drupal.org aggregator

Tandem's Drupal Blog: Writing a Drupal 8 Table to Table Migration Path

2 days 6 hours ago
March 22, 2019 Occasionally there may be times where you need to migrate a contrib module's database table or your own schema's data to Drupal 8. Use Case For This Effort I previously wrote about handling an upgrade path for modules that don't have a Drupal 8 migration path yet. That works well when your module has a Drupal 8 entity alread...

Agaric Collective: Show and Tell with Agaric - Sharing Work with Other Coops

2 days 9 hours ago

Agaric hosts a weekly online gathering known as Show and Tell. Participants share tips and tricks we have learned and pose questions to other developers on tasks or projects we are working on. Each week we ask people to send us a little info on what they would like to present. This is not a prerequisite, just a suggestion. Having advance notice of presentations allows us to get the word out to others that may be interested, but you can just show up, and there will most likely be time to present for 5-10 minutes. Sign onto the Show and Tell mailing list and be notified of upcoming Show and Tell events.

Recently we have opened up the Show and Tell chat to bond with other cooperatives that do web development work. Agaric was contacted by members of Fiqus.coop in Argentina as they had started an initiative to meet other cooperative developers and share values and goals. No one had sent notice of a presentation, so we switched the topic of the chat to be more of a meet and greet to get to know each other better with the goal in mind to be able to share our work on projects. The value of the meeting was immediately apparent as we delved into conversation with a few members of Fiqus.

Next, we invited more developers to take part in the discussion, and the doors were opened to share more deeply and connect. This week our meeting was over the top! Nicolas Dimarco led us through a short presentation of slides that revealed a  Federated process and workflow to share development with members of multiple cooperatives. The plan is so simple that everyone immediately understood and the conversation that ensued was compelling, and the questions were indicative of where we need to educate each other about cooperative principles vs. corporate tactics. We need more discussion on trust and friendship. There are so many developers in corporate jobs that have asked me how a web development cooperative works and how does a project run without a manager. I first explain that projects do have managers, but they are managing the work, not the people. Taking time to get to know each other's skills and passions about programming is a core part of being able to work together in a Federation. Fiqus.coop has made it plain and simple for all to see the path to sharing work on projects!

Here is a link to the video recording of the chat where Nicolas Dimarco of Fiqus.coop presents the formula for federated work among cooperatives. Here is a link to the notes from the meeting on 3/20/2019 and some past Show and Tell meetings.

More information on Show and Tell.

Some Drupal shops already work together on projects and we can help that grow by sharing our experiences.  We would love to hear about the ways you work and the processes you have discovered that make sharing work on projects a success!

 

Read more and discuss at agaric.coop.

Drupal blog: JSON:API lands in Drupal core

2 days 12 hours ago

This blog has been re-posted and edited with permission from Dries Buytaert's blog.

Drupal core now provides an out-of-the-box JSON:API implementation, marking another major milestone toward making Drupal API-first.

Breaking news: we just committed the JSON:API module to the development branch of Drupal 8.

In other words, JSON:API support is coming to all Drupal 8 sites in just a few short months! 🎉

This marks another important milestone in Drupal's evolution to be an API-first platform optimized for building both coupled and decoupled applications.

With JSON:API, developers or content creators can create their content models in Drupal’s UI without having to write a single line of code, and automatically get not only a great authoring experience, but also a powerful, standards-compliant, web service API to pull that content into JavaScript applications, digital kiosks, chatbots, voice assistants and more.

When you enable the JSON:API module, all Drupal entities such as blog posts, users, tags, comments and more become accessible via the JSON:API web service API. JSON:API provides a standardized API for reading and modifying resources (entities), interacting with relationships between resources (entity references), fetching of only the selected fields (e.g. only the "title" and "author" fields), including related resources to avoid additional requests (e.g. details about the content's author) and filtering, sorting and paginating collections of resources.

In addition to being incredibly powerful, JSON:API is easy to learn and useand uses all the tooling we already have available to test, debug and scale Drupal sites.

Drupal's JSON:API implementation was years in the making

Development of the JSON:API module started in May 2016 and reached a stable 1.0 release in May 2017. Most of the work was driven by a single developer partially in his free time: Mateu Aguiló Bosch (e0ipso).

