Recently recognized as Google Cloud Platform partners, Achieve are adding additional services, products, and capabilities in light of this new partnership. We sat down with our CTO, Nick Falcone, to go over some specifics on this partnership and what it means for Achieve and our capabilities moving forward.When did we decide becoming a GCP partner was a necessity for Achieve moving forward?
With Achieve being Apigee System Integrations Partner for the past 3 years and Google acquiring Apigee, we realized it was only a matter of time before Apigee would rolled up into the larger GCP Partner Program and ecosystem.
Dries Buytaert recently published a great post on how to prepare for Drupal 9. He explains how we build Drupal 9 in Drupal 8 using deprecations and the tools to use to detect use of deprecated code. One of the tools I worked heavily on with Zoltán Herczog in the past few weeks is Upgrade Status, and Zoltán just released the alpha2 version. It is definitely worth a try!
Here is how it works:
Learning how to manage communication and support within the Webform issue queue is something that makes me very proud. I also want to keep improving everyone’s experience within the Webform issue queue. A while back, I started welcoming new contributors and saying thank you. Frequently, I have to direct general support questions to Drupal Answers. Occasionally, I have had to remind people to be mindful of their tone. I am continually seeking ways to improve my process and communication within the Webform module's issue queue.
At Drupalcon Seattle, I took part in a discussion about strategies for effective and inclusive group communication where I was introduced to the "nudge theory".
Besides nudging people towards the desired outcome, which is a healthy and sustainable Open Source collaboration, clearly defining these nudges will also make it easier for everyone to improve the overall support and community within the Webform module's issue queue.
Types of nudges
There are three types of nudges within most issue queues - they can be categorized as:
Welcome and thank you
Values and principles
Guidance and directions
Welcome and thank you
Saying a proper welcome and thank you helps set the overall tone of our collaboration. The act of saying "welcome" to a new contributor establishes that we are an inclusive community where everyone is welcome to join. Saying 'Hi' (aka nudges) to new users also reminds other members of the community to be understanding and supportive of someone entering a new community.
Following up someone's contribution with a thank you comment or even handshake (aka nudges), acknowledges and values their hard work and encourages them to keep...Read More
Drupal has been the choice of the world’s multiple large and top-notch organisations, across various fields. The royal family of the UK, the Greenpeace Greenwire, Oxford University, Warner Music Group, Tesla, Red Cross, and now the Australian Government - everyone is using Drupal. Security and the scope of customisation are two of the major reasons behind the selection of Drupal over other CMS platforms. In fact, the govCMS was also formed using Drupal to resolve the multiple issues faced by Government agencies viz. Security, cost, extraordinaire functionalities, flexibility, smooth process of procurement, et al.
As a dedicated Drupal-er for more than 6 years, AddWeb has worked on multiple enterprises and large-sized Drupal projects. And hence, we are cognizant of all the strengths that Drupal contains. This is exactly why we confirm with the Australian Government’s decision of choosing Drupal for creating govCMS.
There are multiple reasons that make govCMS an apt choice for Government organisations. govCMS is well-equipped to meet all the requirements of the Government organisation, along with following their guidelines of the web world.
Advantages of govCMS:
The Australian Government created the govCMS distribution by combining Drupal Core and a specific set of Drupal modules. So that uniformity is maintained across all the Australian Government’s websites and it the creation of the same also becomes easy. Let us how else does this, govCMS distribution proves to be advantageous:
Individual web hosting and creation of the sites demand time and money. The higher the security and quality of these sites, the higher the costing. govCMS saves on both of these factors and simplifies the entire process by choosing a single provider and hosting platform on Acquia Cloud Site Factory PaaS Service. In fact, whenever there’s an increase in resource usage, one can always upgrade the platform, which is eventually beneficial to all the other govCMS sites also.
Government Standards Compliance
The entire govCMS is created in a way that it perfectly complies with the standards of the Federal Government. Hence, this makes the further process quite smooth and sorted. Security being one of the major concerns while creating a website for such Government organisations. And hence, govCMS has complied with their guideline by completing the program process of Information Security Registered Accessors. Plus, every issue that is found and rectified in govCMS will also automatically be implemented to other govCMS sites too.
Drupal is one of the largest open-source platform available today and hence it has a large team of 600 expert community members, who work on making govCMS a consistently growing and highly efficient product. This is taken care by Acquia, which also provides 24x7 assistance for govCMS at application and hardware level.
One constantly needs to confirm that there are no issues with the govCMS sites, for which a continuous process of testing, bug-fixing and other such process is required to be followed. This is very well taken care of, when it comes to govCMS and hence the security of this platform is kept intact. In fact, an automated testing process has also been set across the entire network by using Behat.
In today’s day and age, a website that is not responsive is outdated. Fortunately, govCMS has been created with a base-theme that is responsive by default. This provides the developers in quick-creation of custom themes. This also helps in the creation of a standard look and feel of the Australian Government’s website, which converts into a user-friendly experience.
