At Chromatic, when we are collaborating with our clients on a website or product, we typically work in an agile, iterative process. As part of that process, it is important for all stakeholders to be able to easily review and approve changes to a site as they are being made, but this can frequently be a pain point. There are often members of the team who are less technical, or may not have a development instance of the website, or an interest in checking out git branches. Frankly, even for users that are willing and able, this process is often an inefficient use of everyone’s time.
WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:
- Don't treat localhost as same host by default.
- Use safe redirects when redirecting the login page if SSL is forced.
- Make sure the version string is correctly escaped for use in generator tags.
Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team.
Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:
- The previous styles on caption shortcodes have been restored.
- Cropping on touch screen devices is now supported.
- A variety of strings such as error messages have been updated for better clarity.
- The position of an attachment placeholder during uploads has been fixed.
- Improved compatibility with PHP 7.2.
Download WordPress 4.9.5 or venture over to Dashboard → Updates and click "Update Now." Sites that support automatic background updates are already beginning to update automatically.
Thank you to everyone who contributed to WordPress 4.9.5:
1265578519, Aaron Jorbin, Adam Silverstein, Alain Schlesser, alexgso, Andrea Fercia, andrei0x309, antipole, Anwer AR, Birgir Erlendsson (birgire), Blair jersyer, Brooke., Chetan Prajapati, codegrau, conner_bw, David A. Kennedy, designsimply, Dion Hulse, Dominik Schilling (ocean90), ElectricFeet, ericmeyer, FPCSJames, Garrett Hyder, Gary Pendergast, Gennady Kovshenin, Henry Wright, Jb Audras, Jeffrey Paul, Jip Moors, Joe McGill, Joen Asmussen, John Blackbourn, johnpgreen, Junaid Ahmed, kristastevens, Konstantin Obenland, Laken Hafner, Lance Willett, leemon, Mel Choyce, Mike Schroder, mrmadhat, nandorsky, Nidhi Jain, Pascal Birchler, qcmiao, Rachel Baker, Rachel Peter, RavanH, Samuel Wood (Otto), Sebastien SERRE, Sergey Biryukov, Shital Marakana, Stephen Edgar, Tammie Lister, Thomas Vitale, Will Kwon, and Yahil Madakiya.
When you provide a module-defined menu link in Drupal 8, there is some great documentation on how to add a menu link on Drupal.org. This gets into how to provide a menu link with YAML. In a lot of cases, you might want to nest this menu link under another item. This is especially the case if you were providing a menu link for something in the main menu of your site.
DrupalCon Nashville is right around the corner! Part of the week includes board meetings. Below is a summary of their activities and agendas. We hope you will join the public board meeting in person or virtually.Board Retreat
The Drupal Association Board of Directors will convene over the weekend from April 7-8, 2018 to hold discussions based on the Executive Director and committee chairs’ updates. The board will also discuss funding models to pursue that will increase investments that the Drupal Association can make to accelerate Drupal adoption. We are also going to review and discuss the principles and values that Dries Buytaert is creating for the community and will be sharing in his keynote.
Additionally, the board is hosting a two hour discussion on Drupal’s governance structure. To properly inform this discussion, the board invited representatives from groups that are part of Drupal governance as well as representatives of groups who are not currently part of governance. Together, we will explore what is working and ways to evolve Drupal governance that improve support for the Drupal project.Public Board Meeting
The Board of Directors will hold an open board meeting on Wednesday, April 11 from 11:45 - 1:00 pm CT in the Nashville Convention Center in Room 103A (lunch will be served!). We welcome you to attend in person or virtually.
The agenda will include an executive update as well as program updates from staff. There will be 10 minutes for the community to ask the board and staff questions.
While everyone has a busy week attending Drupalcon sessions and events (be sure to check out Mediacurrent’s afterparty) , if you find some extra time, Nashville has an eclectic mix of activities and places to go. Whether you're looking for great music in none-other than "Music City" or you're looking for a nice place to relax and grab a bite to eat, take advice from a Nashville and check out my list of Nashville's must-see spots. When you're ready to take a break from drupalin', check out these suggestions and engulf yourself in the Nashville culture.Music
Image source: Wikipedia
Whether you enjoy country music or prefer other genres, Nashville offers something for every taste. Some nights you might need to venture outside downtown for more rock and roll. If music is at the top of your Nashville bucket list, here are nine spots you won’t want to miss:
- Visit the Honky Tonks on Broadway. Remember these are talented musicians playing for tips, so if you enjoy their work help support them. The guitarist could end up being a member of The Cure.
- The Ryman Auditorium - The “Mother Church.” Open for tours during the daytime too.
- The Cannery/Mercy Lounge/High Watt - Walking distance from the Music City Center area.
- City Winery - This is the location for the Drupalcon Trivia Night too.