After soliciting input and consulting others, I felt JSON:API belonged in Drupal core. I first floated this idea in July 2016, became more convinced in December 2016 and recommended that we standardize on it in October 2017.

This is why at the end of 2017, I asked Wim Leers and Gabe Sullice — as part of their roles at Acquia — to start devoting the majority of their time to getting JSON:API to a high level of stability.

Wim and Gabe quickly became key contributors alongside Mateu. They wrote hundreds of tests and added missing features to make sure we guarantee strict compliance with the JSON:API specification.

A year later, their work culminated in a JSON:API 2.0 stable release on January 7th, 2019. The 2.0 release marked the start of the module's move to Drupal core. After rigorous reviews and more improvements, the module was finally committed to core earlier today.

From beginning to end, it took 28 months, 450 commits, 32 releases, and more than 5500 test runs.

The best JSON:API implementation in existence

The JSON:API module is almost certainly the most feature-complete and easiest-to-use JSON:API implementation in existence.

The Drupal JSON:API implementation supports every feature of the JSON:API 1.0 specification out-of-the-box. Every Drupal entity (a resource object in JSON:API terminology) is automatically made available through JSON:API. Existing access controls for both reading and writing are respected. Both translations and revisions of entities are also made available. Furthermore, querying entities (filtering resource collections in JSON:API terminology) is possible without any configuration (e.g. setting up a "Drupal View"), which means front-end developers can get started on their work right away.

What is particularly rewarding is that all of this was made possible thanks to Drupal's data model and introspection capabilities. Drupal’s decade-old Entity API, Field API, Access APIs and more recent Configuration and Typed Data APIs exist as an incredibly robust foundation for making Drupal’s data available via web service APIs. This is not to be understated, as it makes the JSON:API implementation robust, deeply integrated and elegant.

I want to extend a special thank you to the many contributors that contributed to the JSON:API module and that helped make it possible for JSON:API to be added to Drupal 8.7.

Special thanks to Wim Leers (Acquia) and Gabe Sullice (Acquia) for co-authoring this blog post and to Mateu Aguiló Bosch (e0ipso) (Lullabot), Preston So (Acquia), Alex Bronstein (Acquia) for their feedback during the writing process.

Sooper Drupal Themes: Drupal community

2 days 13 hours ago
The value that the community brings to the development of Drupal

Drupal is known for the community that it has amassed as an open source software. But what is the value that the community brings to the development of Drupal?

First off, drupal is an open source CMS. What that means is that everybody can download and mingle with it. Because of this, Drupal has gathered a community of supportive members. Soon, the community has started to actively contribute with code and ways to further developed and improve Drupal. Drupal has more than 42,000 modules that were developed by the community. On top of that, regular security issues are discovered and fixed by the members in their own free time. Also, users are taking their time to answer questions posted on forums by new members to guide them in the Drupal world. This has led Drupal to be known as one of the most active, helpful, dedicated and loyal communities in the world.

Photo's DrupalCon Nashville 2018 copyright Amazee Labs

We all come together at DrupalCon

So where do the members of the community spend their time when not sitting in front a of a screen coding?

Well, the biggest event of the year is the DrupalCon. Every year it takes place in another location. With two conventions scheduled for 2019, one in sleepless Seattle and the other in incredible Amsterdam, DrupalCon is sure to gather a big crowd this year. Activities which are scheduled include keynotes with inspiring figures from inside and outside the community, trainings, summits, birds of a feather meetings and diverse social events.

DrupalCon is a great opportunity to meet and connect with new people, while acquiring more knowledge about Drupal and the direction it's heading in. On top of that, there is a chance of engaging into conversation with highly skilled people with expert knowledge in their domain, which can guide you and give you tips and tricks on what to do. So, if you’re a Drupal enthusiast, be sure to grab a ticket, pack your luggage and join the biggest Drupal social event of the year.

