Development News

lakshminp.com: Using Drupal and Docker in production

Main Drupal Feed - Tue, 10/02/2018 - 14:09
Using Drupal and Docker in production lakshminp Tue, 10/02/2018 - 10:09

In the previous post, we created a setup to run Drupal + Docker in local. With a skip and a jump, we can make the same setup run in production as well. We'll do a deep dive of the same in this post.

Acquia Developer Center Blog: Defending Against a Self-Propagating Drupal Botnet Attack

Main Drupal Feed - Tue, 10/02/2018 - 14:00

On the 28th of March 2018 the Drupal Security Team announced SA-CORE-2018-002, a serious Remote Code Execution vulnerability, which came to be known by many as "Drupalgeddon 2". Here's what we learned defending against it.

Tags: acquia drupal planet

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Access by Reference (video tutorial)

Main Drupal Feed - Tue, 10/02/2018 - 13:58
Drupal Modules: The One Percent — Access by Reference (video tutorial) NonProfit Tue, 10/02/2018 - 08:58 Episode 46

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll consider Access by Reference, a module which lets content editors easily grant other users access to specific nodes.

Web Wash: Search across Fields in Views using Combine Fields Filter in Drupal 8

Main Drupal Feed - Tue, 10/02/2018 - 13:30

I was recently looking at all the default views that come with Drupal 8. For people who don't know, the Views module is part of Drupal 8 core. In Drupal 7 and below it's the most installed module so during Drupal 8's development it was decided to move Views into core.

During my exploration into all of the default Views, I noticed that in the People (User) view there was a filter called "Combine fields filter".

Want to learn about Views? Read Build a Blog in Drupal 8: Using Views or watch it as part of our FREE Drupal 8 Site Building course.

Now just a quick side note, if you're new to Drupal and Views I'd highly recommend you spend time walking through all of the default views and see how they were configured. You can learn a lot just by seeing how things are set up.

The "Combine fields filter" does a pretty cool thing. It allows you to search across multiple fields or put another way, it allows you to combine fields and then filter by their combined value.

Wim Leers: API-First Drupal: what's new in 8.6?

Main Drupal Feed - Tue, 10/02/2018 - 13:28

Drupal 8’s REST API reached a next level of maturity in 8.5. In 8.6, we matured it further, added features and closed some gaps.

Drupal 8.6 was released 1 with some significant API-First improvements!

The REST API made a big step forward with the 6th minor release of Drupal 8 — I hope you’ll like these improvements :)

Thanks to everyone who contributed!

  1. File uploads! #1927648

    No more crazy per-site custom REST resource plugins, complex work-arounds or base64-encoded hacks! Safe file uploads of any size are now natively supported!

    POST /file/upload/node/article/field_hero_image?_format=json HTTP/1.1 Content-Type: application/octet-stream Content-Disposition: file; filename="filename.jpg" [… binary file data …]

    then, after receiving a response to the above request:

    POST /node?_format=json HTTP/1.1 Content-Type: application/json { "type": [{"value": "article"}], "title": [{"value": "Dramallama"}], // Note that this is using the file ID we got back in the response to our previous request! "field_hero_image": [ { "target_id": 345345, "description": "The most fascinating image ever!" } ] }

    If you’d like a more complete example, see the change record, which explains it in detail. And if you want to read about the design rationale, see the dedicated blog post.

  2. parent field on Term now is a standard entity reference #2543726

    "parent": [] ⬇ "parent":[{ "target_id": 2, "target_type": "taxonomy_term", "target_uuid": "371d9486-1be8-4893-ab20-52cf5ae38e60", "url": "https://example.com/taxonomy/term/2" }] We fixed this at the root, which means it not only helps core’s REST API, but also the contributed JSON API and GraphQL modules, as well as removing the need for its previously custom Views support!

