Drupal News

Chances are if you've attended any of the Drupal camps in North America you've run into Kevin Thull. He's the fellow that is dashing from room to room before the first session begins to set up the AV equipment and checking in with presenters making sure they all "push the red button". Because of him, we are all able attend the sessions we miss while busy elsewhere. He is personally responsible for recording over 800 sessions and donating countless hours of his time.

Not only does he record sessions at camps, he also helps organize Midwest Drupal Camp. For this next year he has been charged as their fearless leader. He will be working on their web team, arranging catering, organizing the venue, as well as doing all the audio visual.

This year at DrupalCon Nashville the Drupal Community awarded Kevin the Aaron...

Project: Drupal coreDate: 2018-April-18Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site ScriptingDescription: 

CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).

We would like to thank the CKEditor team for patching the vulnerability and coordinating the fix and release process, and matching the Drupal core security window.

Solution: If you are...
Completed Drupal site or project URL: https://www.iwm.org.uk/

Deeson designed and built a powerful digital platform to harness Imperial War Museums' collection and drive deeper engagement with their events.

The brief.

Deeson was asked to support Imperial War Museums (IWM) in evaluating the effectiveness of their existing digital presence in helping them meet their strategic goals. After a strategic and technical audit, IWM elected to rebuild their website.

They tasked us with launching their new website as a groundbreaking "sixth site" to sit alongside the museum's five physical branches. The site needed to showcase the museum's rich content in compelling new ways.

The results.

We created a bold new website powered by Drupal 8 that is a confident declaration of what Imperial War Museums represents, and reflects the...

The following blog was written by Drupal Association Signature Hosting Supporter, Acquia

The rapid evolution of diverse end-user clients and applications has given rise to a dizzying array of digital channels to support.

Websites in the past were built from monolithic architectures utilizing web content management solutions that deliver content through a templating solution tightly “coupled” with the content management system on the back-end.

Agile organizations crave flexibility, and strive to manage structured content across different presentation layers consistently in a way that’s scalable.

Accomplishing this efficiently requires that teams have flexibility in the front-end frameworks that dominate the modern digital...

Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code Execution Description: 

CVE: CVE-2018-7600

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

The security team has written an FAQ about this issue.

Solution: 

Upgrade to the most recent version of Drupal 7 or 8 core.

If you are running 7.x, upgrade to...
https://thunder.org/

Thunder is the Drupal 8 distribution for professional publishing. Thunder was designed by Hubert Burda Media and released as open-source software under the GNU General Public License in 2016. As members of the Thunder community, publishers, partners, and developers build custom extensions and share them with the community to further enhance Thunder.

Thunder consists of the current Drupal 8 functionality, lots of handpicked publisher-centric modules with custom enhancements (our own Thunder Admin Theme, the Paragraphs module, the Media Entity module, the Entity Browser module, and lots more), and an environment which makes it easy to install, deploy and add new functionality (e.g. the Thunder Updater).

To learn more about Thunder projects, read these case studies: German magazine Mein Schöner Garten...