Photo's Drupal Camp Vienna 2015 copyright Amazee Labs

Cosy get-togethers in Drupal Camps

Now that we talked about the biggest social event of the year, Drupalcon, we can take a look at what the Drupal community is doing for the rest of the year. The community also organises smaller events, throughout the year, for regional groups of people. These meetings are more frequent than the DrupalCons. The activities which are undertaken in those camps are usually talks held by speakers on different subjects of interest to the community. The camps also offer training talks for beginners. The main focus of these type of events is to find out more about Drupal, share your Drupal experience and also to meet the local Drupal community.

List upcoming Drupal camps: Name of the Camp Date Location Nerd Summit 2019 16-17.03.2019 United States, Amherst MidCamp 2019 20-23.03.2019 United States, Chicago Frone End Accesibility Summit 08.04.2019 United States, Seattle DrupalCamp Spain 6-12.05.2019 Spain, Conil de la Frontera Drupaldelphia 10.05.2019 United States, Philadelphia Secure Open Source Day - Haarlem Edition 11.05.2019 Netherlands, Haarlem Stanford DrupalCamp 17-18.05.2019 United States, Stanford Frontend United 17-18.05.2019 Netherlands, Utrecht DrupalCamp Belarus 17-18.05.2019 Belarus, Minsk DrupalCamp Kyiv 25-26.05.2019 Ukraine, Kyiv Flyover Camp 31-02.06.2019 United States, Kansas City DrupalCamp Poland 31-02.06.2019 Poland, Wrocław Drupal Developer Days 10-14.06.2019 Romania, Cluj-Napoca Save the Date - Design 4 Drupal Boston 26-28.06.2019 United States, Cambridge DrupalCamp Asheville 2019 12-14.07.2019 United States, Asheville DrupalCamp Colorado 02-04.08.2019 United States, Denver Cornell DrupalCamp 26-27.09.2019 United States, Ithaca DrupalSouth Hobart 27-29.11.2019 Australia, Hobart How are new Drupal users integrated?

Now that we know how the Drupal community likes to spend its time, we can have a look at how the newcomers are being integrated in the community. First, the newbies can attend training sessions which are held on multiple occasions over the course of the year, with different locations. So, if you’re getting an interest in Drupal but don’t know where to start, you can search for the nearest Drupal beginner onboarding camp to find more about Drupal and the Drupal community. On top of that, you can also rely on the Drupal community forums by posting questions there and letting a more experienced user answer your question.

Community spotlight photo collection, indidual images' rights belong to their respectful owners. Collage created by Sooperthemes and licensed under a Creative Commons Attribution 4.0 International license.

Drupal community spotlight

Drupals open source means that everybody can get involved, making the community vibrant and full of inspirational stories. The community has the spotlight section where there are numerous articles about different members of the community and their journey from being a beginner to a well respected member and contributor.

Ildephonse Bikino

Another inspiring story is that of Ildephonse Bikino. He discovered Drupal through his job. He had the opportunity to attend the DrupalCon from 2016 held in New Orleans via a scholarship provided by the Drupal Association. There, he saw the opportunities that the open source software can bring. This led him to host his first Drupal Global Training Day in Rwanda, where he was expecting a number of 50 atendees. However, to his surprise, this number quickly grew and he had a list of 388 participants. Not wanting to turn his back on the Drupal enthusiasts he rose to the challenge and transformed a one day training into eight sessions spread across multiple weekends. This way, he made sure that every Drupal enthusiast received a proprer training. His dedication to the cause is what makes him a trully inspiring person and gives us a reason to tell his story.

Kevin Thull

Another great spotlight is the one about Kevin Thull. He got involved into Drupal through freelancing and started really getting involved with the community by the time the book Using Drupal 6 came out. He is known for being the mastermind behind the recording of the different Drupal events. He started recording drupal camps back in 2013. At first, everybody questioned his decision, however, he stayed true to his belief, that it is important to record those events. To date, he is personally responsible for recording over 800 sessions and giving up countless of hours of his time to achieve this feat. He was awarded with the Aaron Winborn Award in 2018 for his contribution to the Drupal community.