- Marathon Music Works - If you go early you might be able to visit American Pickers’ Antique Archaeology store too.
- World famous Station Inn is the place for bluegrass. Allman Brother Jack Pearson has a regular appearance for some blues.
- Jack White’s Third Man Records - There doesn’t seem to be any announced shows (yet) but the store is open to grab some records or other merch.
- TPAC is hosting a touring show of Wicked The Untold Story of the Witches of Oz.
- There are other venues close to the downtown area too such as Exit/In, The Basement East, and 3rd & Lindsley.
There has been a huge number of new restaurants opening but here are a couple of classics and a newish one:
- Rotier’s Restaurant, the original Cheeseburger in Paradise? A Nashville classic and award winner, just be sure to get the burger on French bread.
- Family style southern food at Monell's. Dinner and breakfast are served to the table and passed around like a family holiday.
- Hip Pinewood Social attracts visitors any time of day, breakfast and Crema coffee, co-working spot during the day, and bowling on antique lanes in the evening.
- Need Barbecue? Martin’s, Peg Leg Porker, Edleys, or G’z BBQ are all good choices.
- Restaurants of award winning chefs include Sean Brock's Husk from Charleston, Tandy Wilson's City House, and the Catbird Seat. This year's James Beard semifinalists include Henrietta Red, Bastion, Josephine, and longtime East Nashville restaurant Margot Café & Bar.
- Nashville Hot Chicken is very popular with heat level choices for anyone. But pay heed if they warn you when ordering.
Don't forget about the famous Nashville Hot Chicken. A few favorites among many great spots:
- Princes Hot Chicken Shack. The original.
- The Tenders Royale from Pepperfire is a nice introduction along with a couple of local drafts on tap, and blues music in the background.
- Tenn Sixteen Great East Nashville Five Points restaurant. The hot chicken comes in one heat level, kind of a "Nashville medium". That is, it's usually pretty hot, unlike other restaurants that don’t specialize in hot chicken.
- Fannie Mae's, which conveniently just opened up a new restaurant location near the convention center.
- Another list hot chicken can be found here!
Source: George Jones Museum (Also known as the home of the Mediacurrent Afterparty!)
Nashville is rich with history and musical history is at no shortage. Most of these museums are an easy walk or bus ride downtown:
- The Frist Center - This art deco building was originally the post office. The current exhibition is the exclusive North American venue of Rome: City and Empire from the British Museum.
- Country Music Hall of Fame and Museum - Across the street from the convention center, you can also check out Hatch Show Prints or tacos from Bajo Sexto.
- Musicians Hall of Fame and Museum - This museum “honors the talented musicians who actually played on the greatest recordings of all time.” Additionally The Rolling Stones first ever major exhibition, Exhibitionism, is making its last U.S stop, taking on Music City at the Musicians Hall Of Fame and Museum.
- Lane Motor Museum - An amazing variety of the largest European collection of cars in the U.S. located a few miles from the convention center.
- The downtown Cumberland River Greenway connects to Bicentennial mall - This route can be varied for any distance.
- Another popular area for walking and jogging is to cross the Shelby Street Pedestrian Bridge to Cumberland Park and Nissan stadium.
- Warner Parks - Large wooded parks on the western boundary of Nashville has hills with a view of the city.
- B Cycle has bikes for rent by the hour with many locations to pick up or leave a bicycle.
Family and Kids Activities
- Adventure Science Center is a fun hands-on museum that the kids will enjoy.
- Cumberland Park is just a short walk across the pedestrian bridge downtown and has playground features.
- There is a free bus downtown to the Gulch or Farmer's Market and Germantown that has stops around the convention center. Look for the Green Circuit. This would be a good way to get to the AAA Nashville Sounds Baseball game in the evening.
- A couple of hints on street pronunciations beyond just a southern accent might help too:
Demonbreun Street - Pronounced da-mun’-bree-un.
Lafayette Street - Pronounced luh-fay’-ett. ( I know, I know)
Hopefully everyone has a great experience in Nashville and comes back for a more leisurely visit.
Jillian includes a viewpoint about her area of medicine from others. She believes that there is a solid bond from the ‘connection of Obstetrician and Gynecologist with the lady is moderately different than another doctor’ and thinking about This can be psychological for her.