Every single Government website needs to be in compliance with the Web Content Accessibility Guideline (WCAG) AA 2.0. And hence, WCAG AA 2.0 has been at the base of creating the base-theme and hence it’s in complete compliance with the Government standards. This also helps in elevating the user-friendliness of the website. govCMS also provides a list of the accessible elements either via the content pages or the WYSIWYG editor.
Backups are a very critical and significant part of any website. So when it is a Government website, the stakes are even higher. The creation of govCMS is done in complete compliance with the National Archives of Australia Standards. This includes about 7 years of data retention on backups, which is a highly beneficial factor that works in the favour of these govCMS-based Australian Government’s websites.
govCMS is a pool of perfection when it comes to a platform meant for Government - highly secure, affordable and effective! AddWeb is glad to have worked on the creation of the govCMS website with all our expertise and experience over Drupal. We’ll be delighted to share more about it in our future blogs. If there’s anything specific in your mind that you wish to learn about govCMS then feel free to write to us in here. Also, we’re looking forward to creating and contributing more towards govCMS projects.
In this short article I will show you something that amazed me when I discovered it. You’ll maybe say: boh, I already knew this from way back or really, that amazed you? But nonetheless, I found it cool because it really fit my needs. And like many many other things, I had no clue about this.
We all know how we can easily ajaxify our forms for quite a lot of uses cases. I talk about some of them in this Sitepoint article for example. But the other day I had a few entity autocomplete elements that needed to trigger an Ajax callback using the regular form API when the user made a selection. So I started with the regular “change” event like you normally have on other elements such as select. And it did the job…but not really. I mean, the user would look for the entity, select it, get the box filled, but no Ajax request. Only after the focus left the input would the callback kick in. This can work, maybe, but you are relying on the user’s intuition to unfocus from that form element. And that’s a nono.
Then I realised that the entity autocomplete element uses the jQuery UI autocomplete widget for finding entities. And this widget fires some events of its own. Enter autocompleteclose. This event is fired when the user has made the selection, the autocomplete closed, the selection was made and the element populated. Exactly what I needed and I guess many people need. So my form element #ajax definition now looks like this:'#ajax' => [ 'callback' => '::ajaxRebuild', 'event' => 'autocompleteclose', 'wrapper' => 'form-container', ],
And this did the trick royally. The user would find the entity, click on it, the event would fire and my form rebuild with all the values available. Super.
Some hours of totally unrelated development later, I tried clearing the value of the element once selected. Oops, nothing would happen. But it should, at least in my case. The Ajax callback should be triggered to update stuff based on the (un)selected value. Hm…the change event would do that. Now what?!
Turns out you can use multiple events in one single Ajax definition. So I could use both of them which would trigger the same Ajax callback. Another freebie. So with the new element definition like this:'#ajax' => [ 'callback' => '::ajaxRebuild', 'event' => 'autocompleteclose change', 'wrapper' => 'form-container', ],
Everything was peachy. Working seamlessly as the user would select something or erase the selection.
I hope this helps you as well, discovering it maybe a bit faster than it took me. Because you have it right here! :)
One of the most significant terms used on this planet is ‘Security’. You get to read about nutrition security in reports like the UN’s State of Food Security and Nutrition in the World in 2017 that laid out pointers to bring in nutrition policy reform. Or, you get to hear about cybersecurity which needs to be integrated into every aspect of policy and planning in this age of digitisation. Often, you also get to see the emphasis being put on national security, an integral part of every country, and surveillance becomes important to ensure the safety of citizens.
Security also plays a key role in the web development arena. Website security is one of the most significant aspects that every business considers to thrive on and dominate the internet space. Vulnerabilities in your sites can give hackers the upper hand in finding a key to the safety vault. Drupal 8 stands out as the most secure Content Management System (CMS) which comes bundled with a plenitude of advantages over other leading content management frameworks.
With a proven track record of being the most secure CMS, Drupal has been performing much better than its competitors in the CMS market. It has stood resilient to critical internet vulnerabilities. Thanks to Drupal Security Team for actively validating and responding to security issues.
Drupal Security Team is a force to reckon with when it comes to finding out anomalies and fixing them. The goals of the Security Team are to resolve reported issues in a Security Advisory. They provide help for contributed module maintainers. They document these identifications and modifications to make sure that developers don’t find themselves tied in knots. They assist the infrastructure team to keep the Drupal.org infrastructure secure.
Moreover, you can allow safe access to your Drupal site as it has the in-built support for salting and repeatedly hashing account passwords when they are stored in the database. It also enforces strong password policies. Furthermore, it offers essential security modules, industry-standard authentication practices, session limits and single sign-on systems. And, by providing granular user access control, Drupal gives administrators full authority over who gets to see and who gets to modify different parts of a site.
Database encryption can be done efficaciously with the help of Drupal. It is configurable to encrypt your complete website or just a part of it like content types, nodes, and taxonomy terms.
Further, Drupal’s Form API assists in validating data in order to avoid XSS, CSRF and other malicious data entry. It also limits the number of times login attempts are made from a single IP address over a predefined period of time which enables you to brute-force password attacks.
