. Also I really appreciate all the help I received from people I had never met before. They initiated me into contributing to the community.

Are you working on any fun projects at the moment?

Yes. I am currently collaborating with Kalamuna, a Drupal shop from San Francisco's East Bay Area. They are really great colleagues, and I have the opportunity to work on great projects with them. One of the projects I am most excited about is Kalabox, and I have to say that I am really enthusiastic about its future.

Maurits Dekkers (Mauzeh) How did you get involved with Drupal?

I got involved with Drupal through a client about three years ago. They were using Drupal mainly for its ability to allow site builders to create their own fieldable data structures. Until then I had mostly worked with Zend Framework and Symfony, and I never even knew there was an open source system that could do this! Or course, now I know that there is so much more about Drupal that is awesome, and I cannot imagine a web development life without it!

What do you think open source represents?

For me, open source represents people (!) who provide their time, effort, and financial resources on something that provides only indirect value. An open source developer spends their free time working on a feature not knowing whether it will actually make it into the final product (unless they are the project lead...). For some this might be an unrewarding way of working because there appear to be few direct, short-term, rewards. So if you contribute something to open source software, you must do it for reasons unrelated to direct income or revenue. Therefore, the passion that people have for the product comes from a much deeper belief.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

Despite working with open source software on a daily basis, and lurking around in the issue queues, I never had the guts to really get involved. I realized that getting to know the people behind the nicknames would certainly help because I could just walk over and ask something. So when I saw the announcement for Szeged, I jumped in straight away. And I'm really glad I did. I most remember the people I was working with and having beers with at night, with Cathy (YesCT) being just amazing to get people up to speed. Her passion for the community is really remarkable. I wanted to learn more about how the Entity API works in Drupal 8, and was directed to tstoeckler and plach, from whom I learned very much very quickly.

Are you working on any fun projects at the moment?

I'm currently working as a freelancer for a few Drupal site building shops. Since I just started as a freelancer in November last year, I'm working quite a lot to make sure I have some financial room to contribute some more to D8.

Ernő Zsemlye (zserno) How did you get involved with Drupal?

It all started during my 4th year at the university. I needed a few more credits for the upcoming semester and stumbled upon a new elective course titled "Open Source Content Management Systems" held by a guy called Kristof Van Tomme. I had absolutely no idea about the topic but it sounded pretty cool so I applied. The first lecture was about open source in general and a brief introduction to the Drupal world. At the end of the lecture, Kristof mentioned that he was looking for interns for his new company. I applied the next day and I am sure that was the best move in my career to date. :)

What do you think open source represents?

I could compare it to traveling. Once you experience what traveling to new places feels like, you suddenly start to feel as if you had been looking at the world through a small and dirty window. Then you also realize how small you are in this life. This is so true for open source.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

I wanted to work on something that would give me the opportunity to dive deep into Drupal 8 and learn as much as possible about the new system. I was assigned to an Entity API beta blocker. After having spent my first 3 days on getting my head around all the new things in D8, I got stuck. The next day Berdir pinged me on IRC that he wanted to discuss the next steps with me in person. We talked for about 5 minutes but that was enough to put me back on track with the issue and also gave me great inspiration that I could talk to a real rockstar in person.

Are you working on any fun projects at the moment?

I am working at the Central European University as a web developer. We are a small team of four people who maintain virtually any web presence of the whole university: main institutional site with heavy traffic, custom websites for each departments, research groups, alumni campaigns, student groups, etc. It is a constant challenge to use our limited resources to address all arising needs successfully. So we are continuously looking for new ways to create reusable solutions across all these websites. And this is lots of fun. For example I just finished building a custom installation profile based on the fantastic Panopoly distribution so firing up a new website became ridiculously easy.

---

Gremy, mauzeh, and zserno were just a few of a huge number of rock stars who worked hard and made great contributions at Szeged. Thank you so much to everyone who turned out for the sprints! The next major sprint event will be at DrupalCon Austin. Our community organizers (led by YesCT) have worked hard to make sure we'll have seven days of sprints that culminate in a huge sprint on Friday, June 6. We hope to see you there.

Drupal version: Drupal 8.x
Categories: Blikk Drupal News

Community Spotlight on Emanuel Greucean, Maurits Dekkers, and Ernő Zsemlye

Drupal News - Tue, 2014-05-20 11:03

For this month’s community spotlight, we wanted to showcase three stellar Drupalistas who went above and beyond at the Dev Days Szeged sprints. Emanuel Greucean (gremy), Maurits Dekkers (Mauzeh), and Ernő Zsemlye (zserno) all made big contributions to the project at Dev Days Szeged. Here’s a little bit about each.