Rachel Olivero

For example, we have the case of Rachel Olivero which has recently passed away. She first started getting involved with the community at the DrupalCon 2017 in her hometown of Baltimore, where she participated for the first time in a code sprint and also reported her first bug. She was engaging constantly with the community on social platforms. As a blind person, she led an accesibility breakthrough at DrupalCon Nashville. She was always sharing her knowledge and expertise regarding this topic. Her aim was to make life easier for the users with disabilities. She understood the importance of diversity and so she was also engaged with the Drupal Diversity and Inclusion Team. Although she was part of the community for a short period of time, she left her mark through her actions and her contributions.

Aaron Winborn and the award named after him

The Aaron Winborn Award, also known as the “Academy Award” of the Drupal Association is an honor given to the members of the Drupal community that show personal integrity, kindness and an above-and-beyond commitment to the community. It was named in the honor of Aaron Winborn, a big community contributor which passed away after losing a battle with Amyotrophic Lateral Sclerosis. A specific disease which causes the death of the neurons that are controlling voluntary muscles. In order to remember the contribution which Aaron Winbord has brought to the Drupal community, the award was named after him after his death in 2015. To date, the award was given to 4 people which had a big contribution to the community and namely Cathy Theys, Gábor Hojtsy, Nikki Stevens and Kevin Thull. Right now, the nominations for the next awarding are open, so be sure to nominate your favourite member of the Drupal community.

Conclusion

In conclusion, the community is of utmost importance to the development of Drupal. The community is what keeps the CMS alive, while also in a costant state of evolution. Drupal has made it possible for people of different cultural backgrounds to cooperate and stand united for the same cause.  This reflects well on the unofficial motto ,"Come for the code, stay for the community".

Palantir: Federated Search v2.0

2 days 15 hours ago
Federated Search v2.0 brandt Thu, 03/21/2019 - 09:46 Ken Rickard Mar 21, 2019

We have released version 2.0 of our Federated Search application and Drupal integration.

Since our initial release, we’ve been doing agile, iterative development on the software. Working with our partners at the University of Michigan and the State of Georgia, we’ve made refinements to both the application and the Drupal integration.

Better search results

Default searches now target the entire index and not the more narrow tm_rendered_item field. This change allows Solr admins to have better control over the refinement of search results, including the use of field boosting and elevate.xml query enhancements.

Autocomplete search results

We added support for search autocomplete at both the application and Drupal block levels -- and the two can use the same or different data sources to populate results. We took a configurable approach to autocomplete, which supports “search as you type” completion of partial text. These results can also include keyboard navigation for accessibility.

Since the Drupal block is independent of the React application, we made it configurable so that the block can have a distinct API endpoint from the application. We did this because the state of Georgia has specific requirements that their default search behavior should be to search the local site first, looking for items marked with a special “highlighted content” field.

Wildcard searching

We fully support wildcard searches as a configuration option, so that a search for “run” will automatically pass “run” and “run*” as search terms.

Default facet control

The default facets sets for the application -- Site, Content Type, and Date Range -- can now be disabled on a per-site basis. This feature is useful for sites that contribute content to a network but only wish to search their own site’s content.

Enhanced query parameters

We’ve added additional support for term-based facets to be passed from the search query string. This means that all facet options except dates can be passed directly via external URL before loading the search form.

Better Drupal theming

We split the module’s display into proper theme templates for the block and it’s form, and we added template suggestions for each form element so that themes can easily enhance or override the default styling of the Drupal block. We also removed some overly opinionated CSS from the base style of the application. This change should allow CSS overrides to have better control over element styling.

What’s Next for Users?

All of these changes should be backward compatible for existing users, though minor changes to the configuration may be required, Users of the Drupal 8.x-2.0 release will need to run the Drupal update script to load the new default settings. Sites that override CSS should confirm that they address the new styles.

Currently, the changes only apply to Drupal 8 sites. We’ll be backporting the new features to Drupal 7 in the upcoming month.

Users of the 1.0 release may continue to use both the existing Drupal module and their current JS and CSS files until the end of 2019. We recommend upgrading to the 2.0 versions of both, which requires minor CSS and configuration changes you can read about in the upgrade documentation.