Drupal limits the number of times login attempts are made from a single IP address over a predefined time period. This helps in preventing brute-force password attacks.
The multi-layered cache architecture helps in minimising Denial of Service (DoS) attacks and makes it the most preferred CMS for some of the world’s highest traffic websites; thus proving its immense scalability.
As a not-for-profit charitable organization, OWASP (Open Web Application Security Project) focuses on improving the security of software. Drupal conforms to the OWASP standards and its community is committed towards prevention of safety hazards.
Major Technical Improvements Drupal 8 has closed down many glitches and bugs reported in Drupal 7.
Ever since Drupal 8 came into the scene, it has emerged as the most technically improved CMS in terms of security. Some of the most important modifications that have taken shape in Drupal 8:
Removing the PHP input format in the core is probably the most important advancement which has removed code execution vulnerability. That means administrator login does not have to be executed with arbitrary PHP code or shell commands anymore.
Twig templates, which is used for HTML generation, is considered one of the most important improvements. This has resulted in better validation of 3rd party themes.
Twig auto-escaping has also prevented most frequently found Cross-site scripting (XSS) vulnerabilities in the custom site themes and custom and contributed modules.
Tracking configuration in code has been streamlined with an auditable history of changes through Configuration Management Initiative. Also, it helps in avoiding mistakes that creep in during manual configuration. Configuration changes in the production server can be completely blocked.
Use of filtered HTML format for content entry has prevented the execution of XSS attacks on other site users.
User session and session ID management has also been fortified in Drupal 8.
Statistically, Drupal performs much better than leading CMS platforms for preventing safety hazards.
Sucuri, security platform for websites, compiled the ‘Hacked Website report’. It analyzed more than 34,000 infected websites. Among the statistics that it shared, one of the parameters was to compare the affected open-source CMS applications.
Wordpress, Joomla, and Magento suffered the most. The infection crept in due to improper deployment, configuration, and the maintenance.Source: Sucuri
The infection rate of major content management frameworks had a varied change. While Wordpress had a significant increase from 74 percent in 2016 Q3 to 84 percent in 2017, Magento had a slight rise from 6 percent in 2016 Q3 to 6.5 percent in 2017.
Joomla had a considerable drop from 17 percent in 2016 Q3 to 13.1 percent in 2017. Drupal bettered its rate from 2 percent in 2016 Q3 to 1.6 percent in 2017.Source: Sucuri
MDPI, which pioneers in open access publishing, prepared a report called ‘A Comparative Study of Web Content Management Systems’. They used Acunetix software for auditing the website. They compared Drupal and Joomla in terms of most commonly occurring vulnerabilities - SQL injection and XSS. Drupal came out as the clear winner.
Moreover, in the Cloud Security Report by Alert Logic, Drupal was reported for the least number of web application attacks.Source: Alert LogicSummary
Website security is the most important constraint to survive without any existential threats. Drupal has been the frontrunner when it comes to choosing the security focussed CMS.
Being an open source platform and Drupal Security Team’s efforts in providing essential features and timely updates in Drupal 8 has helped in making it the most reliable and secure CMS.
The transition from Drupal 7 to Drupal 8 has seen a tremendous advancement in blocking the vulnerabilities.
Statistically proven, Drupal is the best CMS in terms of security among the major CMS platforms.
Contact us at email@example.com to get the best out of Drupal 8 and its security features.blog banner blog image Security Modules Security Drupal 8 Secure CMS drupal security CMS Security Blog Type Articles Is it a good read ? On
From Donald Trump's consistent accusations to lack of ad revenue caused by the shift in media consumption behaviors, the digital disruption that hit the media industry left the majority of media outlets considering their next steps knowing that being left behind in the digital age meant the end for them.
Focus shifted from simply reporting the news to delivering the most engaging and comprehensive digital experience possible for their readers.
News and media platforms need to remain vigilant and embrace the tech trends that impact content publishing in the near future. Here are the trends that are expected to impact the digital news and journalism industry:
1. Contextual Experiences
We are more likely to be doing more than one thing at the same time and news media outlets should have that in mind when considering how to develop their UX.
For example, you are taking a run on the gym treadmill and a relevant news article was just published; would you interrupt your routine to read a long-form article? The most likely answer is no. The desire to read the article would fade as the minutes' pass.
Wouldn’t it be great if we could listen to published news articles as we run, work out, cook or even drive? That is now possible thanks to progress made in Natural Language Generation (NLG) technology.
Natural language generation (NLG) is a software process that automatically transforms data into written narrative whilst keeping in mind SEO related factors such as keywords and users reading proficiency levels which makes it a powerful tool for news media outlets who seek to create contextual experiences for their readers.
"By 2020, natural language generation and artificial intelligence will be a standard feature of 90% of modern BI and analytics platforms." - Gartner
According to the Future Today Institute; various major news media outlets have been utilizing Automated Insights; which mines data for them and is capable of writing more than 2,000 stories per second using natural language generation to produce stories.