Emanuel Greucean (gremy) How did you get involved with Drupal?

I got involved with Drupal right after college, in 2009. I went to a job interview, showed the employers my enthusiasm about web development and my very not impressive profile, one of which was a Joomla website, and they accepted me. At this job, I got initiated in the art of web development and got a solid education in Drupal. At my first day on the job, I was given the Drupal Developer’s “Bible” (Pro Drupal Development, 2nd edition), and was told that I had to know it by heart.

What do you think open source represents?

For me, open source represents the opportunity to have access to awesome products for free. It also represents the opportunity to join a community of passionate developers and to learn a lot, and also to pass on your knowledge. If you are a contributor, it’s also an opportunity to leave a mark, and a joy to know that your work is being used by millions of people.

Why did you choose to work in Szeged on beta blocking, and what is your fondest memory from Szeged?

One reason for working on beta blockers in Szeged was the desire to get Drupal 8 as close as possible to being released, because I really want to start using it in Production.

One of my fondest memories from Szeged might be the moment when I actually finished the last missing "Change Record” issue, and with this Drupal 8 change records were up to date for the first time in three years. Also I really appreciate all the help I received from people I had never met before. They initiated me into contributing to the community.

Are you working on any fun projects at the moment?

Yes. I am currently collaborating with Kalamuna, a Drupal shop from San Francisco's East Bay Area. They are really great colleagues, and I have the opportunity to work on great projects with them. One of the projects I am most excited about is Kalabox, and I have to say that I am really enthusiastic about its future.

Maurits Dekkers (Mauzeh) How did you get involved with Drupal?

I got involved with Drupal through a client about three years ago. They were using Drupal mainly for its ability to allow site builders to create their own fieldable data structures. Until then I had mostly worked with Zend Framework and Symfony, and I never even knew there was an open source system that could do this! Or course, now I know that there is so much more about Drupal that is awesome, and I cannot imagine a web development life without it!

What do you think open source represents?

For me, open source represents people (!) who provide their time, effort, and financial resources on something that provides only indirect value. An open source developer spends their free time working on a feature not knowing whether it will actually make it into the final product (unless they are the project lead...). For some this might be an unrewarding way of working because there appear to be few direct, short-term, rewards. So if you contribute something to open source software, you must do it for reasons unrelated to direct income or revenue. Therefore, the passion that people have for the product comes from a much deeper belief.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

Despite working with open source software on a daily basis, and lurking around in the issue queues, I never had the guts to really get involved. I realized that getting to know the people behind the nicknames would certainly help because I could just walk over and ask something. So when I saw the announcement for Szeged, I jumped in straight away. And I'm really glad I did. I most remember the people I was working with and having beers with at night, with Cathy (YesCT) being just amazing to get people up to speed. Her passion for the community is really remarkable. I wanted to learn more about how the Entity API works in Drupal 8, and was directed to tstoeckler and plach, from whom I learned very much very quickly.

Are you working on any fun projects at the moment?

I'm currently working as a freelancer for a few Drupal site building shops. Since I just started as a freelancer in November last year, I'm working quite a lot to make sure I have some financial room to contribute some more to D8.

Ernő Zsemlye (zserno) How did you get involved with Drupal?

It all started during my 4th year at the university. I needed a few more credits for the upcoming semester and stumbled upon a new elective course titled "Open Source Content Management Systems" held by a guy called Kristof Van Tomme. I had absolutely no idea about the topic but it sounded pretty cool so I applied. The first lecture was about open source in general and a brief introduction to the Drupal world. At the end of the lecture, Kristof mentioned that he was looking for interns for his new company. I applied the next day and I am sure that was the best move in my career to date. :)

What do you think open source represents?

I could compare it to traveling. Once you experience what traveling to new places feels like, you suddenly start to feel as if you had been looking at the world through a small and dirty window. Then you also realize how small you are in this life. This is so true for open source.

Why did you choose to work in Szeged on Drupal 8 beta blocking/debugging, and what is your fondest memory from Szeged?