Special Thanks

Palantir senior engineer Jes Constantine worked through the most significant changes to the application and integration code. Senior front-end developer Nate Striedinger worked through the template design and CSS. And engineer Matt Carmichael provided QA and code review. And a special shoutout to James Sansbury of Lullabot -- our first external contributor.

Development Drupal Open Source

Dries Buytaert: JSON:API lands in Drupal core

2 days 16 hours ago

Breaking news: we just committed the JSON:API module to the development branch of Drupal 8.

In other words, JSON:API support is coming to all Drupal 8 sites in just a few short months! 🎉

This marks another important milestone in Drupal's evolution to be an API-first platform optimized for building both coupled and decoupled applications.

With JSON:API, developers or content creators can create their content models in Drupal’s UI without having to write a single line of code, and automatically get not only a great authoring experience, but also a powerful, standards-compliant, web service API to pull that content into JavaScript applications, digital kiosks, chatbots, voice assistants and more.

When you enable the JSON:API module, all Drupal entities such as blog posts, users, tags, comments and more become accessible via the JSON:API web service API. JSON:API provides a standardized API for reading and modifying resources (entities), interacting with relationships between resources (entity references), fetching of only the selected fields (e.g. only the "title" and "author" fields), including related resources to avoid additional requests (e.g. details about the content's author) and filtering, sorting and paginating collections of resources.

In addition to being incredibly powerful, JSON:API is easy to learn and use and uses all the tooling we already have available to test, debug and scale Drupal sites.

Drupal's JSON:API implementation was years in the making

Development of the JSON:API module started in May 2016 and reached a stable 1.0 release in May 2017. Most of the work was driven by a single developer partially in his free time: Mateu Aguiló Bosch (e0ipso).

After soliciting input and consulting others, I felt JSON:API belonged in Drupal core. I first floated this idea in July 2016, became more convinced in December 2016 and recommended that we standardize on it in October 2017.

This is why at the end of 2017, I asked Wim Leers and Gabe Sullice — as part of their roles at Acquia — to start devoting the majority of their time to getting JSON:API to a high level of stability.

Wim and Gabe quickly became key contributors alongside Mateu. They wrote hundreds of tests and added missing features to make sure we guarantee strict compliance with the JSON:API specification.

A year later, their work culminated in a JSON:API 2.0 stable release on January 7th, 2019. The 2.0 release marked the start of the module's move to Drupal core. After rigorous reviews and more improvements, the module was finally committed to core earlier today.

From beginning to end, it took 28 months, 450 commits, 32 releases, and more than 5500 test runs.

The best JSON:API implementation in existence

The JSON:API module is almost certainly the most feature-complete and easiest-to-use JSON:API implementation in existence.

The Drupal JSON:API implementation supports every feature of the JSON:API 1.0 specification out-of-the-box. Every Drupal entity (a resource object in JSON:API terminology) is automatically made available through JSON:API. Existing access controls for both reading and writing are respected. Both translations and revisions of entities are also made available. Furthermore, querying entities (filtering resource collections in JSON:API terminology) is possible without any configuration (e.g. setting up a "Drupal View"), which means front-end developers can get started on their work right away.

What is particularly rewarding is that all of this was made possible thanks to Drupal's data model and introspection capabilities. Drupal’s decade-old Entity API, Field API, Access APIs and more recent Configuration and Typed Data APIs exist as an incredibly robust foundation for making Drupal’s data available via web service APIs. This is not to be understated, as it makes the JSON:API implementation robust, deeply integrated and elegant.

I want to extend a special thank you to the many contributors that contributed to the JSON:API module and that helped make it possible for JSON:API to be added to Drupal 8.7.

Special thanks to Wim Leers (Acquia) and Gabe Sullice (Acquia) for co-authoring this blog post and to Mateu Aguiló Bosch (e0ipso) (Lullabot), Preston So (Acquia), Alex Bronstein (Acquia) for their feedback during the writing process.

Wim Leers: JSON:API shipping with Drupal 8.7!

2 days 16 hours ago

The JSON:API module was added to Drupal 8.7 as a stable module!

See Dries’ overview of why this is an important milestone for Drupal, a look behind the scenes and a look toward the future. Read that first!

Upgrading?