As voice search is increasingly becoming the norm, users will begin to ask for general content with specific conditions:
- “Alexa, I am running late, please give me the headlines only.”
- “Siri, please provide me with news articles that are less than 2 minutes long.”
Users are always looking for the most convenient and personalized experience; the news media platform that delivers contextual experiences are sure to gain a lead over their competition.
Such a digital experience could grow an audience possibly become a subscription service in the near future.
2. Fact Checking – In Real Time
Promoted by a president, championed by biased political views and powered by algorithms; ‘fake news’ is a trend that has become an unfortunate reality.
What is real and what isn’t?
People have either become proudly misinformed in the bubble they live in, or fatigued to the point of apathy towards real journalism. This phenomenon is arguably the biggest immediate threat to the profession and what’s worse is that generating ‘fake news’ has become easier than ever.
Enhanced algorithms for voice, video, and sound are being generated. Researchers at MIT CSAIL have been studying how children learn new words in order to train computers how to recognize speech. Computers are also being trained to watch videos and predict corresponding sounds in the real world.
Whilst this progress will enable AI to provide richer and better user experiences, there have been examples of malpractice too.
In 2017, researchers at the University of Washington developed a model that convincingly showed President Barack Obama giving a speech—that he never actually gave in real life.
Algorithms provide you with news based on your likes, online behavior, and interactions. While this does enable news platforms to generate more traffic, but at what cost?
Most journalism is simply about reporting the news and bots have done that efficiently so far.
Bots have proven to be effective when it comes to receiving instant alerts regarding trade warnings, natural disasters and etc. Bots will continue to be refined and improved to automate news related tasks freeing up time to allow reporters to devote time to more important tasks.
The major risk associated with bots is that they are only as reliable as the people who build them. People or groups with nefarious interests can use bots to distribute false information.
- Ensure that your bot clearly explains its purpose and specific functions are.
- Your bot must be able to showcase from where the answers it provides are coming from without any bias towards an idea or people.
- The bot must represent your news and media platform’s values. What happens if your bot interacts with another bot or person whose values counter those of your organization?
Bots will continue to play a key role in journalism and other fields heavily reliant on content publishing as they utilize a combination of bots and AI to create new content.
With elections taking place around the world, misinformation bots will continue to play a big role on Facebook, Twitter, and Instagram. You can expect to see more tech-based solutions being proposed to address the issue; your news platform must follow suit to ensure the credibility of your journalism.
4. Digital Frailty
Digital frailty refers to the loss of digital assets such as published content and articles. Typically, a news agency would lose it's content when attempting to upgrade their website.
In reality, this issue is easily avoided and usually caused due to poor IT practices and vendor selection.
A simple way to protect your archives and preserve digital assets is to build your platform using a CMS that is flexible, structured and features a revision process.
Varbase - Drupal Distribution Revision Comparison - Source: Drupal.org
Drupal is a great CMS for digital news and media businesses as it delivers on the aforementioned and more.
Mergers and acquisitions are another reason why specific content goes missing. This is increasingly alarming as the number of media outlet owners are becoming more and more involved in politics.
News outlets sometimes are forced to delete content that is not aligned with the new ownership’s politics. A recent example of this scenario that made headlines around the world is when the Trump administration deleted all climate change related content from government websites in favor of the new administration’s agenda.
These tech trends and disruptions are but a mere sample of what impacts the digital news media industry. They present challenges but also tons of opportunities to create an engaging digital media experience for readers.
From global media titans to independent content publishing platforms; Vardot specializes in developing personalized digital experiences for the news and media industry.
Michael Hess, (mlhess), Senior Technologist and Adjunct Lecturer at University of Michigan and member of Drupal's Security Working Group joins Mike Anello to talk about recent Drupal core security updates, security release processes, Drupal 7's future end-of-life, and the new Drupal Steward program.Interview
- February 20 Drupal core security advisory (8.6.10)
- Announcing a Drupal security bug bounty program paying up to €15.000
- Drupal 8 automatic updates initiative
- DrupalCon Seattle session on automatic updates
- Drupal 7 end of life - November, 2021
- Interested in your organization becoming an Drupal extended support provider? Email firstname.lastname@example.org or go to PSA-2019-02-25.
- Interested in joining the Drupal security team? Visit security.drupal.org/join
- Introducing Drupal Steward.
- Drupal Career Online - the 12-week (3 half-days/week) best-practice focused training program begins August 26, 2019. Learn more at one of our free Taste of Drupal webinars in June, July, and August.
- Professional local development with DDEV - 2-hour, hands-on, online workshop held monthly (May 8, June 12).
- Local Web Development with DDEV Explained - new book from Mike!
- DrupalCamp Chattanooga - June 7 and 8, 2019.
- DrupalCamp Asheville - July 12-14, 2019.
- Midwest Drupal Summit - August 8-11, 2019 - Michael is the primary organizer - for more info, go to #mwds in the Drupal Slack workspace.