I wanted to work on something that would give me the opportunity to dive deep into Drupal 8 and learn as much as possible about the new system. I was assigned to an Entity API beta blocker. After having spent my first 3 days on getting my head around all the new things in D8, I got stuck. The next day Berdir pinged me on IRC that he wanted to discuss the next steps with me in person. We talked for about 5 minutes but that was enough to put me back on track with the issue and also gave me great inspiration that I could talk to a real rockstar in person.

Are you working on any fun projects at the moment?

I am working at the Central European University as a web developer. We are a small team of four people who maintain virtually any web presence of the whole university: main institutional site with heavy traffic, custom websites for each departments, research groups, alumni campaigns, student groups, etc. It is a constant challenge to use our limited resources to address all arising needs successfully. So we are continuously looking for new ways to create reusable solutions across all these websites. And this is lots of fun. For example I just finished building a custom installation profile based on the fantastic Panopoly distribution so firing up a new website became ridiculously easy.

---

Gremy, mauzeh, and zserno were just a few of a huge number of rock stars who worked hard and made great contributions at Szeged. Thank you so much to everyone who turned out for the sprints! The next major sprint event will be at DrupalCon Austin. Our community organizers (led by YesCT) have worked hard to make sure we'll have seven days of sprints that culminate in a huge sprint on Friday, June 6. We hope to see you there.

Drupal version: Drupal 8.x
Categories: Blikk Drupal News

Drupal 7.28 released

Drupal News - Wed, 2014-05-07 23:19

Drupal 7.28, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.28 release notes for a full listing.

Download Drupal 7.28

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.28 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.27 and 7.28 releases can be found by reading the 7.28 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.28 release notes for details on important changes in this release.

Known issues

Changes made to the Update Manager module in this release may lead to performance slowdowns in certain cases (including on rare page loads for site visitors, if the site is using the automated cron feature). See the release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: Blikk Drupal News

Drupal 7.28 released

Drupal News - Wed, 2014-05-07 23:19

Drupal 7.28, a maintenance release with numerous bug fixes (no security fixes) is now available for download. See the Drupal 7.28 release notes for a full listing.

Download Drupal 7.28

Upgrading your existing Drupal 7 sites is recommended. There are no major new features in this release. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 includes the built-in Update Manager module, which informs you about important updates to your modules and themes.

There are no security fixes in this release of Drupal core.

Bug reports

Drupal 7.x is being maintained, so given enough bug fixes (not just bug reports), more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.28 contains bug fixes and small API/feature improvements only. The full list of changes between the 7.27 and 7.28 releases can be found by reading the 7.28 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Update notes

See the 7.28 release notes for details on important changes in this release.

Known issues

Changes made to the Update Manager module in this release may lead to performance slowdowns in certain cases (including on rare page loads for site visitors, if the site is using the automated cron feature). See the release notes for more information.

Front page news: Planet DrupalDrupal version: Drupal 7.x
Categories: Blikk Drupal News

Drupal.org Downtime: April 29th 5PM PDT (April 30th 0:00 UTC)

Drupal News - Mon, 2014-04-28 18:41

Update: downtime window has been shortened from 2 hours to 30 minutes.

Drupal.org will be going down for up to 30 minutes starting Tuesday, April 29th, 17:00 PDT (April 30th, 0:00 UTC).

This maintenance window will be used for an issue queue update, which will need to alter a large table, #2152169: Issue queues sort projects by node number, not project name. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be disabled; they will otherwise remain available.

Please follow the @drupal_infra Twitter account for updates during the downtime.

Thanks for your patience!

Categories: Blikk Drupal News

Drupal.org Downtime: April 22nd 5PM PDT (April 23rd 0:00 UTC)

Drupal News - Mon, 2014-04-21 14:26

Drupal.org will be going down for up to 2 hours starting Tuesday, April 22nd, 17:00 PDT (April 23rd, 0:00 UTC).

This maintenance window will be used for routine Drupal module updates, which need to alter large tables. We expect issue text search performance to improve as a result. Logging into sub-sites (api.drupal.org, groups.drupal.org, etc) will be disabled; they will otherwise remain available.

Please follow the @drupal_infra Twitter account for updates during the downtime.

Thanks for your patience!

Categories: Blikk Drupal News

Drupal 7.27 and 6.31 released

Drupal News - Wed, 2014-04-16 14:59

Update: Drupal 7.28 is now available.