  3. alt property on image field lost in denormalization #2935738 "field_image":[{ "target_id": 2, "target_type": "file", "target_uuid": "be13c53e-7f95-4add-941a-fd3ef81de979", "alt": "Beautiful llama!" }]

    after denormalizing, saving and then normalizing, this would result in:

    "field_image":[{ "target_id": 2, "target_type": "file", "target_uuid": "be13c53e-7f95-4add-941a-fd3ef81de979", "alt": "" }]

    Same thing for the description property on file and image fields, as well as text, width and height on image fields. Denormalization was simply not taking any properties into account that specializations of the entity_reference field type were adding!

  4. PATCHing a field → 403 response without with reason #2938035

    {"message":"Access denied on updating field 'sticky'."} ⬇ {"message":"Access denied on updating field 'sticky'. The 'administer nodes' permission is required."}

    Just like we improved PATCH support in Drupal 8.5 (see point 4 in the 8.5 blog post), we again improved it! Previously when you’d try to modify a field you’re not allowed to modify, you’d just get a 403 response … but that wouldn’t tell you why you weren’t allowed to do so. This of course was rather frustrating, and required a certain level of Drupal knowledge to solve. Now Drupal is far more helpful!

  5. 406 responses now lists & links supported formats #2955383

    Imagine you’re doing a HTTP request like GET /entity/block/bartik_branding?_format=hal_json. The response is now more helpful.

    Content-Type: application/hal+json {"message": "No route found for the specified format hal_json."}

    Content-Type: application/hal+json Link: <http://example.com/entity/block/bartik_branding?_format=json>; rel="alternate"; type="application/json", >http://example.com/entity/block/bartik_branding?_format=xml>; rel="alternate"; type="text/xml" {"message": "No route found for the specified format hal_json. Supported formats: json, xml."}
  6. Modules providing entity types now responsible for REST tests

    Just like we achieved comprehensive test coverage in Drupal 8.5 (see point 7 in the 8.5 blog post), we again improved it! Previously, the rest.module component in Drupal core provided test coverage for all core entity types. But if Drupal wants to be API-First, then we need every component to make HTTP API support a priority.
    That is why in Drupal 8.6, the module providing an entity type contains said test coverage (A). We also still have test coverage test coverage (B). Put A and B together, and we’ve effectively made HTTP API support a new gate for entity types being added to Drupal core. Also see the dedicated blog post.

  7. rest.module is now maintainable!

    I’m happy to be able to proudly declare that Drupal 8 core’s rest.module in Drupal 8.6 can for the first time be considered to be in a “maintainable” state, or put differently: in a well-maintained state. I already wrote about this in a dedicated blog post 4.5 months ago. Back then, for the first time, the number of open issues fit on “a single page” (fewer than 50). Today, several months later, this is still the case. Which means that my assessment has proven true :) Whew!

Want more nuance and detail? See the REST: top priorities for Drupal 8.6.x issue on drupal.org.

Are you curious what we’re working on for Drupal 8.7? Want to follow along? Click the follow button at REST: top priorities for Drupal 8.7.x — whenever things on the list are completed (or when the list gets longer), a comment gets posted. It’s the best way to follow along closely!2

The other thing that we’re working on for 8.7 besides the REST API is getting the JSON API module polished to core-worthiness. All of the above improvements help JSON API either directly or indirectly! I also wrote about this in my State of JSON API blog post. Given that the REST API is now in a solid place, for most of 2018 the majority of our attention has actually gone to JSON API, not core’s REST API. I expect this to continue to be the case.

Was this helpful? Let me know in the comments!

For reference, historical data:

  1. This blog post is long overdue since 8.6 was released almost a month ago. Some personal life issues caused a delay. ↩︎

  2. ~50 comments per six months — so very little noise. ↩︎

CTI Digital: Marketing Drupal to Customers: a Drupal Europe Initiative. Call for Contributors!

Main Drupal Feed - Tue, 10/02/2018 - 12:03

Whilst at Drupal Europe last month, I was privileged to be invited by Drupal’s founder, Dries Buytaert, to a round table discussion, aimed at further marketing the Drupal project.