- MyDropWizard.com - Long-term-support services for Drupal 6, 7, and 8 sites.
- WebEnabled.com - devPanel.
If you'd like to leave us a voicemail, call 321-396-2340. Please keep in mind that we might play your voicemail during one of our future podcasts. Feel free to call in with suggestions, rants, questions, or corrections. If you'd rather just send us an email, please use our contact page.
Results for other frameworks are not yet available to the public but npm Inc. plans to share more details in future articles.
Another trend is the rising popularity of GraphQL. While its adoption is still relatively low, with only 7% of respondents indicating that they use it frequently, 23% of developers use it for some of their projects. The results showed that 72% of npm users are using or considering using GraphQL in 2019.
npm Inc. will be sending out follow-up surveys to specific groups of respondents who volunteered to answer additional questions. The company plans to publish more data from the questions about tooling choices, technical preferences, and attitudes towards various professional practices.
WordPress 5.2 was originally scheduled to be released on April 30, but has now been pushed back to May 7, due to the number of open tickets last week (43). There is now only one ticket remaining on the 5.2 milestone for completion of the About page and WordPress 5.2 RC 1 is ready for testing.
The upcoming release will bring major improvements to the block editor (everything released in the Gutenberg plugin prior to version 5.4). This includes the new block management capabilities and several new blocks that were ported from core widgets.
WordPress 5.2 will introduce a new admin interface for Site Health under the Tools menu. It runs tests that deliver results categorized as critical, recommended, or good, along with action items for users to improve their settings. The Information tab was added for basic debugging and provides information about the website and server setup.
A new feature called “fatal error recovery mode” is also included in this release. It pauses themes or plugins that are causing a fatal error and puts the site into recovery mode so the user can still access the admin to troubleshoot the issue. Users should experience fewer “white screen of death” situations with this new feature in place.
Check out the 5.2 field guide for a detailed breakdown of everything that’s coming in the upcoming release. If you want to get a sneak peak and help test the release candidate, the easiest way is to install the Beta Tester plugin and select the “bleeding edge nightlies” option.
April's been unexpectedly generous with us. It has spoiled us with plenty of high-quality content on Drupal. From “enlightening” tutorials to articles raising awareness of certain limitations, to useful tips and actionable advice, to blog posts announcing life-saving module releases... reading our way through the pile of Drupal blog posts this month has been a true dare.
Then, trimming down our bulky list to just 5 posts has been an even bigger challenge...
Nevertheless, we did manage to make our selection. Here's what we kept:
What with a constantly shifting digital environment and an ever-increasing need for developers, it's become common practice for businesses to rely on remote staffing. In this post, we'll dive into the main benefits of deciding for this kind of outsourcing strategy.READ MORE
The Apache Software Foundation (ASF), a non-profit corporation of decentralized volunteers from the open source developer community, has officially approved the NetBeans IDE as a Top-Level project. NetBeans joins more than 350 other open source projects and initiatives managed by the foundation after spending two years in the Apache Incubator.
NetBeans started as a student project in 1996 in what was formerly known as Czechoslovakia. It was the first Java IDE written in Java but it soon became more than just an IDE platform, as the community began using it to create applications that weren’t development tools. In 2000, Sun Microsystems acquired NetBeans and open sourced it, making it Sun’s first sponsored open source project. It became part of Oracle when it acquired Sun Microsystems in 2010 and the company continues to sponsor the project. NetBeans is now used by more than 1.5 million users each month.
Now that Apache NetBeans is governed by the ASF, it will be more likely to receive contributions than when it belonged to a commercial entity. However, contributors from Oracle and other organizations will continue to be part of shaping its future. Coming under the ASF umbrella is also bringing some welcome developments for the project’s governance, according to Apache NetBeans Vice President Geertjan Wielenga:
Being part of the ASF means that NetBeans is now not only free and Open Source software: it is also, uniquely, and for the first time, part of a foundation specifically focused on enabling open governance. Every contributor to the project now has equal say over the roadmap and direction of NetBeans. That is a new and historic step and the community has been ready for this for a very long time. Thanks to the strong stewardship of NetBeans in Sun Microsystems and Oracle, Apache NetBeans is now ready for the next phase in its development and we welcome everyone to participate as equals as we move forward.
Oracle’s decision to submit NetBeans to the ASF Incubator came as a surprise to many in 2016. At that time, OSI President Simon Phipps shared his thoughts about the benefits he saw for the project moving to open governance under the ASF:
By moving to independent governance and losing the Oracle CLA, others can join in with confidence their contribution won’t be used against them. More importantly, contributors also no longer need fear the transient decisions of cost-cutting Oracle VPs impacting the long-term viability of the project. Oracle’s Java team still needs NetBeans in order to make tools releases supporting new capabilities in Java 9 and later, so are likely to engage. Rather than withdrawal, this looks more like leveraging the ecosystem around NetBeans to sustain development while keeping Oracle’s costs in line with the direct benefit NetBeans delivers to them.