As Mateu said, this is the first time a new module is added to Drupal core as “stable” (non-experimental) from day one. This was the plan since July 2018 — I’m glad we delivered on that promise.

This means users of the JSON:API 8.x-2.x contrib module currently on Drupal 8.5 or 8.6 can update to Drupal 8.7 on its release day and simply delete their current contributed module, and have no disruption in their current use of JSON:API, nor in security coverage! 1

What’s happened lately?

The last JSON:API update was exactly two months ago, because … ever since then Gabe, Mateu and I are have been working very hard to get JSON:API through the core review process. This resulted in a few notable improvements:

  1. a read-only mode that is turned on by default for new installs — this strikes a nice balance between DX (still having data available via APIs by default/zero config: reading is probably the 80% use case, at least today) and minimizing risk (not allowing writes by default) 2
  2. auto-revisioning when PATCHing for eligible entity types
  3. formally documented & tested revisions and translations support 3
  4. formally documented security considerations

Get these improvements today by updating to version 2.4 of the JSON:API module — it’s identical to what was added to Drupal 8.7!

Contributors

An incredible total of 103 people contributed in JSON:API’s issue queue to help make this happen, and 50 of those even have commits to their name:

Wim Leers, ndobromirov, e0ipso, nuez, gabesullice, xjm, effulgentsia, seanB, jhodgdon, webchick, Dries, andrewmacpherson, jibran, larowlan, Gábor Hojtsy, benjifisher, phenaproxima, ckrina, dww, amateescu, voleger, plach, justageek, catch, samuel.mortenson, berdir, zhangyb, killes@www.drop.org, malik.kotob, pfrilling, Grimreaper, andriansyahnc, blainelang, btully, ebeyrent, garphy, Niklan, joelstein, joshua.boltz, govind.maloo, tstoeckler, hchonov, dawehner, kristiaanvandeneynde, dagmar, yobottehg, olexyy.mails@gmail.com, keesee, caseylau, peterdijk, mortona2k, jludwig, pixelwhip, abhisekmazumdar, izus, Mile23, mglaman, steven.wichers, omkar06, haihoi2, axle_foley00, hampercm, clemens.tolboom, gargsuchi, justafish, sonnykt, alexpott, jlscott, DavidSpiessens, BR0kEN, danielnv18, drpal, martin107, balsama, nileshlohar, gerzenstl, mgalalm, tedbow, das-peter, pwolanin, skyredwang, Dave Reid, mstef, bwinett, grndlvl, Spleshka, salmonek, tom_ek, huyby, mistermoper, jazzdrive3, harrrrrrr, Ivan Berezhnov, idebr, mwebaze, dpolant, dravenk, alan_blake, jonathan1055, GeduR, kostajh, pcambra, meba, dsdeiz, jian he, matthew.perry.

Thanks to all of you!

Future JSON:API blogging

I blogged about once a month since October 2018 about JSON:API, to get more people to switch to version 2.x of the JSON:API module, to ensure it was maximally mature and bug free prior to going into Drupal core. New capabilities were also being added at a pretty high pace because we’d been preparing the code base for that months prior. We went from ~1700 installs in January to ~2700 today!

Now that it is in Drupal core, there will be less need for frequent updates, and I think the API-First Drupal: what’s new in 8.next? blog posts that I have been doing probably make more sense. I will do one of those when Drupal 8.7.0 is released in May, because not only will it ship with JSON:API land, there are also other improvements!

Special thanks to Mateu Aguiló Bosch (e0ipso) for their feedback!

  1. We’ll of course continue to provide security releases for the contributed module. Once Drupal 8.7 is released, the Drupal Security Team stops supporting Drupal 8.5. At that time, the JSON:API contributed module will only need to provide security support for Drupal 8.6. Once Drupal 8.8 is released at the end of 2019, the JSON:API contributed module will no longer be supported: since JSON:API will then be part of both Drupal 8.7 and 8.8, there is no reason for the contributed module to continue to be supported. ↩︎

  2. Existing sites will continue to have writes enabled by default, but can choose to enable the read-only mode too. ↩︎

  3. Limitations in the underlying Drupal core APIs prevent JSON:API from 100% of desired capabilities, but with JSON:API now being in core, it’ll be much easier to make the necessary changes happen! ↩︎

myDropWizard.com: SA-CORE-2019-004 doesn't affect Drupal 6

3 days 8 hours ago

As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!