Digital Echidna: Thoughts on all things digital: Can We Talk? Planning the First Step Along the Path to Better

Main Drupal Feed - Tue, 10/02/2018 - 10:10
Take a look at the bottom right corner of this blog post. See it? That Echidna-red “speech bubble”? Go ahead… click on it. I’ll wait! That’s right. A direct link to me. And legitimately me, not just a team of “me”s monitoring the account. Of…

Chocolate Lily: Drupal and Governance

Main Drupal Feed - Mon, 10/01/2018 - 22:58

Way back in January 2005, I posted a proposal to improve the governance of the Drupal project and help make it "fully 'community-driven'". In response, one commenter wrote:

Yesterday evening on the #drupal channel there was a trial vote casting for "Leave Dries alone" and unamiously everyone voted +1 on this...

Jacob Rockowitz: Why I am one of the top contributors to Drupal?

Main Drupal Feed - Mon, 10/01/2018 - 22:21

Who sponsors Drupal development?

We know who contributes

A few weeks ago, Dries Buytaert published his annual who sponsors Drupal development. His report acknowledges individual and organization contributions and what projects they are supporting. This report provides a high-level overview of who contributing in the Drupal community. There are some old names on this list and some new names.

Asking why they contribute

Now that we know who is contributing to Drupal, the next and more difficult question is “Why are they contributing to Drupal?” Knowing the story behind why an individual or organization contributes to Drupal will inspire more people to get involved and give something back to Drupal and Open Source.

My contribution to Drupal

This year, I was the number three individual contributor to Drupal. The previous year, when I first appeared on the top contributor list, it was completely unexpected. I joked with my son, Ben, that, "I won a race that I did not know I was running." Being included on this list was an honor that I did not expect to achieve, partially because I’m always in awe of the ongoing work by all the core maintainers and contributors.

Since last year, I have not slowed down on my commitment to the Webform module for Drupal 8. So I was not surprised to be included in this year's list. Over the past year, I have had several interesting conversations with other developers on the top contributor list, and what resonated with me the most is that everyone on this list has a different history as to...Read More

lakshminp.com: Local Drupal development using Docker

Main Drupal Feed - Mon, 10/01/2018 - 18:20
Local Drupal development using Docker lakshminp Mon, 10/01/2018 - 14:20

One of the biggest arguments for using Docker to develop your app is to have isolated environments for different setups(The classic case of two different versions of PHP for two projects). Even that is sometimes not convincing enough. I find Docker to be damn useful when building production parity on local(Think trying to reproduce a production bug on your local). If you've faced this problem and want to solve it, read on.

Acquia Developer Center Blog: Using Drupal 8 and AWS IoT to Power Digital Signage for New York’s Subway System

Main Drupal Feed - Mon, 10/01/2018 - 14:33

“Digital Experiences” are the next big thing someone at your company is almost certainly talking about. These include visionary technology that operates based on rich data that is timely and location-based, interactions between other services and products, and perhaps most importantly: content that is not reliant on a user manually driving the experience (as they usually might on a website or mobile application). This article discusses a unique digital experience, thousands of countdown clocks, developed in Drupal 8 by Acquia for New York's Metropolitan Transportation Authority (MTA). 

Tags: acquia drupal planet

Agiledrop.com Blog: Tips to Speed Up Your Drupal Site

Main Drupal Feed - Mon, 10/01/2018 - 13:07
In this post, I highlight some easy to follow tips for speeding up a Drupal website. READ MORE

OpenSense Labs: Leverage Open Source Security In Drupal

Main Drupal Feed - Mon, 10/01/2018 - 12:39
Leverage Open Source Security In Drupal Shankar Mon, 10/01/2018 - 18:09

Think of your best friend who keeps things to himself - a characteristic that would sometimes make it strenuous for you to understand if he is in distress. Juxtapose such a character with another friend who is an open book which makes it a downhill task to know what he is thinking and feeling. Such a correlation can be observed in this digital world where the security of open source software and proprietary software is constantly debated.


Dr. A.P.J Abdul Kalam, former President and renowned scientist of India, once reiterated that “open source codes can easily introduce the users to build security algorithms in the system without the dependence of proprietary platforms”. The security that open source software offers is unparalleled. Drupal, as an open source content management framework, is known for its provision of magnificent security for your online presence and is worth considering.