According to the proposal submitted to the ASF for NetBeans’ acceptance into the Incubator, the majority of code contributions have come from Oracle since it acquired Sun Microsystems. In addressing some of the known risks Oracle faces in contributing NetBeans to the ASF, the proposal states that “the size and diversity of the community is a guarantee against the project being orphaned.”
NetBean’s proposal said the purpose of moving NetBeans to Apache is to “expand the diversity of contributors and to increase the level of meritocracy.” The project already has a good foundation to build on, as its application framework is used by large companies and organizations, including Boeing, Airbus Defense and Space, NASA, and NATO, that depend on NetBeans for building mission critical scientific software. This new era of open governance should give the community a stronger sense of ownership and stimulate greater levels of contribution across the project.
The first release candidate for WordPress 5.2 is now available!
This is an important milestone as we progress toward the WordPress 5.2 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.2 is scheduled to be released on Tuesday, May 7, but we need your help to get there—if you haven’t tried 5.2 yet, now is the time!
There are two ways to test the WordPress 5.2 release candidate: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding edge nightlies” option), or you can download the release candidate here (zip).What’s in WordPress 5.2?
Continuing with the theme from the last release, WordPress 5.2 gives you even more robust tools for identifying and fixing configuration issues and fatal errors. Whether you are a developer helping clients or you manage your site solo, these tools can help get you the right information when you need it.
The Site Health Check and PHP Error Protection tools have brand new features, giving you peace of mind if you discover any issues with plugins or themes on your site. There are also updates to the icons available in your dashboard, fresh accessibility considerations for anyone using assistive technologies and more.Plugin and Theme Developers
Please test your plugins and themes against WordPress 5.2 and update the Tested up to version in the readme to 5.2. If you find compatibility problems, please be sure to post to the support forums so we can figure those out before the final release.
The WordPress 5.2 Field Guide has also been published, which goes into the details of the major changes.How to Help
Do you speak a language other than English? Help us translate WordPress into more than 100 languages! This release also marks the hard string freeze point of the 5.2 release schedule.
If you think you’ve found a bug, you can post to the Alpha/Beta area in the support forums. We’d love to hear from you! If you’re comfortable writing a reproducible bug report, file one on WordPress Trac, where you can also find a list of known bugs.
Howdy, RC 1!
With tools this interesting,
I can hardly wait.
Earlier this month at DrupalCon Seattle, the Drupal Community Working Group (CWG) announced plans to begin the process of reviewing the Drupal Code of Conduct. The Drupal Code of Conduct, which is maintained and upheld by the CWG, governs interactions between community members. It is distinct from the DrupalCon Code of Conduct, which governs interactions at DrupalCon and other in-person events and is maintained and enforced by Drupal Association staff.
The current Drupal Code of Conduct was adopted in 2010 and last revised in 2014. Over the last two years, the CWG has received consistent feedback from the community that the Drupal Code of Conduct should be updated so that it is clearer and more actionable:
63% of respondents to a community governance survey held in July 2017 said that updating our codes of conduct should be prioritized as part of the process of overhauling community governance.
Improving the community code of conduct so that it is clearer and more actionable was also one of the key takeaways of the community governance discussions that occurred in the fall of 2017.
Over the last year, the CWG has been working on implementing changes to its charter to make the group more accountable to the community-at-large and provide a sustainable foundation for future growth. Now that those changes are complete, the CWG is now able to shift focus to the process of reviewing and improving the Drupal Code of Conduct.
To that end, we have set up a survey at https://forms.gle/rhKHorXXnp3wPQn2A for community members to share their thoughts, both about the current Code of Conduct and the next steps in the process. The results of this survey will help the CWG determine how, when, and who is involved in reviewing and updating the Code of Conduct.
We will be accepting responses through May 31, 2019, and we encourage as many community members to participate as possible.
Every year, the Drupal community gathers in a new city for the annual DrupalCon show. More expansive than regional camps, DrupalCon gives attendees from all around the world the chance to collaborate and learn from each other face-to-face.
The expansive audience of the convention makes it an ideal venue for Drupal creator Dries Buytaert to address the community. In his “Driesnote,” Dries usually focuses on highlights from the past year and upcoming developments for the platform. As such, the upcoming Drupal 8.7 update got a lot of spotlight, as did the efforts of star contributors working to make Drupal so robust. And with Drupal 9 coming in the not-so-distant future, Dries’ address this year demonstrated the advances being made at the cutting edge of Drupal.
While Dries focused on the present and future benefits of Drupal 8, he didn’t neglect users still on Drupal 7. First launched in 2011, Drupal 7 remains the most widely deployed version of the platform, even though Drupal 8 was released in 2015. The reasons for the relatively slow adoption of Drupal 8 are numerous, ranging from incompatible modules to the standard costs of a redesign. Dries understands that, and in this year’s Driesnote, offered words of support to those who have not made the change.
“There’s no need to panic,” Dries said. Indeed, he said that Drupal 7 will continue to be officially supported for over two-and-a-half years, until November 2021. At that point, Drupal 7 will reach its end of life.