She has excellent operate knowledge. In her spare time, Jillian Stewart likes to play snooker and she or he received lots of trophies for her college for a captain of a basketball team. Biology was her favored matter given that her graduate school times and constantly wanted to function Within this field.Drupal version: Drupal 4.6.x
If you don't have access to the file system on the server for a Drupal site, when a security issue like Drupalgeddon2 comes along, you are entitled to panic! Many sites are run by a combination of teams, so sometimes you really don't have control over the server... but that might even mean there is another way to apply fixes. If you've been tasked with updating such a site (I was!), it's worth checking if the server has been misconfigured in such a way to actually allow you to patch Drupal, via Drupal!Read more
Drupalgeddon2 happened! We got all but two of our projects updated within an hour, with those remaining trickier two fully patched another hour later. The key was planning the right process using the right tools. We actually use these tools for regular deployments every day, but speed was essential for this security update.Read more
In part one of this post, I went over how Drupal Security Advisories, SSL/TLS certificates, and thorough user account security help lay the foundation for keeping your Drupal site secure. In part two, we’ll take a look at user roles and permissions, input filters and text formats, and third party libraries.User Roles and Permissions
To keep your site secure, always make sure that your user roles and permissions are configured properly. Depending on the modules installed and third party integrations, there could be additional permissions and/or roles to configure to ensure the site is still secure after installing a particular module. It’s important to read the full module README and/or module documentation to verify that all configuration options and permissions have been set up securely. In many cases, modules with very important security related permissions will either set them to a sane default configuration, or put up a notice on the modules page within the admin UI. Some will do both. Some will do neither, so that’s why you need to be aware.
For each module you enable, there can be optional or required permissions that need to be configured. This is one of the easiest things to overlook as a Drupal beginner, so keep an eye on which modules you’re enabling, and if you have permissions set for all your roles before launching the site.Read more
The ADCI Solutions team is ready to set off to DrupalCon Nashville. Meet us there! This time we bring up the topics of leadership and marketing of Drupal. We'd love to see you at the session and BoF! Let’s gather and chat!
Recently I read Why is Drupal now the second most-hated platform behind SharePoint? followed by the predictable Reddit discussion trashing Drupal. Every time I read someone's negative, yet reasonable, criticism of Drupal, I can't help but rephrase Winston Churchill's famous quote about democracy in the context of Drupal and Open Source.
Churchill's defense of democracy came at a time when the notion of democracy was under a direct threat. Drupal and Open Source are not imperil in the same way, but the lesson Drupal and Open Source can learn from history is that it is essential to recognize, respond, and adapt to potential threats. Ignoring problems is the worst thing anyone can do.
Introspection and discussion is a significant part of our process to improve and affect change within Drupal. I am looking forward to Owen Lansbury's DrupalCon Nashville presentation called Have We Reached Peak Drupal?. I have seen a preview of his presentation and it puts Drupal’s current state into perspective while also looking at its future. If you want to learn more about the discussion around "peak drupal" you should also check out Dave Hall's blog post, "Drupal, We Need To Talk."
While building and maintaining the Webform module for Drupal 8, I have thought a lot about the future of Drupal and the Webform module.
How do we increase Drupal's adoption?
I no longer feel adoption is a Drupal 8 specific issue but rather it’s a...Read More
The development of Drupal Commerce 2 has come a long ways. We've had an official release for a while now and many of the sub-modules and add-on modules are coming along nicely. However, with all of the focus being on development, it can be hard to find good documentation for Drupal developers and Technical Managers who want to know more about the underlying systems and design.Look no further!
A while ago we contact Steve Oliver and asked him to help us out. Steve has been developing Drupal for a long time (at the time of writing, his Drupal.org profile is 12 years, 3 months old). He's contributed to all aspects of Drupal, including Commerce, and is quite active in IRC and Slack, providing support. We asked him if he would be interested in providing us with one document that contained everything you might want to know about Drupal Commerce from a technical perspective. We're talking about the systems, design patterns, concepts, core modules, contrib modules, and more. Steve blew us away, coming back to us with a 22 page document that has it all. We've taken all of that wonderful information and put it on our site for everyone to enjoy. It's a great starting point or general refresher.
So without further delay, take a look for yourself. I bet you'll be happy that you did!
- Video: Introducing the Drupal Commerce Kickstart 2.x Installer
- Video: UH+ Axe: Enhanced Commerce Product Page, A Technical Walkthrough
- Blog: Quickbooks Enterprise Integration in Drupal Commerce 2
- Learn more about Acro Media
The Starter Kit includes three separate applications to demonstrate various Headless Drupal design patterns: a React application, a GraphQL application, and a Headless Lightning Drupal website. Each application was created to work in tandem with each other, but also as a collection of boilerplate tools for your personal applications.Tags: acquia drupal planet
Symphony is an open source PHP based web application framework. Symphony uses a set of reusable PHP components to build web applications from scratch. Symphony follows MVC architecture. A kernel is the heart of symphony (Its just a class) and symphony extends this class to in its built applications.
Sooper Drupal Themes: SooperThemes Drupal 8 Release Candidate 3. Patch update for Glazed and Glazed Builder Drupal 7.