Getting to know open source software

It was in 1999 when Eric Raymond stipulated that more eyeballs can make the bugs look shallow. He coined the term “Linus’ Law” which was named in honour of Linux creator Linus Torvalds. Since then, it has been almost two decades for continuous usage of Linus’ Law as a doctrine by some to explain the security benefits of open source software.

Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone - The Cathedral and the Bazaar by Eric S. Raymond (Lesson 8)

Open source software consists of source code that is openly available for anyone to do inspection, adjustments or improvements. This code may comprise of bugs or issues that require to be flagged.

Furthermore, public availability means attackers could study and exploit the code that emphasises on inculcating code level security practices. Some of the common open source security practices constitute:

  • Governing an inventory of all software used. This data must consist of the version, hash value and the original source of the code.
  • Verification of the availability of security updates and bug fixes. This makes sure that the patch management processes are being done regularly.
  • Testing and scanning the source code. This is performed using code analysers, auditing tools, or a community like Drupal.
  • Make sure that open source applications are in compliance with the existing network architecture to avoid violations of any firewall or security policies.
Myth or fact: Is Open source software more secure than closed source software?

 

Whether it is the Heartbleed incident in 2014, where the vulnerability was discovered in OpenSSL. Or, the Microsoft Vulnerability Exploit in 2014, when credit card information of millions of Home Depot customers was compromised. Both open source and closed source software have a history of encountering security threats. But which one is more secure?

Closed-source software, also known as proprietary software, is only distributed to authorized users with private modification and republishing restrictions. On the flip side, OSS is distributed under a licensing agreement which makes it available for the general public to use and modify for no cost.

It is this ability to modify the code that forms the crux of the argument within the Linux community that open source is more safer and less susceptible to security attacks in comparison to closed source software Microsoft Windows.

OSS allows anyone to rectify the broken code. In contrast, closed source can only be fixed by the vendor. 

So, when more people are testing and fixing the code within the OSS community, open source gradually increases its salience on security over time. Although attacks are still discovered, it has become a lot easier to identify and fix bugs. Open source enthusiasts believe that they experience fewer exploits and their code receives patches more rapidly as there are a plethora of developers contributing to the project.

When digging deeper, the notion that open source platforms offer users the capability to keeping itself relevant with new and altering requirements underpins the argument for open source over closed. OSS does have a reputation of being more secure as the University of Washington states in a report.

Open source security in Drupal Source: AcquiaDrupal Security Team in action

The Drupal open source project has a dedicated team of volunteers who track security-related bugs and release updates. They help in:

  • Resolving security issues that are reported in a Security Advisory.
  • Offering help for contributed module maintainers in fixing security issues.
  • Offering documentation for writing secure code and safeguarding Drupal sites
  • Providing assistance to the infrastructure team for keeping the Drupal.org infrastructure safe.

Anyone, who discovers or learns about a potential error, weakness or a security threat that can compromise the security of Drupal, can submit it to the Drupal security team.

Process cycle

The process cycle of the Drupal security team involves:

  • Analysis of issues and evaluation of potential impact on all the supported releases of Drupal.
  • Mobilizing the maintainer for its removal if found with a valid problem
  • Creation, assessment, and testing of new versions
  • Creation of new releases on Drupal.org
  • Using available communication channels to inform users when issues are fixed
  • Issuing an advisory if the maintainer does resolve the issues within the deadline and recommending to disable the module thereby marking the project as unsupported on Drupal.org.

The security team keeps issues private until there is a fix available for the issue or if the maintainer is not addressing the issue from time-to-time. Once the threat is addressed and a safer version is available, it is publicly announced.

In addition, the security team coordinates the security announcements in release cycles and works with Drupal core and module maintainers. For any concern with the management of security issues, you can also ask security@drupal.org. 