What happens in November 2021, you might ask? We’ve covered the upcoming Drupal release pipeline in an earlier blog post, but the major driving force behind this date is Symfony 3. A major dependency for Drupal 7 and 8, when Symfony 3 is sunset in November 2021, it will expose sites running on D7 and D8 to security threats. Because Symfony 3 is also a major dependency for Drupal 8, most Drupal users will need to upgrade to Drupal 9 before November 2021.
As Dries said, though, there’s no need to panic if you’re on Drupal 7. This end-of-life date is still over two years away, giving you plenty of time to consider your options and decide how to move forward. In the meantime, Drupal 7 will continue to be supported by both the open-source community and agencies like Duo.
If you’re running Drupal 7 and want to get a head-start, there are a few options. Upgrading to Drupal 8 is the most logical route, as it the direct successor to D7. The Driesnote also noted that more and more modules that D7 users are accustomed to using are now functional in D8, which will make the transition smoother. The big draw of this path, however, is the ease with which you’ll be able to upgrade to Drupal 9. Drupal 8 is built on the same codebase as D9, which means that an upgrade between those two systems will not require a major design or development overhaul.
Another option for D7 users is to bypass D8 altogether. Jumping from Drupal 7 to Drupal 9 would be more akin to a traditional redesign, both in terms of the work involved and the cost. That being said, even though moving from D8 to D9 will be relatively easy, it will still require some effort. Going from D7 to D9 streamlines the process, requiring only one comprehensive upgrade.
Whichever path you take, rest assured that there is time. Dries acknowledges that there are still many users who enjoy the benefits of Drupal 7, and this year’s Driesnote signifies that this crowd hasn’t been forgotten. While ever Drupal 7 site will eventually need an upgrade, users can rest easy knowing that they have plenty of time.
When the time comes to make a decision about upgrading, Duo can help you chart your journey ahead. Whether you want to stay on Drupal 7 or can’t wait for Drupal 9, we’re committed to delivering the best possible version of your site.
BuddyPress 4.3.0 is now available. This is a security and maintenance release. All BuddyPress installations are strongly encouraged to upgrade as soon as possible.
The 4.3.0 release addresses nine security issues:
- A privilege escalation vulnerability was fixed that could allow users to “favorite” activity items to which they do not have read access. Discovered by Yuvraj Dighe.
- A privilege escalation vulnerability was fixed that could allow users to join non-public groups while using the Nouveau template pack. Discovered and reported independently by Yuvraj Dighe and Nam.Dinh.
- A privilege escalation vulnerability was fixed that could allow users to reply to activity items to which they do not have read access. Discovered by Yuvraj Dighe.
- A privilege escalation vulnerability was fixed that could allow users to view private message threads to which they do not have access while using the Nouveau template pack. Discovered by Yuvraj Dighe.
- An XSS vulnerability was fixed in the save routine for group names. Discovered by wxy7174.
- An XSS vulnerability was fixed in the content of activity items. Discovered by Yonatan Offek.
- A privilege escalation vulnerability was fixed that could allow unauthorized users to update certain group settings. Discovered by wxy7174.
- A privilege escalation vulnerability was fixed that could allow unauthorized users to view pending group invites. Discovered by Yuvraj Dighe.
- A privilege escalation vulnerability was fixed that could allow unauthorized users to delete pending group invitations. Discovered by Yuvraj Dighe.
These vulnerabilities were reported privately to the BuddyPress team, in accordance with WordPress’s security policies. Our thanks to the reporters for practicing coordinated disclosure.
BuddyPress 4.3.0 also fixes 3 bugs. For complete details, visit the 4.3.0 changelog.
WordPress and Drupal, two of the most popular content management systems that are currently on the market. So, in case you're wondering what content management system to pick, keep in mind that both of them serve different needs. The decision that you are going to take is going to be based off your individual needs for your business or yourself. In this article, I am going to aim to make it easier for you to take a decision, by presenting information about both systems. With the help of this article, you should be able to take an informed decision when it comes to making a choice between WordPress and Drupal.Ease of Installation Left: WordPress's famed 5 minute installation. Right: Sooperthemes custom Drupal distribution with Glazed theme and Glazed Builder included.
WordPress is famed for the ease of their installation process. While they claim that the installation process takes only 5 minutes, you have to take this with a grain of salt. Sure, for somebody who is highly experienced in WordPress, an installation might take 5 minutes. However, for a total beginner this might take longer.
Drupal on the other hand is a little bit more tricky when it comes to the installation. There are more steps and clicks involved. The experience is very similar to installing WordPress, there is just more of it. Drupal has one advantage over WordPress: Distributions. Distributions are packages of features, design, and demo content that let you install a full functional turn-key website just by running the installer. At sooperthemes.com all our demo websites can be reproduced in your own environment in just about 10 minutes with our custom Drupal distributions.Functionality
WordPress is an easy and intuitive easy to use open source CMS. One of the reasons WordPress is simpler is that is has fewer features and options compared to Drupal, so there is a trade-off going on here! Although there are a number of extensions that can make up for what WordPress is lacking, the more complex a website becomes, the harder it is for WordPress to be able to manage the website properly.