Today, there is a Moderately Critical security release for Drupal core to fix a Cross Site Scripting (XSS) vulnerability.

Folks have been asking us, so this is just a short note to say that this issue does NOT affect Drupal 6. So, you can focus just on updating your Drupal 7 and Drupal 8 sites today. :-)

Thanks!

Security advisories: Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

3 days 13 hours ago
Project: Drupal coreDate: 2019-March-20Security risk: Moderately critical 13∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: 

Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Solution: 

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Reported By: Fixed By: 

DrupalCon News: So It's Your First Time at DrupalCon

3 days 14 hours ago
New to DrupalCon? We’re glad you’re joining us in Seattle!

Here are ideas to help you prepare for this exciting week among thousands of other Drupalers, while hundreds of sessions, summits, trainings, just-for-fun events, and more are all happening—some simultaneously. We have tips for during the conference and afterward, so make the most of this new experience! 

Drudesk: Useful modules to fix duplicate content in Drupal

3 days 14 hours ago

From a quarter to almost one-third of content in the World Wide Web repeats itself. According to Google's head of search spam, Matt Cutts, around 25-30% of web content is duplicate. Your website is also likely to have duplicate content, even if it follows web content writing rules. In this post, we will touch upon the reasons and risks of duplication, as well as review useful modules that fix duplicate content in Drupal.

wishdesk.com: What to expect in Drupal 8.7: looking at its fresh alpha release

4 days 16 hours ago

Drupal 8.6 became one of the most interesting releases in Drupal 8’s history. It brought us the oEmbed feature, the Media Library, the Workspaces module, and more. But it’s time to move forward, and in May 2019 we expect Drupal 8.7. Its “alpha” version has just been released. Although an alpha version is not a final one, we will gladly take a look at it and discuss what to expect in Drupal 8.7.

Drupal 8.7: the alpha version

Drupal 8.7.0-alpha1 has come out on March 14, 2019. Alpha versions are far from being ready for production sites. They are just preliminary releases that allow developers to do a good testing, receive feedback, make final preparations, and fix bugs.

Jacob Rockowitz: Webform module now supports importing submissions

5 days 12 hours ago
Problem

The answer is Drupal's Migrate API, which is incredibly powerful but can feel overwhelming. When I migrated MSKCC.org from Drupal 6 to Drupal 8, the Migrate API was just being introduced into Drupal 8 core, and I felt more comfortable writing a custom migration script instead of using code that was still under development. Migrate API is now stable and if you are an experienced Drupal developer, you should use it.

The level of expertise required to build and maintain a Drupal 8 website has changed from Drupal 7, mainly because we are creating more ambitious digital experiences. The Drupal community struggles to simplify our flexible and sometimes complex product. My approach is to make the Webform module as flexible and robust as possible, while not forgetting that people need a simple way to start building a form. This is exactly why I include an introduction video on the Webform module's main page. Besides making the Webform module an awesome tool for experienced Drupal site builders, the Webform module needs to be welcoming to new users and make it easy for them to move their existing forms to Drupal.

Either an organization is starting from scratch and building a new Drupal site, or more commonly an organization has decided they need to provide a more ambitious digital experience and they have chosen to switch to Drupal. In both situations, we need to make it easy for someone to switch from other form builders to Webform.

The problem that needs to be addressed is…

Solution

The simplest way to migrate to the Webform module is to rebuild an external form and then import the existing data. Building a webform is fun and easy, forms are a critical aspect to most websites; it is worth taking the time needed...Read More

Phase2: Multi-Design Systems with Component Libraries Module

5 days 13 hours ago
The Rundown

At Phase2 we’re always looking to pinpoint the real problem and solve it. Let’s say we have a new project to implement a design system for The First Order. We’ve done work for their parent organization in the past and already have a design system in place for The Empire. The site architecture calls for creating a multi-site and multi-design implementation to make use of The Empire’s assets for The First Order.