Security features
  • You can enable a secure access to your Drupal site as it has the out-of-the-box support for salting and repeatedly hashing account passwords when they are stored in the database.
  • It also lets you enforce strong password policies, industry-standard authentication practices, session limits, and single sign-on systems.
  • It provides granular access control for giving administrators full control over who gets to see and who gets to modify different parts of a site.
  • You can also configure Drupal for firm database encryption in the top-notch security applications.
  • Its Form API helps in data validation and prevents XSS, CSRF, and other malicious data entry.
  • It limits the login attempts that can be made from a single IP address over a predefined time period. This helps in avoiding brute-force password attacks.
  • Its multilayered cache architecture assists in reducing Denial of Service (DoS) attacks and makes it the best CMS for some of the world’s highest traffic websites like NASA, the University of Oxford, Grammys, Pfizer etc.
  • Notably, the Drupal addresses all of the top 10 security risks of Open Web Application Security Project (OWASP).

Statistical reports

In the 2017 Cloud Security Report by Alert Logic, among open source frameworks assessed for content management and e-commerce, Drupal was reported for the least number of web application attacks.

Source: Alert Logic

Sucuri’s Hacked Website Report also showed that Drupal was the most security-focused CMS with fewer security vulnerabilities reported. It stood on top against leading open source CMSs like Wordpress, Joomla, and Magento.

Source: SucuriChallenges in open source security

Open source software has its share of challenges as well. Equifax’s 2017 breach was notable because of the millions of US consumers who were affected. For the digital transformation to transpire, developers are moving from perfect to fast using open source components as vital assets for swiftly adding common functionality. For letting developers move as swiftly as customers demand, security pros must address some fundamental challenges.

For the digital transformation to transpire, developers are moving from perfect to fast using open source components as vital assets for swiftly adding common functionality

The time between disclosure and exploit is shrinking. Today, there is enough information in the Common Vulnerability and Exposures (CVE) description of a vulnerability consisting of affected software versions and how to execute an attack. Malicious hackers can make use of this information and decrease the time between disclosure and exploit as was witnessed in the case of Equifax.

Identification of open source component vulnerabilities listed in the National Vulnerability Database (NVD) increased by 10% from 2015 to 2016 with a similar increase in 2017. For instance, in components from Maven packages, Node.js packages, PyPi packages, and RubyGems, published vulnerabilities doubled (see graph below).


Security pros must assume that prerelease vulnerability scans are not executed by open source developers. So, software composition analysis (SCA) and frequent updates to open source components will be the responsibility of the enterprise.

Conclusion

Open source security does pose a significant case for itself and can be a better option than a closed source or proprietary software. Also, it is a matter of preference looking at the organisational needs and project requirement, to choose between them for your digital business.

Drupal, as an open source content management framework, comes out as the most secure CMS in comparison to leading players in the market. At Opensense Labs, we have been perpetually offering digital transformation with our strong expertise in Drupal development.

Contact us at hello@opensenselabs.com for amazing web development projects and leverage open source security in Drupal 8.

blog banner blog image open source security Open Source closed source proprietary cms closed source cms open source cms closed source security Drupal 8 Drupal CMS drupal security open source cms vs closed source cms open source cms vs proprietary cms Blog Type Articles Is it a good read ? On

The Month in WordPress: September 2018

Wordpress News - Mon, 10/01/2018 - 12:01

The new WordPress editor continues to be a major focus for all WordPress contribution teams. Read on to find out some more about their work, as well as everything else that has been happening around the community this past month.

Further Enhancements to the New WordPress Editor

Active development continues on Gutenberg, the new editing experience for WordPress Core. The latest update for the editor includes great new features, such as reusable content blocks, a dark editor style, export and import of templates, and much more. In addition, the Gutenberg team has published a comprehensive guide to the features currently included in the editor.

Users can test Gutenberg right now by installing the plugin, which currently has over 450,000 active installs according to the new Gutenberg in Numbers site. Along with that, the Gutenberg Handbook has some very useful information about how to use and develop for the new editor.

Want to get involved in building Gutenberg? Follow the #gutenberg tag on the Core team blog and join the #core-editor channel in the Making WordPress Slack group.