Now, when it comes to functionality, Drupal is considered to be highly functional. It was designed from the beginning to be able to meet the users needs as well as software developers' needs. Through modules, Drupal is able to fulfill the many needs a user has for developing a website. On top of that, Drupal is able to handle complex websites in a without slowing down the user experience, thanks to its advanced caching layers. Functionality is one of the areas where Drupal is shining.
Here are some of the advanced built-in features inspires some to choose Drupal over WordPress:
- Custom content types and block types, equipped with menu different field types for your content
- Multilingual is both built-in and more advanced than in most other CMS
- The views module lets you create custom content listings, with support for fields, tables, portfolio grids, external data sources, and much more. It's a beast and a big part of why Drupal got popular to begin with.
- Fine-grained permissions for your custom user roles
- Advanced API's for batch processing, REST services, and many more advanced programming concepts
WordPress is well known for its ease of use. The dashboard and layout are intuitive and easy to use. This means that even a beginner can make good looking websites. However, it gets harder as the complexity of the website increases.
Compared to this, Drupal is not so beginner friendly. Since Drupal is the more complex CMS from the two, there are more tricks to be learned and discovered when working in it. Drupal has been criticized in the past as having a steep learning curve. Indeed, it is harder to master, however, it also is capable of handling more complexity and it is able to better cater and fulfill the needs of its users.
Fortunately, there are some options you have to make Drupal more pleasing to your content, communications, and marketing staff. For exampel you can simplify their toolbars and menus by limiting their permissions. Sooperthemes also provides a visual drag and drop editor: Glazed Builder provides an entirely new user experience, letting your users design and create pages and interactive content in the frontend, away from Drupal's forms and administrative tools.How secure are WordPress and Drupal?
Security is one of the most important things when running a website with important user information on it. In case of a security vulnerability of the CMS, a hacker can exploit said vulnerability and get the important user information off the website, such as usernames, passwords, emails, credit card information, etc. This is why security is so important for a content management system.
Since WordPress is the most used content management system to date, it is also bound to be the target many cyber attacks. When it comes to security, WordPress has three components, the core, plugins and themes. The core is always watched by cybersecurity experts who are continuously working identifying and patching vulnerabilities. The plugins and themes are reviewed and patched by the community members, which means that there is an increased chance to suffer a malicious attack by installing a certain plugin or theme that has an undiscovered vulnerability.
Drupal is recognized as the most secure content management system that is currently on the market. This is partly because the security team works on spotting vulnerabilities in the core of Drupal. On top of that, before a module is released to the general public, the code is usually examined for vulnerabilities. After being released to the general public for review, the contributors are then again checking the code for vulnerabilities that can be exploited by a hacker. This measures add up to an increased security compared to its competitors. This is why a lot of big names have trusted Drupal with the security of their websites. Examples are UNESCO, The US Senate, Fox News, Harvard University and many more.WordPress vs Drupal Costs
WordPress is free to install and use. You can have the option to use WordPress.com, offers both paid plans and a free plan that shows ads on your website. Since WordPress is open source, you can download the software for free if you intend to host it yourself. Hiring a developer to build your website will also have to be taken into account when talking about costs. Generally speaking, hiring a WordPress developer is cheaper than hiring a Drupal developer, simply because a Drupal developer is harder to come by.
Drupal is also free to use and install, because it is an open source software. For a beginner, it is harder to make full use of the features that the CMS has to offer, especially when building a professional website. Depending on the needs of the customer, the website being built might have different degrees of complexity. Some of the most demanding websites are ecommerce websites.Typical WordPress vs Drupal Pricing
Typical WordPress websites will be informational business websites, or simplistic community platforms based on popular themes and plugins, and would cost anywhere between 500,- USD, and 20,000 USD on the more complex and customized end of the spectrum. Most Drupal agencies aim to take on projects starting at 20,000 USD, and love to build the most complex online platforms, with contracts often running into the hundreds of thousands. These platforms could be so called "Site Factories" where a single platform will be responsible for spawning hundreds of websites, or it may be large content platforms for governmental bodies where hundreds of thousands of content items are managed.
That said, once you've mastered Drupal nothing stops you from making simplistic content websites with it. In fact, with the products and demo websites provided by Sooperthemes, it is very much possible to create a complete business websites within one day, and within a most humble budget.Conclusion
In conclusion, WordPress is a great CMS for beginners and people that are not demanding complexity from their CMS. When it comes to security, although WordPress has good security practices in place, it is the most widespread CMS, making it a great target for hackers.
Drupal on the other hand, while not as easy to pick up as WordPress, it compensated with the complexity that it can handle. So, for people or organisations that require big websites, Drupal is the way to go. Furthermore, Drupal is perfect for this group of people, simply because it offers a great security.
So before choosing the right CMS for you, you have to be aware of the needs that have to be met by the CMS. Only after that can you take a decision.