Our latest update for Drupal 8 and 7 fixes a bug with Chrome browser's latest release and the 3rd level "dropdown" menus in mobile navigation and side-header navigation. If your websites does not use 3rd level dropdown menus these updates are probably not important for you. We also use the opportunity to get our Drupal 8 products up to date with Drupal 8.5 and we made sure everything is tested to work with the recent highly critical security updates.Drupal 8 RC3
Fixing an issue with Font Awesome 5 Pro icons and some other minor issues, our RC3 release is ready to quickly transition into a stable release. We're now focused on updating our product pages, documentation, and other sooperthemes.com infrastructure to make sure downloading, using, and updating our Drupal 8 projects will be a smooth experience. We expect to be ready for the official Drupal 8 launch of all our products in about 2 weeks, but this release candidate is a perfectly fine starting point if you're already looking to start a Drupal 8 project with Glazed Theme, Glazed Builder, or our SooperThemes Portfolio module.Glazed 7.x-2.6.9 and Glazed Builder 7.x-1.1.8
We release patch updates for Drupal 7 Glazed Theme and Glazed Builder, making minor improvements to both products and of course we've done extensive testing to make sure everything works after the recent Drupal core security updates that touched some very "core" parts of Drupal. See the Glazed CHANGELOG and Glazed Builder CHANGELOG for an overview of changes. No changes related to the security update were made.SooperThemes Updates Coming Soon
The Drupal 8 stable release has been a long time coming, and now the product is ready. We're just holding off the official launch until our website and documentation are also brought up to date to support Drupal 8. If you're interested in our progress just keep an eye on the website. Sooperthemes.com will be undergoing changes in both content and design. For a sneak preview check out our "work in progress" Glazed Builder product page, which now features tons more information than before. You'll also find that I'm experimenting with a video format that I'd like to use for both documentation and marketing communications.
When we are finally completely stable with all our Drupal 8 products we will develop new product features and Glazed Theme demo designs. All product updates will be available to both Drupal 7 and 8 product versions. The specifics of development we'll be focussing on will be determined in the near future by asking you guys what you want and need.Open Source Contributions Scheduled After Stable Drupal 8 Release
I regret that while working so hard on our Drupal 8 product updates for premium products, our open source projects have been neglected. This was an inevitable result of our Drupal 8 work overrunning budget and timelines by huge margins. I'm looking forward to start investing again in the free version of Glazed Theme we host on drupal.org, and of course publish a stable Drupal 8 version of the free theme and Glazed CMS distribution on drupal.org. We'll make sure Drupal 8 gets the free theme it deserves, with more flexibility and customizability than any other free Drupal theme.
With a significant new milestone and some great improvements to WordPress as a platform, this month has been an important one for the project. Read on to find out more about what happened during the month of March.WordPress Now Powers 30% of the Internet
Over the last 15 years, the popularity and usage of WordPress has been steadily growing. That growth hit a significant milestone this month when W3Techs reported that WordPress now powers over 30% of sites on the web.
The percentage is determined based on W3Techs’ review of the top 10 million sites on the web, and it’s a strong indicator of the popularity and flexibility of WordPress as a platform.
If you would like to have hand in helping to grow WordPress even further, you can get involved today.WordPress Jargon Glossary Goes Live
The WordPress Marketing Team has been hard at work lately putting together a comprehensive glossary of WordPress jargon to help newcomers to the project become more easily acquainted with things.
The glossary is available here along with a downloadable PDF to make it simpler to reference offline.
Publishing this resource is part of an overall effort to make WordPress more easily accessible for people who are not so familiar with the project. If you would like to assist the Marketing Team with this, you can follow the team blog and join the #marketing channel in the Making WordPress Slack group.Focusing on Privacy in WordPress
Online privacy has been in the news this month for all the wrong reasons. It has reinforced the commitment of the GDPR Compliance Team to continue working on enhancements to WordPress core that allow site owners to improve privacy standards.
The team's work, and the wider privacy project, spans four areas: Adding tools which will allow site administrators to collect the information they need about their sites, examining the plugin guidelines with privacy in mind, enhancing privacy standards in WordPress core, and creating documentation focused on best practices in online privacy.
To get involved with the project, you can view the roadmap, follow the updates, submit patches, and join the #gdpr-compliance channel in the Making WordPress Slack group. Office hours are 15:00 UTC on Wednesdays.Further Reading:
- The WordPress Foundation has published their annual report for 2017 showing just how much the community has grown over the last year.
- The dates for WordCamp US have been announced — this flagship WordCamp event will be held on 7-9 December this year in Nashville, Tennessee.
- WordPress 4.9.5 is due for release on April 3 — find out more here.
- Version 2.5 of Gutenberg, the new editor for WordPress core, was released this month with a host of great improvements.
- WordSesh, a virtual WordPress conference, is returning in July this year.
If you have a story we should consider including in the next “Month in WordPress” post, please submit it here.
If you are getting ready to attend your first DrupalCon, here are a few ideas to help you prepare for an intense week of open source software community from @horncologne. Watch the interview video for more tips and inspiration from my Drupal friends.