Work Begins on WordPress 5.0

After initially announcing a minor v4.9.9 release, the Core team has shifted their focus to the next major release — v5.0. One of the primary factors for this change is that Gutenberg is nearly ready to be considered for merging into Core, with the goal to complete the merge in v5.0.

To maintain flexibility in the development process the final timelines are not yet determined, allowing work already done for v4.9.9 to be moved to v5.0 if needed. Ensuring that WordPress is compatible with the upcoming PHP 7.3 release is a high priority for the Core team. Once a final decision is made, the details will be announced on the Core team blog.

Want to get involved in building WordPress Core? Follow the Core team blog and join the #core channel in the Making WordPress Slack group.

Further Reading:

If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.

Don't Panic: A blog about Drupal: Recording a pod at DrupalEurope in Darmstadt!

Main Drupal Feed - Sun, 09/30/2018 - 17:50

Not only did DrupalEurope in Darmstadt a couple of weeks ago give me the opportunity to learn more about Drupal and meet old friends and community members - it was also the new start of coming back to doing a pod again.

The Drupal pod Drupalsnack has been on hold for a year when I wrote a book about old commercials found in comic books during the 60s, 70s, 80s and 90s. But when the book now is printed and can be found in stores - it's time to go back to recording a pod.

And the first episode is about DrupalEurope. Me and my podcast colleague Kristoffer took the opportunity to interview Michael Miles who came all the way from Boston, USA, to visit DrupalEurope. I also spoke to Baddysonja - Baddy Breidert - who has been the project manager, leading the masses in organising DrupalEurope, and Kristoffer stopped Dries in the hallway and interviewed him about all the news around Drupal.

All in all, it is great doing a podcast again, and this episode is in English since we did all the interviews in English. Next episode will be in Swedish again, which will be a relief. I consider my English to be quite good, but it is always easier to do a podcast in your native language.

Listen to the DrupalEurope episode of Drupalsnack by clicking here.

hussainweb.me: Drupal Meetup Bangalore – September 2018

Main Drupal Feed - Sat, 09/29/2018 - 13:54
Another month, another Drupal meetup in Bangalore. This month’s meetup was held at Athenahealth office on Lavelle Road in Bangalore. Since the last month’s meetup was scheduled a week early, there was more than usual gap since the last meetup. This time, we had a full schedule and exciting sessions planned.

Ashday's Digital Ecosystem and Development Tips: 5 More Tips to Get the Most out of Drupal

Main Drupal Feed - Fri, 09/28/2018 - 20:00

Previously, we covered some simple tips that allow you to get more out of Drupal and I think we covered some basics. This time we are going to go a bit deeper to see what Drupal can really do. In the right hands, Drupal can be a very powerful tool for more than just content management. The following tips will take you through a few different topics to get more out of Drupal than ever before. Some of these tips are a bit more on the advanced side, but they are very useful.

Evolving Web: What's New in Drupal 8.6

Main Drupal Feed - Fri, 09/28/2018 - 19:57

Drupal 8.6 was released a couple weeks ago and it’s probably the most exciting release since Drupal 8.0. As you might know, new features are added with each minor release of Drupal 8 (e.g. between 8.5 and 8.6). At first, I thought that this would just change how we test and update our sites. But it’s amazing to see how many new, valuable features are being added in minor versions. These are the features that allow Drupal to constantly evolve and innovate, and keep everyone excited about using Drupal.

Also, minor releases that add features are a great reason to keep your Drupal site up-to-date with the latest minor version!

I tried out Drupal 8.6 the other day and here are some of the highlights. Note that some of these features (Media management, Workspaces) are provided by experimental modules. They are not ready to use in production yet, but are ready to be tested out in development and sandbox environments:

Media

As a Drupal site builder, the media features are a huge step forward. I watch a lot of content editors use Drupal and it’s clear that having media editing work smoothly greatly improves the content editing experience. From the Admin UX research I’ve worked on, better media management is one of the number one things that content editors want.