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Download Drupal 7.27
Download Drupal 6.31

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues
  • This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.
  • (Drupal 7 only) This release caused a JavaScript error which breaks Ajax requests in very old browsers (for example, Internet Explorer 8 and earlier); see this issue for details. The solution is to upgrade to Drupal 7.28.
  • (Drupal 7 only) This release caused the Multiple Forms module to stop working correctly (see issue). The solution is to upgrade to Multiple Forms 7.x-1.1 or higher.
Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Blikk Drupal News

Drupal 7.27 and 6.31 released

Drupal News - Wed, 2014-04-16 14:59

Update: Drupal 7.28 is now available.

Drupal 7.27 and Drupal 6.31, maintenance releases which contain fixes for security vulnerabilities, are now available for download. See the Drupal 7.27 and Drupal 6.31 release notes for further information.

Download Drupal 7.27
Download Drupal 6.31

Upgrading your existing Drupal 7 and 6 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 7.x release series, consult the Drupal 7.0 release announcement. More information on the Drupal 6.x release series can be found in the Drupal 6.0 release announcement.

Security information

We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.

Drupal 7 and 6 include the built-in Update Status module (renamed to Update Manager in Drupal 7), which informs you about important updates to your modules and themes.

Bug reports

Both Drupal 7.x and 6.x are being maintained, so given enough bug fixes (not just bug reports) more maintenance releases will be made available, according to our monthly release cycle.

Changelog

Drupal 7.27 is a security release only. For more details, see the 7.27 release notes. A complete list of all bug fixes in the stable 7.x branch can be found in the git commit log.

Drupal 6.31 is a security release only. For more details, see the 6.31 release notes. A complete list of all bug fixes in the stable 6.x branch can be found in the git commit log.

Security vulnerabilities

Drupal 7.27 and 6.31 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:

To fix the security problem, please upgrade to either Drupal 7.27 or Drupal 6.31.

Known issues
  • This security release introduces small API changes which may require code updates on sites that expose Ajax or multi-step forms to anonymous users, and where the forms are displayed on pages that are cached (either by Drupal or by an external system). See the Drupal 7.27 release notes and Drupal 6.31 release notes for more information.
  • (Drupal 7 only) This release caused a JavaScript error which breaks Ajax requests in very old browsers (for example, Internet Explorer 8 and earlier); see this issue for details. The solution is to upgrade to Drupal 7.28.
  • (Drupal 7 only) This release caused the Multiple Forms module to stop working correctly. A fix is available in this issue.
Front page news: Planet DrupalDrupal version: Drupal 6.xDrupal 7.x
Categories: Blikk Drupal News

Drupal.org Response to Heartbleed Security Incident

Drupal News - Tue, 2014-04-08 17:36

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Categories: Blikk Drupal News

Drupal.org Response to Heartbleed Security Incident

Drupal News - Tue, 2014-04-08 17:36

You may have heard that a vulnerability in the OpenSSL cryptographic library called Heartbleed or formally called CVE-2014-0160 has been disclosed and that it represents a potential security threat to a large number of websites. Using this vulnerability, malicious individuals could access sensitive information submitted by people actively visiting a website including usernames, passwords and credit card numbers. Users across the Internet should be especially aware of suspicious activity on their accounts.

We want to communicate a couple pieces of information about this news with regard to Drupal.org.

Members of the Drupal Association staff, Drupal Security Team and Drupal Infrastructure Team have reviewed Drupal.org's potential exposure to the vulnerability.

As of now, we have no indication that Drupal.org was attacked using this vulnerabililty. That said, the nature of the vulnerability makes an attack difficult to detect and we prefer to be cautious.

We have taken steps to protect users of Drupal.org, including a forced password reset for users with administrative access or access to code repositories for projects. While we have only forced the password reset for some users, we recommend that all of our users change their passwords.

We have taken the following steps to protect Drupal.org account holders:

  • Installed new SSL certificates based on a new private key
  • Revoked the old SSL certificates
  • Replaced the private strings (drupal_private_key and drupal_hash_salt) which are used for a variety of security related purposes in all Drupal sites
  • Replaced the private key used by the “bakery” single-sign-on system on Drupal.org
  • Removed all active sessions
  • Verified the email addresses in use today match those in use a week ago
  • Required that all Drupal.org users with administrative or project repository access to reset their passwords

Also, we simply want to help create awareness about the vulnerability and encourage people to review their sites for exposure. For more information, please see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Feel free to comment on the post with any questions. Thank you!

Categories: Blikk Drupal News
Syndicate content