So, what does media in core provide? You can now add media (images, video, audio, etc) through the WYSIWYG editor and via a new media field. You can re-use media that’s already been added to the site, or upload new items. You can also manage the media via an overview page and add new media items directly without creating content.

Quickstar

Drupal 8.6 comes with a Quickstart command that lets you install Drupal on your machine with a limited number of requirements. This makes it really easy to test out Drupal without installing other software, configuring a VM, or finding a vendor that provides cloud hosting.

I think it’s great to have a feature like this out-of-the-box so that we can have a better experience for newcomers to Drupal. In fact, there’s already updated documentation on Drupal.org about how to install a quick version of Drupal.

Thanks to Matt Grasmick for putting this together!

Out-of-the-box Demo

At DrupalCon Nashville, I tested out the new Umami install profile, which provides a demo of Drupal out-of-the-box. When you install Drupal, you’ll now see the Umami as an option on the install profile step. Umami comes with content, content types, views, and a theme for a recipe website. I think this profile, along with the Quickstart feature will allow developers and site builders new to Drupal to easily test out and demo its features.

Migrate!

Migrate has been around since the first minor release of Drupal 8, it’s the module that allows you to pull content into Drupal 8 from previous versions of Drupal or external sources. Migrate is now a stable module, which means that it will be easier for developers to create custom migrations without worrying about changes to the underlying code. This will also make it easier to write documentation and blog posts about how to do things with Migrate.

There are some features around migrating multilingual content which have been set aside in a separate module (Migrate Drupal Multilingual). This module is an experimental module, as there is still some outstanding work to be done in this area.

Workspaces

You are probably wondering: what is « workspaces »? This is a new, experimental module that allows a site administrator to create a new, parallel version of the site content - e.g. a Staging workspace - that can be deployed to the live site in one go. In Drupal 8.5, content moderation was introduced to Drupal, providing a workflow for content to be drafted, reviewed, and approved by different types of users. Workspaces takes this to the next level, allowing entire sections of content to be staged before publishing.

More Under the Hood

Besides new modules, there have been other improvements made to Drupal under the hood. There have been updates to the experimental Layout Builder module. It is now possible to create blocks via the layout builder interface, which will not show up in the global list of blocks. The process of porting tests from Simpletest to PHPUnit is almost done. Nightwatch.js was added to allow for automated javascript testing.

What’s next?

There are lots of new features planned for Drupal 8.7 including support for JSON API in core, potentially a refresh of the default Drupal admin theme (Seven) and work on features like automatic upgrades. Looking forward to seeing what’s next with Drupal in that release, which will come out early next year. Watch the latest DriesNote here, from Drupal Europe for an overview of the Drupal roadmap and new development in the works.

You can get more information from the blog post on drupal.org and the Drupal 8.6 press release.

Let us know in the comments what’s your favourite part of Drupal 8.6!

+ more awesome articles by Evolving Web

OPTASY: Automatic Updates in Drupal Core? Top Benefits and Main Concerns With Drupal Updating Itself

Main Drupal Feed - Fri, 09/28/2018 - 15:21
Automatic Updates in Drupal Core? Top Benefits and Main Concerns With Drupal Updating Itself radu.simileanu Fri, 09/28/2018 - 15:21

Just imagine... automatic updates in Drupal core.

Such a feature would put an end to all those never-ending debates and ongoing discussions taking place in the Drupal community about the expectations and concerns with implementing such an auto-update system.

Moreover, it would be a much-awaited upgrade for all those users who've been looking for (not to say “longing for) ways to automate Drupal core and modules for... years now. Who've been legitimately asking themselves:

“Why doesn't Drupal offer an auto-update feature like WordPress?”

And how did we get this far? From idea to a steady-growing initiative?
 

hussainweb.me: How to get the current node in a block plugin in Drupal 8

Main Drupal Feed - Fri, 09/28/2018 - 07:27

I was trying to build a block plugin in Drupal 8 recently. The requirement was straight-forward. I would show these blocks on node pages of a certain type. Depending on the values in that node, the block content changes.

The requirements are straight-forward but there are a lot of things to consider in this scenario. [...]

Pages